#1
[Image: Windows-11-headpic.webp]

Microsoft has confirmed that last month's Windows security updates are breaking SSH connections on some Windows 11 22H2 and 23H2 systems.

This newly acknowledged issue affects enterprise, IOT, and education customers, but the company says that only a "limited number" of devices are impacted.

Microsoft is also investigating whether consumer customers using Windows 11 Home or Pro editions are affected.

"Following the installation of the October 2024 security update, some customers report that the OpenSSH (Open Secure Shell) service fails to start, preventing SSH connections," the company explained in updated support documents for October's Patch Tuesday KB5044285 cumulative and KB5044380 preview updates.

"The service fails with no detailed logging, and manual intervention is required to run the sshd.exe process."

Until a fix is available, Redmond says affected customers can still temporarily fix these SSH connection issues by updating access control list (ACL) permissions on affected directories using the following steps:

Open PowerShell as an Administrator.

Update the permissions for the "C:\ProgramData\ssh and C:\ProgramData\ssh\logs" folder (and repeat these steps for "C:\ProgramData\ssh\logs") to allow full control for SYSTEM and the Administrators group while allowing read access for Authenticated Users. If needed, you can restrict read access to specific users or groups by modifying the permissions string.

Use the following Powershell script to update the permissions:

$directoryPath = "C:\ProgramData\ssh" $acl = Get-Acl -Path $directoryPath $sddlString = "O:BAD:PAI(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;AU)" $securityDescriptor = New-Object System.Security.AccessControl.RawSecurityDescriptor $sddlString $acl.SetSecurityDescriptorSddlForm($securityDescriptor.GetSddlForm("All")) Set-Acl -Path $directoryPath -AclObject $acl
Microsoft is actively looking for a fix that will roll out via an upcoming Windows update, with further details regarding this known issue to be provided when a resolution is available.

On Friday, Redmond also revealed that the October Patch Tuesday updates had resolved fingerprint sensor freeze issues after affected Windows 11 24H2 devices were locked.

A safeguard hold blocking Windows 11 24H2 upgrades on impacted systems was also removed after the fingerprint issues were resolved. The update should be offered over the next 48 hours, but a device restart should help speed things up.

Last month, Microsoft fixed a known issue in the September preview cumulative update preventing some apps from starting on Windows 10 22H2 systems when launched from non-admin accounts.

It also addressed another one causing Windows servers to disrupt Remote Desktop connections in enterprise networks after installing the July security updates.