[German]Microsoft has delivered several updates on October 2024 Patchday (update KB5044273 for Windows 10 22H2 for instance). The cumulative update also updates OpenSSH for Windows, which can lead to various problems. Users of Yubikey appear to be affected by this update, as has been reported.
Advertising
A reader report
Blog reader KAnaguma has reported in this comment that the cumulative update KB5044273 for Windows 10 updates the "OpenSSH_for_Windows_8.1p0" library to "OpenSSH_for_Windows_9.5p1" (is mentioned briefly in the post Microsoft Security Update Summary (October 8, 2024)).
Windows 10 Update KB5044273
Cumulative Update KB5044273 for Windows 10 Version 21H1 – 22H2 contains various security improvements for internal operating system functions, according to Microsoft (Microsoft Security Update Summary (October 8, 2024)). In the meantime, Microsoft has confirmed a problem (black screen displayed when logging on to Azure Virtual Desktop (AVD)). Microsoft claims to have fixed this bug with a Known Issue Rollback (KIR).
Updates fixes OpenSSH RCE vulnerability CVE-2024-43581
The above update KB5044273 and other Windows updates from October 8, 2024 close the Remote Code Execution vulnerability CVE-2024-43581 i in OpenSSH for Windows. This is rated with a CVSS 3.1 score of 7.1 (High). Rapid 7 lists the affected Windows updates (Windows 10/11, Windows Server 2019/2022) in this document.
To exploit the vulnerability, the attacker must drop a malicious file in a local folder and trick the user into performing a specific file management operation. The complexity of the attack is estimated to be high.
Problems with OpenSSH_for_Windows_9.5p1
The update of the OpenSSH_for_Windows_9.5p1 package seems to cause problems in various places.
Advertising
OpenSSH service no longer starts
On reddit.com, a user with the alias Big-Admin reports that the cumulative updates for Windows Server 2019 and Windows Server 2022 also contain a new OpenSSH to close CVE-2024-43581. As a result, their OpenSSH service was corrupted in the respective Windows versions and no longer starts.
Uninstalling this patch helps and is a working workaround. However, the user in question has found a second fix and writes that deleting the log files in the folder:
C:\PROGRAMDATA\SSH\
have solved the problem. The OpenSSH service starts again for him.
OpenSSH problems with PIV/PKCS11 certificate
Blog reader KAnaguma writes here that the installation of update KB5044273 causes the recognition of the PIV/PKCS11 certificate on a Yubikey used by the user for authentication to stop working. According to this bug report, the issue in OpenSSH_for_Windows_9.5p1 has been known at Yubikey since the beginning of July 2024.
The affected person states that authentication via Yubikey on the Windows Terminal and also with VSCode under Windows 10 and Windows 11 is no longer possible. The current solution is to uninstall the KB5044273 update – but this causes permanent problems.
Advertising
