Windows 8.1 Update 1 enterprise rollouts slowed due to security bug

Enterprise rollouts of Windows 8.1 updates through the Windows Server Update Service is hitting a bit of a roadbump. Apparently servers running SSL but without Travel Layer Security 1.2 enabled won’t be able to push out the update, and Microsoft is pausing the distribution of the update until this is fixed. This doesn’t stop you from updating if you haven’t already, since you can pick it up from the Windows Update Catalog, but Microsoft still suggests you wait until a fix is in place.

From a recently-published knowledge base article:

”Microsoft plans to issue an update as soon as possible that will correct the issue and restore the proper behavior for Windows 8.1 Update KB 2919355 scanning against all supported WSUS configurations. Until that time, we are temporarily suspending the distribution of the Windows 8.1 Update KB 2919355 to WSUS servers.”

Enterprise administrators controlling their own update servers simply need to enable TLS 1.2 to get rolling again. Has anyone hit this issue in their workplace?

Source: Microsoft


Reader comments

Windows 8.1 Update 1 enterprise rollouts slowed due to security bug


Hmm, does anyone even have Win 8 at their work place? As far as I know it doesn't play nice with 3rd party security.

I have. And forget about 8.1 update 1. Mine is still locked ad 8 due to untested behaviors of our development environment on 8.1. What a bummer :(

Mine as well. Our company hasn't tested W8.1, so I am still stuck on W8 for now. Thankfully, my Surface and Desktop at home are on W8.1 update 1 now. I still have a W7 Pro laptop, that I have for any instances where W8 would fail me, which it hasn't since W8.1

I have been using Windows 8 since October. I updated it to Window 8.1 in January, and was updated to 8.1 Update 1 yesterday.

I'm also in a VERY secure and security conscious environment where we have to use message classifcation and encryption on 90% of our documents and emails. No problems with 8 at this point. It's great to have 8.1 across all of my devices - I even have my domain account linked to my standard Microsoft account so that I can access some of my SkyOneDrive files between my home and work computers.

We have a few win8/8.1 nodes at my establishment. Works fine with our Kaspersky av solution. The only issue i have atm with update 1 is that the new start menu isn't present on the one unit i have upgraded. Anyone else got this?

I use Win8 on my work machine connected to SBS 2011 and have no problems at all. The new Start menu they showed at Build was a tease of what is coming in a future update.

Many of the places that call on me to consult use xp!!!! Love the uk finance sector lol!!!!!

Well good that MS is addressing security concerns fast - other companies could learn something from that ;)

We are testing W8.1 here. I work in an IT Department at a college and the biggest challenge that we have had is 8.1s need for User Account Control to be turned on to use Metro programs, access network drives and to open documents in certain locations from cloud storage and services like SharePoint.

At least in our case, I can confirm that 8.1 isn't playing nice with 3rd party security. We have had trouble with our startup scripts as far as user account control.

Even with all of that said, it may be on our end to just update our infrustracture, scripts and so forth to play nice with Windows 8.1.

I am downloading the 8.1 update for Enterprise right now for testing so I was surprised to see this article.

So far my favorite feature of the W8 family of software over W7 is that when you use dual monitors, you get two INDEPENDENT task bars and start buttons. It is like having two computers, it is so much more advanced than simply extending the display or mirroring. I can have two Desktops or a Desktop and Start Screen and work independently of each, just like if I had two computers with one monitor each.

Overall though, the upgrade to Windows 8.1 Enterprise has not been smooth concerning the things mentioned before. The expectation of upgrading and expecting everything to "just work" isn't there yet. We may have to manually map the network drives until the scripts are updated or until everything just magically play nice.

On a related note, Office 2013 is catching on like wild fire. We have been testing it since last summer and just opened it up to everyone about two weeks ago and it is a must have in our clients eyes. I am surprised as I figured it would be jarring as everything looks different, especially Outlook and if Windows 8 taught us anything, it is that people are resistant to change, for better or for worse.

On the home front, no problems with Windows 8.1 Update at all. Completely satisfied as I have been using it for about a month on my desktop and tablet.

Now, bring on WP 8.1 Preview!

My opinion only, if you are disabling UAC in an enterprise, you're asking for trouble. It is there for good reason. No properly designed software should require it to be disabled.

Lots of software require it to be disabled. We have numerous applications that don't play nice with UAC. Many of our older scripts will not work with UAC either. They all have to be updated which is something many enterprises can't accomplish in a reasonable timeframe.
We are still proceeding with Windows 8.1 rollouts and disabling UAC when needed.

Why not use GP for drive mappings instead of scripts? I have 8.1 on my work computer (the only one because I can basically do what I want) and it works fine, but we don't have lots of legacy stuff or weird scripts. Stuff gets done via SCCM and GP.

We did a gpupdate /force and the network drives still won't show. It honestly appears to be an issue with our Windows 7 based startup scripts that map the drives at this point and not a fault of Windows 8 and our network team is working on it. Besides the UAC issues and the scripts and network drives, all else has worked wonderfully in our limited testing.

The future is looking great for Windows 8. :)

I agree about the software and scripts. It simply comes down to assesing the software needs, UAC needs and updating scripts. Before working in IT, I used to wonder why businesses were so far behind with OS versions. It all makes sense now.


That's what I feel !! :'(
can't wait and I see even you are waiting impatiently..trying to pass time by commenting..and so am I. ;)

It's only an isolated case that causes the problem. The WSUS has to be 3.2, with SSL and not TLS. Anything else works fine.

All my WSUS are 2012R2 without SSL, so I went ahead with the updates and have no issues.

I always got my work and home PC installed with the new release of windows and did not found corporate application that did not play nice to it.

For the umpteenth billionth time, WPCentral talks about Microsoft consumer news. The three screens philosophy has brought that change to this website. Enjoy the occasional W8 and XBone news, the ecosystem is merging and we will only see more in the future.

Wow, and lets not forget this particular update is actually Required in order for Windows 8.1/ Server 2012 R2 systems to receive any future security or non security updates. So basically until this is fixed enterprise systems will go without critical security fixes. Someone dropped the ball

I had a problem installing this particular update on my laptop last night, it kept rolling it back and couldn't complete it. I hope it's related to the same issue.

IE11 is acting up real bad after the update. I am sadly using Firefox now. I will probably have to do a system restore until things get fixed. Does not up when I click o a link, even Bing.

I did a system restore. I turned off IE11 and turn it back again through the Turn off program feature and it still not working. Now, I am restoring to use Firefox and I am not very happy about it. I guess I will have to wait to see what happened or restore my last working enviornement.

I had 8.1 on my office laptop and updated to 8.1 update 1 via windows update by bypassing the Wsus server and downloading the update directly from Microsoft.

I successfully installed this update by clean-installing "Windows 8.1 with Update 1". The ISOs are now available.