On October 22, 2024, Microsoft released the latest non-security update for Windows 11 version 23H2 under KB5044380, also known as builds 22621.4391 and 22631.4391. The update introduced several useful improvements and changes, including battery drain fixes, Copilot key remapping, new settings for notifications, and more. Unfortunately, the update also wrecks some things.
Microsoft has updated the official KB5044380 article and acknowledged that the update is breaking OpenSSH (Open Secure Shell), preventing SSH connections:
Following the installation of the October 2024 security update, some customers report that the OpenSSH (Open Secure Shell) service fails to start, preventing SSH connections. The service fails with no detailed logging, and manual intervention is required to run the sshd.exe process.
According to Microsoft, the bug affects all users with KB5044380, including enterprise, IoT, education, and home customers. However, Microsoft also added that the number of impacted devices is "limited."
Another good thing is that there is a workaround, which you can apply to temporarily resolve the problem. The company says that updating permissions on the affected directories should fix the problem. You can do so by executing the following command in elevated PowerShell:
$directoryPath = "C:\ProgramData\ssh" $acl = Get-Acl -Path $directoryPath $sddlString = "O:BAD:PAI(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;AU)" $securityDescriptor = New-Object System.Security.AccessControl.RawSecurityDescriptor $sddlString $acl.SetSecurityDescriptorSddlForm($securityDescriptor.GetSddlForm("All")) Set-Acl -Path $directoryPath -AclObject $acl
Microsoft also recommends doing the same for C:\ProgramData\ssh\logs.
As of right now, Microsoft is investigating the issue, and a resolution will be available in a future Windows Update.
Although the bug does not affect Windows 11 version 24H2, it has its own share of problems with the latest non-security update. Microsoft recently confirmed that Task Manager in KB5044384 is not displaying the correct number of running applications and processes. Microsoft also paused the rollout of the new controller keyboard due to unknown issues and bugs (it is now available in Canary builds).
4 Comments - Add comment