Microsoft has released a non-security out of band (OOB) update to address an issue triggering SSL/TLS handshake failures on client and server platforms.

On affected devices, users will see SEC_E_ILLEGAL_MESSAGE errors in apps when connections to servers experience issues.

“We are addressing an issue that could affect certain types of Secure Sockets Layer (SSL) and Transport Layer Security (TLS) connections. These connections may have handshake failures,” Microsoft Explain.

“For developers, affected connections are likely to receive one or more records followed by a partial record less than 5 bytes in size in a single input buffer.”

The known issue resolved in today’s OOB updates affects multiple versions and editions of Windows, including:

• Client: Windows 11, version 22H2; Windows 11, version 21H2; Windows 10, version 21H2; Windows 10, version 21H1; Windows 10, version 20H2; Windows 10 Enterprise LTSC 2019; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise 2015 LTSB; Windows 8.1; Windows 7 SP1
• Server: Windows Server 2022; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1

Available through the Microsoft Update Catalog

Updates cannot be deployed through Windows Update, Windows Update for Business, or Windows Server Update Services (WSUS).

You can install them by downloading from the Microsoft Update catalog and manually import them into WSUS and Microsoft Endpoint Configuration Manager.

Microsoft has released both standalone packages and cumulative updates:

• Cumulative updates:
  • Windows 11, version 21H2: KB5020387
  • Windows Server 2022: KB5020436
  • Windows 10, version 20H2; Windows 10, version 21H1; Windows 10, version 22H1; Windows 10 Enterprise LTSC 2021: KB5020435
  • Windows 10 Enterprise LTSC 2019; Windows Server 2019: KB5020438
• Standalone updates:

The company is still working on a patch for Windows 10 2016 LTSB, Windows Server 2016, and Windows 10 2015 LTSB.

After deploying the update, the Cluster service might not start because a cluster network driver could not be found due to an update to the PnP class drivers used by the service.

Last month, Microsoft said that he accidentally listed the September Windows Preview Update in Windows Server Update Services (WSUS).

Redmond added that until the update is removed from WSUS, it could still cause security update installation issues in some managed environments.