I do hope you were playing an invigorating game of Raid Shadow Legends at the time.
Kethal@lemmy.world
on 01 May 2024 22:47
nextcollapse
My workplace requires VPN for Web sites that are authenticated, require 2FA and are encrypted. It’s infuriatingly stupid. I feel like someone higher up got sold a useless contract by a good VPN salesperson.
Badeendje@lemmy.world
on 01 May 2024 22:53
nextcollapse
Most likely all connections are run through the gateway of the company allowing them to apply security to all web traffic on their clients.
It might hinder you but there is plenty of method to this madness.
AlphaAutist@lemmy.world
on 01 May 2024 23:39
collapse
Ya that just sounds like good practice for internal services.
@Kethal@lemmy.world Maybe see if you can use a FIDO2 device like yubikey for 2fa
Yeah, maybe they should encrypt it a third time. You never know.
zaemz@lemmy.world
on 01 May 2024 22:52
nextcollapse
Yeah, you’re not wrong that the article kinda sets itself up for the “lookit our recommended VPNs” pitch.
There’s no way Microsoft would purposefully disable VPNs from working. I can guarantee that they require VPNs for thousands of roles in the company, let alone breaking it for government agencies that require VPNs, etc.
It is good to know that a specific update can break something ahead of time, though. Then at least you can avoid it.
Kiernian@lemmy.world
on 02 May 2024 00:00
collapse
There’s no way Microsoft would purposefully disable VPNs from working
No, but they’ve done it accidentally before.
One time a few years ago it broke all LT2P VPN’s unless you removed a specific KB########.
IIRC, six months later there was still no fix.
I think it’s been fixed now, though.
NGC2346@sh.itjust.works
on 02 May 2024 02:06
collapse
Its actually real news
MakePorkGreatAgain@lemmy.basedcount.com
on 01 May 2024 22:50
nextcollapse
thats going to be an issue - at my work roughly 60% of the userbase is connected via VPN at any given point - so, ~40,000 people or so
Qwaffle_waffle@sh.itjust.works
on 02 May 2024 02:58
collapse
That’s a paddlin.
BaroqueInMind@kbin.run
on 01 May 2024 23:14
nextcollapse
Looks like their policy to prefer cheap labor they hire from Asia rather than paying local U.S. developers a living wage is starting to bite them in the ass.
downpunxx@fedia.io
on 01 May 2024 23:47
nextcollapse
Has anyone here been running into this issue realtime since the update?
Melatonin@lemmy.dbzer0.com
on 01 May 2024 23:51
nextcollapse
Is it too late to turn off security updates and avoid this issue?
And this is exactly why I don’t do auto updates (and people around here berate me for it, saying my systems are unsafe).
Hell, Windows LTSC only gets updates twice a year (which is what I run).
InEnduringGrowStrong@sh.itjust.works
on 02 May 2024 12:06
collapse
LTSC is great.
Much less bloat and bs too.
just_another_person@lemmy.world
on 02 May 2024 00:19
nextcollapse
So skip Windows. Why does anyone need it anymore?
vodkasolution@feddit.it
on 02 May 2024 00:32
nextcollapse
Photoshop, Illustrator, After Effects :/
just_another_person@lemmy.world
on 02 May 2024 00:33
nextcollapse
All work via Wine. I use each of them. No issues.
rebelsimile@sh.itjust.works
on 02 May 2024 01:03
nextcollapse
Can Wine run 32bit Windows adobe software?
ArchAengelus@lemmy.dbzer0.com
on 02 May 2024 01:17
nextcollapse
I haven’t tested those myself, but wine has excellent 32 bit compatibility in general. If it’s on the list at wine hq, then it probably works
just_another_person@lemmy.world
on 02 May 2024 01:21
collapse
Yes, if you’re on 32-bit hardware. It’s unlikely you are. Backwards compatible binary execution should be fine.
rebelsimile@sh.itjust.works
on 02 May 2024 01:41
collapse
I have a 32 bit machine that is still in service for this task and some others, but I’d rather run it on a modern machine (m1 mac)
just_another_person@lemmy.world
on 02 May 2024 02:08
collapse
Have fun with that.
lurch@sh.itjust.works
on 02 May 2024 01:17
nextcollapse
The problem is bureaucratic: Using them with Wine is not the manufacturers intent, so it may break for a while and theres nothing the manufacturer will do to fix it. The companies of the users often don’t dare rely on this. It’s also why some companies require to use redhat or ubuntu for a distro, because they don’t dare running anything without a support contract. They think that way there’s someone external to blame, call for help or sue, if things break. I’m not a fan of this, but encountered it a few times on different jobs. At my current job one of our clients has this with redhat and tbh they actually had to call redhat support twice this year, because their server got messed up during upgrades.
vodkasolution@feddit.it
on 02 May 2024 02:56
collapse
Big files? No issues? They have problems on Win, I can’t imagine on Wine (that I find fine for almost everything else)
desmosthenes@lemmy.world
on 02 May 2024 01:22
collapse
Games. I have a Steam Deck so yea I get that Proton works really well now but it’s still not perfect. And also I write software for customers that use Windows so ¯\(ツ)/¯
just_another_person@lemmy.world
on 02 May 2024 01:24
collapse
Games aren’t an issue. If you are still in a world where your local machine is a dev environment, that’s a different story. Sorry.
Coreidan@lemmy.world
on 02 May 2024 04:03
collapse
Yes games very much are an issue. You are naive and ignorant if you think Linux can play every single game without hang ups.
For example if you play iRacing you don’t have much of a choice but to be on windows.
You people telling others to get on Linux are tone deaf as fuck.
Coreidan@lemmy.world
on 02 May 2024 03:59
collapse
Why? The entire business world uses and needs VPNs. This accomplishes nothing for MS. There will be a PR shit storm in MS from every direction if they don’t fix it.
I’d agree if this only affected normal people but it also affects every corporation that does business with MS.
sgibson5150@slrpnk.net
on 02 May 2024 00:57
nextcollapse
jet@hackertalks.com
on 02 May 2024 01:07
nextcollapse
Bold statement - how is wire guard not a VPN?
Dran_Arcana@lemmy.world
on 02 May 2024 02:46
collapse
Yeah I’m really curious what his take is going to be on this one lol. Technically it doesn’t have a layer-2 capable bridge mode like other VPN solutions like openvpn, but that’s about all I can think of. It’s still objectively a virtual network, made private by a keypair exchange.
Probably just blindly paroting something someone told him. Awkward way to learn that one lmao.
sgibson5150@slrpnk.net
on 02 May 2024 01:23
collapse
Mmm what?
WireGuard® is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache. It intends…
cy_narrator@discuss.tchncs.de
on 02 May 2024 01:05
nextcollapse
It may be unintentional bug. People in the enterprise world need VPN for corporate purposes, they will fix it dont worry
tsonfeir@lemm.ee
on 02 May 2024 01:11
nextcollapse
Obligatory Linux plug.
mindlight@lemm.ee
on 02 May 2024 01:31
nextcollapse
PCWorld:
Microsoft’s latest Windows update breaks VPNs, and there’s no fix
What Microsoft actually said:
Windows devices might face VPN connection failures after installing the April 2024 security update, or KB5036893.
We are working on a resolution and will provide an update in an upcoming release
I’m so fed up with everyone trying to make a quick buck on our constant struggle to stay safe.
nublug@lemmy.blahaj.zone
on 02 May 2024 03:01
nextcollapse
The reality is that it broke "something* in certain lpt2/ipsec connections using certain authentication protocols, although they haven’t yet specified which particular connection technologies are affected.
However this does not mean that a blanket affect of ALL VPN connection not working is an issue.
So far we are unaffected on clients using ipsec and PAP protocol authentication, nor connections using Anyconnect (aka Cisco Secure Connect).
I have also not seen any affect on private VPN clients such as PIA or Nord on machines that have this update.
I suspect what broke was clients using MSChap, Microsoft’s own protocol for authentication for VPN clients.
Source: an admin with 200+ client machines with VPN connections that are not impacted after installing this update.
Holzkohlen@feddit.de
on 02 May 2024 20:48
collapse
You are gonna test the software for a multi-billion dollar cooperation and you are gonna like it!
threaded - newest
I dunno man. I’m convinced that pretty much any mention of VPN these days is just an ad for vpns. That’s with this article looks like.
And now a word from our sponsor, Nor-
Skip 10 seconds. Skip 10 seconds. Skip 10 seconds.
Give up and install SponsorBlock.
all ad copy is an ad for sponsor block
But it’s NordVPN.com/BigMoney. The ad is the best part of the video.
Bounced on my boy’s Raycons to this for hours
I do hope you were playing an invigorating game of Raid Shadow Legends at the time.
My workplace requires VPN for Web sites that are authenticated, require 2FA and are encrypted. It’s infuriatingly stupid. I feel like someone higher up got sold a useless contract by a good VPN salesperson.
Most likely all connections are run through the gateway of the company allowing them to apply security to all web traffic on their clients.
It might hinder you but there is plenty of method to this madness.
Ya that just sounds like good practice for internal services.
@Kethal@lemmy.world Maybe see if you can use a FIDO2 device like yubikey for 2fa
I applaud your IT leadership/CIO for being willing to do this.
Most companies are far too passive and think “aIt won’t happen to us”.
I’ve seen companies scammed of $1mil in a single transaction because they sent credentials in email, to a scammer.
Had they used a credential management system this wouldn’t have happened.
Every layer of security helps.
Yeah, maybe they should encrypt it a third time. You never know.
Yeah, you’re not wrong that the article kinda sets itself up for the “lookit our recommended VPNs” pitch.
There’s no way Microsoft would purposefully disable VPNs from working. I can guarantee that they require VPNs for thousands of roles in the company, let alone breaking it for government agencies that require VPNs, etc.
It is good to know that a specific update can break something ahead of time, though. Then at least you can avoid it.
No, but they’ve done it accidentally before.
One time a few years ago it broke all LT2P VPN’s unless you removed a specific KB########.
IIRC, six months later there was still no fix.
I think it’s been fixed now, though.
Its actually real news
thats going to be an issue - at my work roughly 60% of the userbase is connected via VPN at any given point - so, ~40,000 people or so
That’s a paddlin.
Looks like their policy to prefer cheap labor they hire from Asia rather than paying local U.S. developers a living wage is starting to bite them in the ass.
Has anyone here been running into this issue realtime since the update?
Is it too late to turn off security updates and avoid this issue?
And this is exactly why I don’t do auto updates (and people around here berate me for it, saying my systems are unsafe).
Hell, Windows LTSC only gets updates twice a year (which is what I run).
LTSC is great.
Much less bloat and bs too.
So skip Windows. Why does anyone need it anymore?
Photoshop, Illustrator, After Effects :/
All work via Wine. I use each of them. No issues.
Can Wine run 32bit Windows adobe software?
I haven’t tested those myself, but wine has excellent 32 bit compatibility in general. If it’s on the list at wine hq, then it probably works
Yes, if you’re on 32-bit hardware. It’s unlikely you are. Backwards compatible binary execution should be fine.
I have a 32 bit machine that is still in service for this task and some others, but I’d rather run it on a modern machine (m1 mac)
Have fun with that.
The problem is bureaucratic: Using them with Wine is not the manufacturers intent, so it may break for a while and theres nothing the manufacturer will do to fix it. The companies of the users often don’t dare rely on this. It’s also why some companies require to use redhat or ubuntu for a distro, because they don’t dare running anything without a support contract. They think that way there’s someone external to blame, call for help or sue, if things break. I’m not a fan of this, but encountered it a few times on different jobs. At my current job one of our clients has this with redhat and tbh they actually had to call redhat support twice this year, because their server got messed up during upgrades.
Big files? No issues? They have problems on Win, I can’t imagine on Wine (that I find fine for almost everything else)
works on osx too
Games. I have a Steam Deck so yea I get that Proton works really well now but it’s still not perfect. And also I write software for customers that use Windows so ¯\(ツ)/¯
Games aren’t an issue. If you are still in a world where your local machine is a dev environment, that’s a different story. Sorry.
Yes games very much are an issue. You are naive and ignorant if you think Linux can play every single game without hang ups.
For example if you play iRacing you don’t have much of a choice but to be on windows.
You people telling others to get on Linux are tone deaf as fuck.
I agree. While I still think Linux is superior overall, software compatibility is mostly about the market share, so Windows is the best for gamers.
.
Why? The entire business world uses and needs VPNs. This accomplishes nothing for MS. There will be a PR shit storm in MS from every direction if they don’t fix it.
I’d agree if this only affected normal people but it also affects every corporation that does business with MS.
Doesn’t seem to have impacted Wireguard.
.
Bold statement - how is wire guard not a VPN?
Yeah I’m really curious what his take is going to be on this one lol. Technically it doesn’t have a layer-2 capable bridge mode like other VPN solutions like openvpn, but that’s about all I can think of. It’s still objectively a virtual network, made private by a keypair exchange.
Probably just blindly paroting something someone told him. Awkward way to learn that one lmao.
Mmm what?
WireGuard® is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache. It intends…
It may be unintentional bug. People in the enterprise world need VPN for corporate purposes, they will fix it dont worry
Obligatory Linux plug.
PCWorld:
Microsoft’s latest Windows update breaks VPNs, and there’s no fix
What Microsoft actually said:
Windows devices might face VPN connection failures after installing the April 2024 security update, or KB5036893. We are working on a resolution and will provide an update in an upcoming release
I’m so fed up with everyone trying to make a quick buck on our constant struggle to stay safe.
absolutely bonkers take
The reality is that it broke "something* in certain lpt2/ipsec connections using certain authentication protocols, although they haven’t yet specified which particular connection technologies are affected.
However this does not mean that a blanket affect of ALL VPN connection not working is an issue.
So far we are unaffected on clients using ipsec and PAP protocol authentication, nor connections using Anyconnect (aka Cisco Secure Connect).
I have also not seen any affect on private VPN clients such as PIA or Nord on machines that have this update.
I suspect what broke was clients using MSChap, Microsoft’s own protocol for authentication for VPN clients.
Source: an admin with 200+ client machines with VPN connections that are not impacted after installing this update.
You are gonna test the software for a multi-billion dollar cooperation and you are gonna like it!