Microsoft posts fix for Poodle patch KB 3023607 that clobbers AnyConnect VPN

Cisco says Microsoft will release an honest-to-goodness patch on March 10 to roll out the fix automatically

repair man
Credit: DeviantArt

As part of the February Black Tuesday crop last week, Microsoft released a patch, KB 3023607, that was designed to kill SSL 3.0 and thus eliminate the threat of Poodle man-in-the-middle attacks. Almost immediately, howls of pain hit the Internet as customers discovered that installing the patch would keep Cisco's popular AnyConnect VPN from working on Windows 8.1 and Server 2012 R2 PCs.

Starting an AnyConnect VPN session after installing the patch resulted in the error "Failed to Initialize connection subsystem."

Cisco has been working with Microsoft to narrow down the source of the problem. Microsoft released a Fixit on Monday, which you can see at the bottom of the newly updated KB 3023607 article.

Cisco's support forum post goes on to say:

Once the fixit is installed, Cisco recommends you reboot (or log off/log on) your PC as you need to fully restart the AnyConnect service (not just the user interface), and not all users will have access to do so.

Microsoft is planning to release a Windows Update patch on 03/10/15 for this issue. Microsoft's dates are subject to change.

I'm at a loss to explain why yesterday's other fix, KB 2956149 (which replaces KB 2920732) warranted a new patch that was pushed out the automatic update chute as quickly as possible, while this one will linger until next month.

To comment on this article and other InfoWorld content, visit InfoWorld's LinkedIn page, Facebook page and Twitter stream.
From CIO: 8 Free Online Courses to Grow Your Tech Skills
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.