Did a round of Microsoft Updates break Remote Desktop for you? It did for me… last patch Tuesday happened and suddenly I couldn’t remote into my work machine. RDP was down for the count and it took a while to discover why exactly this was happening.
When I first discovered I couldn’t use Remote Desktop to connect to a machine I did what anybody would do… remote into a different machine to determine if the issue was me or the other machine. I opened a connection to my local media server, which is also a Windows 7 machine, and everything worked as expected. After that I began looking into firewall rules, ports, Event Viewer logs and I couldn’t figure out what it was. It couldn’t have been the Windows Updates because both machines received the same updates and one worked and the other didn’t. Frustrated, I eventually rolled back all of the updates and sure enough I was about to RDP into my machine again.
Of course we don’t want to remove ALL of the updates… only the one responsible so I allowed Windows Update to apply the patches again. Once again, Remote Desktop broke after the Windows Updates applied themselves. I then removed them one by one to determine which was the issue. Once I removed KB2667402 the ability to use Remote Desktop was again restored.
Remote Desktop breaks with KB2667402
KB2667402 is for Microsoft Security Bulletin MS12-020. This is a CRITICAL patch from Microsoft. The update resolves two privately reported vulnerabilities in the Remote Desktop Protocol. The more severe of these vulnerabilities could allow remote code execution if an attacker sends a sequence of specially crafted RDP packets to an affected system. By default, the Remote Desktop Protocol (RDP) is not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk. You can read more on the Microsoft Security Bulletin. To remove the patch go to Control PanelProgramsPrograms and Features. Then click on View Installed Updates and search for your Windows Updates. Rich-click and select remove and then attempt to remote into your machine… booya it works.
Remote Desktop – fixing it and maintaining a secure system
Great so we fixed it but we DO WANT critical updates applied to our system right? Of course… So this post on Microsoft’s site mentions removing registry keys. I tried it, rebooted, and still couldn’t get in. Another post states that there are two versions of this patch and for some reason our Windows Update is grabbing version 1. If it turned out that’s true then the solution is simple: Download KB2667402 installer and manually apply it. Once download you should have a file named Windows6.1-KB2667402-v2-x64.msu which contains the Stand Alone installer for KB2667402, the patch for Remote Desktop. Double click that file and let it do it’s thing.
Guess what though… neither of those fix it for me either. So I’ve gone back in and removed it, reboot, and sure enough Remote Desktop is back. For now I’m blocking the patch. This SUCKS but since I block RDP traffic at my firewall and this is only available on my personal network it shouldn’t be that big a deal. If anyone finds a better solution please post in the comments.
Microsoft Registry Fix
User Tej Shah shared a technet forum entry that shows a registry workaround. The particular machine I had an issue with was rebuilt and it didn’t come back the second time around but if the above doesn’t cut the muster for you give it a shot!