alert banner

ISSUE 19.26.1 • 2022-06-28

MS-DEFCON 3: Should we patch?


By Susan Bradley

I have good news and bad news.

Some of you will install the June updates and see absolutely no issues whatsoever. Others have tried to install the June updates and experienced side effects. Microsoft has acknowledged some, but not all, of the issues. This makes it a hard month. I don’t like to let people get to the end of the month and not install updates, but at the same time there are some bugs that are deeply impactful to both consumers and businesses.

Based upon my recommendations below, I am lowering the MS-DEFCON level to 3. I commonly set the level to 4 after giving the month’s updates a chance to settle, but this time greater caution is warranted.

Consumer and home users

If you use your computer as a hotspot for other devices, the June updates will cause you to lose Internet access on the host computer if you have Internet Connection Sharing enabled. Microsoft has acknowledged the issue and it appears the fix in is preview releases. This problem is widespread. It affects Windows 11 21H2; Windows 10 versions 21H2, 21H1, and 20H2; Windows 10 Enterprise LTSC versions 2019 and 2016; Windows 10 Enterprise 2015 LTSB; Windows 8.1; Windows 7 SP1; Windows Server 2022; and and Windows Server versions 20H2, 2019, 2016, 2012 R2, 2012, 2008 R2 SP1, and 2008 SP2. To restore Internet access on the host device, Microsoft recommends disabling the Wi-Fi hotspot feature.

Microsoft appears to have included the fix in the preview release to Windows 11 KB5014668, which means it will be rolled up in next month’s updates. Windows 10 1809 received a preview release of KB5014669, so I expect Windows 10 21H2 and 21H1 to be receiving fixes next month as well.

For those still running Windows 7 with Trend Micro antivirus, be aware that Trend Micro has deployed a fix to remedy an issue causing systems to reboot. It notes: “At approximately midnight (GMT +8) on June 22, 2022, Behavior Monitoring Configuration Pattern version 1.238.00 was uploaded to ActiveUpdate, which resolves the issue.”

Business users

We are still tracking an issue that Microsoft has not acknowledged, whereby the Routing and Remote Access Service (RRAS) appears to be impacted by the June updates. After the June updates, some firms have reported that, if they are using RRAS and VPN connectivity, clients can no longer connect. One workaround is to temporarily disable the Network Address Translation (NAT) feature on RRAS servers to fix this problem until a proper update is released.

Microsoft fixed this (KB5014665) in the preview release for Windows Server 2022. It notes: “Addresses a known issue that prevents Windows servers that use the Routing and Remote Access Service (RRAS) from correctly directing internet traffic. Devices that connect to the server might not connect to the internet, and servers might lose connection to the internet after a client device connects to them.”

This fix will be included in the July updates.

In yesterday’s newsletter (Dealing with DCOM, 2022-06-27), I discussed the hardening of DCOM, part of the June patches. If you are experiencing problems with Windows Management Instrumentation (WMI), you may need to disable the hardening via registry keys. You’ll then need to carefully evaluate your situation because Microsoft has made clear that, in less than a year (March 2023), disabling the DCOM hardening will no longer be an option.

To disable the hardening, configure this registry entry:

  • Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat
  • Value Name: “RequireIntegrityActivationAuthenticationLevel”
  • Type: dword
  • Value Data: 0x00000000 (means disabled)

Important: I do not recommend uninstalling the updates to deal with this problem. Use the registry keys. Hopefully the effects of DCOM hardening will ease before next March.



Talk Bubbles Join the conversation! Your questions, comments, and feedback
about this topic are always welcome in our forums!

Susan Bradley is the publisher of the AskWoody newsletters.

The AskWoody Newsletters are published by AskWoody Tech LLC, Fresno, CA USA.

Your subscription:

Microsoft and Windows are registered trademarks of Microsoft Corporation. AskWoody,, Windows Secrets Newsletter,, WinFind, Windows Gizmos, Security Baseline, Perimeter Scan, Wacky Web Week, the Windows Secrets Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of AskWoody Tech LLC. All other marks are the trademarks or service marks of their respective owners.

Copyright ©2022 AskWoody Tech LLC. All rights reserved.