The Windows 8.1 Update, which was Redmond’s big patch for Windows 8.1 has been suspended for some enterprise users after the company discovered that patched systems are can’t receive future updates from Windows Server Update Services (WSUS) servers. The patch updates the user interface for desktop and mouse users, but it apparently had a problem playing nice with corporate networks.

The problem occurs when clients connect to WSUS with HTTPS enabled, but without TLS 1.2. Windows 8.1 machines with the KB 2919355 update installed will no longer be able to receive future updates from those servers. Microsoft said the problem is for WSUS 3.0 Service Pack 2, also known as WSUS 3.2, when run on Windows Server 2003, 2003 R2, 2008, and 2008 R2; this version does not have HTTPS or TLS 1.2 enabled by default, but HTTPS is part of the recommended configuration. WSUS 4 on Windows Server 2012 and 2012 R2 is also technically affected, but since Windows Server enables TLS 1.2 by default it is not a major problem.

Microsoft will have to come up with a fix soon as the Windows 8.1 Update is a mandatory security update that will be a prerequisite for all future security fixes for Windows 8.1. A work around is that if client machines have the update installed users, administrators should enabling TLS 1.2 on Windows Server 2008 R2, or disable HTTPS. 

Microsoft describes it primarily as an issue for WSUS 3.0 Service Pack 2, also known as WSUS 3.2, when run on Windows Server 2003, 2003 R2, 2008, and 2008 R2; this version does not have HTTPS or TLS 1.2 enabled by default, but HTTPS is part of the recommended configuration.

WSUS 4 on Windows Server 2012 and 2012 R2 is also technically affected, as the bug is client-side, but Windows Server enables TLS 1.2 by default, so issues are unlikely to arise in practice.