Microsoft has addressed a known issue that triggers SSL/TLS handshake failures on client and server platforms with the release of the KB5018496 preview cumulative update.
Caused by Windows security updates released during this month’s Patch Tuesday, on October 11th, the issue has now also been fixed on Windows 11 22H2 systems.
On impacted Windows 11 devices, users see SEC_E_ILLEGAL_MESSAGE errors in applications when connections to servers experience issues.
“We address an issue that might affect some types of Secure Sockets Layer (SSL) and Transport Layer Security (TLS) connections. These connections might have handshake failures,” Microsoft said.
“For developers, the affected connections are likely to receive one or more records followed by a partial record with a size of less than 5 bytes within a single input buffer.”
Since KB5018496 is an optional preview update, it doesn’t contain any security fixes and will not be installed automatically.
You can install it on your device by going into Settings > Windows Update, clicking ‘Check for Updates,’ and then selecting the optional preview to download and install.
Out-of-band updates for older Windows versions
Microsoft has also released out-of-band standalone packages and cumulative updates to address the issue on older Windows versions:
Windows 11, version 21H2: KB5020387
Windows Server 2022: KB5020436
Windows 10, version 20H2; Windows 10, version 21H1; Windows 10, version 22H1; Windows 10 Enterprise LTSC 2021: KB5020435
Windows 10 Enterprise LTSC 2019; Windows Server 2019: KB5020438
Windows 10 2016 LTSB; Windows Server 2016: KB5020439
Windows 10 2015 LTSB; KB5020440
These updates can’t be installed via Windows Update, Windows Update for Business, or Windows Server Update Services (WSUS).
To install them, you must download them from the Microsoft Update Catalog and import them into WSUS and Microsoft Endpoint Configuration Manager.
You can find the complete list of fixes and improvements included with the KB5018496 preview update in this support bulletin.