Microsoft shouldn’t be testing a repair for a longstanding recognized situation that’s breaking SSH connections on some Home windows 11 22H2 and 23H2 methods.
On Tuesday, Microsoft began rolling Home windows 11 Construct 26100.3321 (KB5052093) Insiders within the Launch Preview Channel on Home windows 11 24H2 (Construct 26100) with a repair for this bug.
When it first acknowledged the difficulty in November, the corporate defined it impacts a “restricted quantity” of gadgets operating Home windows 11 enterprise, IOT, and schooling editions. Nevertheless, Redmond can also be investigating whether or not client clients utilizing Home windows 11 Dwelling or Professional editions are affected.
“Following the set up of the October 2024 safety replace, some clients report that the OpenSSH (Open Safe Shell) service fails to begin, stopping SSH connections,” the corporate mentioned in help paperwork issued for October’s Patch Tuesday KB5044285 cumulative and KB5044380 preview updates.
“The service fails with no detailed logging, and guide intervention is required to run the sshd.exe course of.”
Till a repair is usually accessible, Redmond says affected customers can briefly repair these SSH connection points by updating entry management listing (ACL) permissions on affected directories utilizing the next steps:
-
Open PowerShell as an Administrator.
-
Replace the permissions for the “C:ProgramDatassh and C:ProgramDatasshlogs” folder (and repeat these steps for “C:ProgramDatasshlogs”) to permit full management for SYSTEM and the Directors group whereas permitting learn entry for Authenticated Customers. If wanted, you may limit learn entry to particular customers or teams by modifying the permissions string.
-
Use the next Powershell script to replace the permissions:
$directoryPath = "C:ProgramDatassh" $acl = Get-Acl -Path $directoryPath $sddlString = "O:BAD:PAI(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;AU)" $securityDescriptor = New-Object System.Safety.AccessControl.RawSecurityDescriptor $sddlString $acl.SetSecurityDescriptorSddlForm($securityDescriptor.GetSddlForm("All")) Set-Acl -Path $directoryPath -AclObject $acl -
Repeat the above steps for C:ProgramDatasshlogs.
Over the past week, Microsoft additionally began rolling out a BIOS replace supplied by ASUS that resolves blue display of demise (BSOD) points acknowledged in October, and it fastened a recognized situation inflicting “boot machine inaccessible” errors on some Home windows Server 2025 methods utilizing iSCSI.
In associated information, the OpenSSH mission has launched safety updates for 2 vulnerabilities: a man-in-the-middle (MitM) flaw (CVE-2025-26465) and a denial-of-service bug (CVE-2025-26466).
The previous was launched greater than ten years in the past, and it is impacting OpenSSH purchasers when the ‘VerifyHostKeyDNS’ choice is enabled. Profitable exploitation permits attackers to hijack SSH classes to steal credentials, inject instructions, and exfiltrate knowledge.