The vulnerability does not appear to affect all VPN gadgets and appears to primarily affect users who join using the built-in Windows VPN client. The flaw affects Ubiquiti Site-to-Site VPN connections for customers using the Windows VPN client, according to a security researcher identified as Ronny on Twitter.

The flaw also disrupts connections to SonicWall, Cisco Meraki, and WatchGuard Firewalls, according to several Windows administrators on Reddit, with the latter’s client also being impacted. Since so many people continue to work remotely, administrators have been obliged to uninstall the KB5009566 and KB5009543 upgrades, which correct L2TP VPN connections promptly after a restart.

The following commands from an Elevated Command Prompt can be used to delete the KB5009566 and KB5009543 updates from Windows.

Windows 10: wusa /uninstall /kb:5009543
Windows 11: wusa /uninstall /kb:5009566

Because Microsoft combines all security updates into a singular Windows cumulative update, uninstalling it will also uninstall all remedies for vulnerabilities corrected during the January Patch Tuesday. As a result, Windows administrators must weigh the risks of unpatched vulnerabilities against the inconvenience of being unable to access VPN connections.

The main reason for the flaw is unknown, but Microsoft’s January Patch Tuesday patched a number of vulnerabilities in the Windows Internet Key Exchange (IKE) protocol (CVE-2022–21843, CVE-2022–21890, CVE-2022–21883, CVE-2022–21889, CVE-2022–21848, and CVE-2022–21849) and the Windows Remote Access Connection Manager (CVE-2022–21914 and CVE-2022–21885) that could be causing the issues.

At this moment, there is no known solution or alternative for the L2TP VPN connection challenges.