Fix against remote code execution leading to unresponsive services.
Microsoft is warning its users that there is a problem with its Secure Channel (SChannel) update, following its release during last week’s Patch Tuesday.
The fix was designed to protect users against a remote execution flaw on the communications encryption protocol, but is causing some users to suffer a fatal transport security layer (TLS) error, according to the software vendor.
"We are aware of an issue in certain configurations in which TLS 1.2 is enabled by default, and TLS negotiations may fail," Microsoft said.
"When this problem occurs, TLS 1.2 connections are dropped, processes hang (stop responding), or services become intermittently unresponsive."
The company did not remove the patch from public release, or advise users to avoid installing the update, but did suggest a workaround involving the deletion of registry ciphers.
It had previously said there were no known exploits in the wild and that the bug would be difficult to exploit, even though it affects all Windows servers and clients.
The flaw has even been compared to Shellshock, a problem with the Bash command line common to Linux, Unix and Mac that allowed hackers to send servers certain packets in order to remotely execute code.
However Josh Feinblum, VP of information security at cybersecurity firm Rapid7, said: "We have seen this vulnerability being compared to Heartbleed and want to dispel some of the myths floating around.
"This vulnerability poses serious theoretical risk to organisations and should be patched as soon as possible, but it does not have the same release-time impact as many of the other recently highly-publicised vulnerabilities."