In its release note, Microsoft points out that the update is for Windows 10 versions 20H2, 21H1, 21H2, 22H1, and 22H2. The company offers the following explanation to detail the fix: “We address an issue that might affect some types of Secure Sockets Layer (SSL) and Transport Layer Security (TLS) connections. These connections might have handshake failures. For developers, the affected connections are likely to receive one or more records followed by a partial record with a size of less than 5 bytes within a single input buffer. If the connection fails, your app will receive the error, “SEC_E_ILLEGAL_MESSAGE”.” An out-of-band patch is a relatively rare example of Microsoft sending out an update out of sequence. The company typically solves security bugs during its monthly Patch Tuesday rollouts or other in-sequence updates.
Known Issues
Alongside the KB502435 update fix, Microsoft is also warning of two known issues in the package: There are also two known issues with workarounds, they are as follows: Tip of the day: Windows Update downloads can often be frustrating because they are several gigabytes in size and can slow down your internet connection. That means your device may work with reduced performance while the update is downloading. In our guide, we show you how to limit bandwidth for Windows Update downloads, so they won’t bother you again. Note Devices that connect directly to Windows Update to receive updates are not affected. This includes devices using Windows Update for Business. Any device connecting to Windows Update should always receive the latest versions of the SSU and latest cumulative update (LCU) without any extra steps. If you have already encountered this issue by installing the OS using affected custom media, you can mitigate it by directly installing the new Microsoft Edge. If you need to broadly deploy the new Microsoft Edge for business, see Download and deploy Microsoft Edge for business. This issue is addressed using a Known Issue Rollback (KIR). This KIR will prevent the issue on Windows devices that have not installed KB5015878, but will have no effect on devices already affected by this known issue. Please note that it might take up to 24 hours for the KIR to propagate automatically to consumer devices and non-managed business devices. Restarting your Windows device might help the KIR apply to your device faster. For enterprise-managed devices that have installed an affected update and encountered this issue, you can address it by installing and configuring a special Group Policy. The special Group Policy can be found in Computer Configuration > Administrative Templates> . For information about deploying and configuring these special Group Policy, see How to use Group Policy to deploy a Known Issue Rollback. Group Policy downloads with Group Policy name:
Download for Windows 10, version 21H2, Windows 10, version 21H2, Windows 10, version 20H2 – KB5015878 220706_045043 Known Issue Rollback
Important You must install and configure the Group Policy for your version of Windows to resolve this issue.