Microsoft has suspended downloads of the Windows 8.1 Update for certain businesses users after a bug was uncovered that could have posed security issues.

Microsoft noted in a blog post that it had discovered that users installing the Windows 8.1 Update from certain versions of its Windows Server Update Services (WSUS) would then not in future scan for any future software updates.

This would mean that any future security updates would not automatically be applied, potentially leaving users at risk.

Specifically, the incident affects WSUS version 3.2 on Windows Server 2003 (Service Pack 2 (SP2) and Release 2 (R2 for SP2) and Windows Server 2008 (SP2 and R2 SP1) when HTTPS and SSL were enabled but Transport Layer Security (TLS) 1.2 was not turned on.

WSUS is used by enterprise IT departments to locally manage deployment of updates and security fixes to systems on their network, rather than having each endpoint download updates directly from Microsoft.

In light of this Microsoft programme manager Ben Herila wrote in a blog post that while the firm is working on a fix, it has halted downloads for now.

“Microsoft plans to issue an update as soon as possible that will correct the issue and restore the proper behavior for Windows 8.1 Update KB 2919355 scanning against all supported WSUS configurations,” he wrote.

“Until that time, we are temporarily suspending the distribution of the Windows 8.1 Update KB 2919355 to WSUS servers.”

He noted that firms can still access the Update from the Windows Update Catalog or MSDN, but he cautioned against doing this until the release is issued.

V3.co.uk