Microsoft’s October Windows 11 update broke “localhost” functionality, causing applications that connect back to 127.0.0.1 over HTTP/2 to no longer work properly.
Localhost refers to the local computer or device you are currently using, which can be accessed through the special IP address 127.0.0.1.
Developers typically use localhost to test websites or debug applications, but it can also be used by applications that need to connect to a locally running service to perform some action or query.
After installing Windows 11 KB5066835 Patch Tuesday, and even September’s KB5065789 After the preview update, users are finding that their applications are no longer able to complete HTTP connections to the localhost (127.0.0.1) IP address.
When attempting to do so, they received errors such as “ERR_CONNECTION_RESET” or “ERR_HTTP2_PROTOCOL_ERROR”.
These problems have been reported by Windows users Microsoft Forums, stack exchangeAnd redditEveryone said they are no longer able to make HTTP connections to 127.0.0.1.
The bug affected widely used applications including Visual Studio debugging, SSMS Entra ID authentication, and the Duo desktop app, which verifies device security status and requires a connection to a web server running on localhost.
“After updating Windows to Windows 11 24H2 and 25H2, you may experience an issue where the Duo prompt is unable to access the Duo desktop,” it reads. Duo Support Bulletin,
“This may prevent successful authentication (or result in limited functionality) in situations where the following are in use: Trusted Endpoint, policies such as Duo Desktop and Device Health Policy, Duo Desktop as an authentication method. Duo Passport. Verified Duo Push with Bluetooth autofill or proximity verification.”
Borncity It is suggested that the following registry entries help resolve the issue by disabling the HTTP/2 protocol but BleepingComputer has not been able to independently confirm this fix.
(HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters)
"EnableHttp2Tls"=dword:00000000
"EnableHttp2Cleartext"=dword:00000000
Another method that some people claim resolved the issue was to install the latest Microsoft Defender Intelligence update. However, others report that it did not resolve the issue on their Windows devices.
Instead, the only sure way to resolve the bug is to uninstall the October KB5066835 update and September’s KB5065789 preview update.
Windows users can uninstall updates using the following command:
wusa /uninstall /kb:5066835
wusa /uninstall /kb:5065789
After uninstalling the update and restarting Windows, the loopback interface should once again allow HTTP/2 connections, allowing problems using the application to be resolved.
BleepingComputer contacted Microsoft about this bug and will update our story when we receive a response.
attend Breach and Attack Simulation Summit and experience future of security verificationHear from top experts and see how AI-powered BAS Changing breach and attack simulations.
Don’t miss the event that will shape the future of your security strategy
