Critical Windows 11 Update Breaks Localhost HTTP/2 Connections

The October security updates for Windows 11 unexpectedly disrupted local HTTP/2 connections, causing applications to malfunction when attempting to communicate with services running on “127.0.0.1.” The issue surfaced immediately after installing the cumulative update KB5066835 and the September preview KB5065789. The failure proved particularly painful for developers: test websites, debugging environments, and services dependent on local calls began returning “ERR_CONNECTION_RESET” and “ERR_HTTP2_PROTOCOL_ERROR.”

The problem affects Windows 11 builds 24H2 and 25H2, impacting a wide array of scenarios. Reports mention disrupted debugging in Visual Studio, login failures in SSMS using Entra ID, and malfunctions in Duo Desktop, a client that assesses system security posture and relies on web services running on “localhost.” According to Duo’s support team, when Trusted Endpoints policies, device health checks, or mechanisms such as Verified Duo Push with Bluetooth validation are enabled, communication with local services can be severed—resulting in failed logins or degraded functionality.

Discussions echoing the same symptoms have erupted across Microsoft forums, Stack Overflow, and Reddit threads: users widely report that after applying the latest updates, the loopback interface on 127.0.0.1 can no longer maintain a stable HTTP/2 connection. In some cases, the connection drops entirely; in others, it fails intermittently when attempting to establish a secure channel.

A temporary workaround involves disabling HTTP/2 at the system stack level. This can be achieved by creating the registry parameters “EnableHttp2Tls” and “EnableHttp2Cleartext” under
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters
and setting their values to “0.”

This adjustment reverts communication to HTTP/1.1, restoring connectivity with local services but sacrificing HTTP/2’s benefits—such as multiplexing and more efficient connection handling. Some users also reported improvement after updating the Microsoft Defender database, though consistent results remain unconfirmed.

The most reliable way to restore functionality is to uninstall the problematic updates. Removing KB5066835 and KB5065789 via the commands
wusa /uninstall /kb:5066835 and wusa /uninstall /kb:5065789,
followed by a system reboot, restores proper HTTP/2 handling on the loopback interface. Once removed, local applications resume connecting without errors.

This disruption strikes at the heart of everyday development and corporate operations, where local callbacks are pervasive. Authentication and compliance services, IDEs and debuggers, and auxiliary security agents all depend on a stable localhost environment.

No official explanation has yet been issued. Until a fix is released, users are advised to freeze their builds and avoid installing the affected packages in environments reliant on local HTTP/2 connections—or temporarily enforce a rollback to HTTP/1.1, with an understanding of the trade-offs.

Microsoft has been notified of the issue, and the community awaits a corrective update that will restore full HTTP/2 functionality on 127.0.0.1 without rollbacks or manual registry modifications.

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy