# Microsoft fixes Windows bug breaking localhost HTTP connections

![](https://www.bleepstatic.com/content/hl-images/2025/03/28/Windows_headpic.jpg)

Microsoft has fixed a known issue breaking HTTP/2 localhost (127.0.0.1) connections and IIS websites after installing recent Windows security updates.

This bug affects both Windows 11 and Windows Server 2025 systems, where users will see connection reset errors when loading pages or using apps that try to connect to the localhost (127.0.0.1) IP address.

As  on Wednesday, the issue is triggered after installing the Windows 11  Patch Tuesday update, and even September's  preview update, causing errors such as "ERR_CONNECTION_RESET" or "ERR_HTTP2_PROTOCOL_ERROR".

These problems have been reported by Windows users on ,  and , who state they are no longer able to make HTTP connections to 127.0.0.1. This bug has impacted the Duo Desktop app and features in many widely used applications, including Visual Studio debugging and SSMS Entra ID authentication.

Following these widespread reports, Microsoft confirmed the known issue and linked it to a bug in the HTTP.sys Windows-based web server for ASP.NET Core. The company added that this bug can be triggered by a variety of conditions, including the timing of recent device restarts and update installations, as well as the device's internet connectivity.

"Following installation of updates releases on or after September 29 (KB5066835), server-side applications that rely on HTTP.sys may experience issues with incoming connections," the company  in a Thursday update on the Windows release health dashboard.

"As a result, IIS websites might fail to load, displaying a message such as 'Connection reset - error (ERR_CONNECTION_RESET)', or similar error. This includes websites hosted on http://localhost/, and other IIS connections."

Microsoft asked affected users to go through the following procedure to resolve the issue on impacted devices:

1. $1

	2. $1

	3. $1

Redmond has also automatically resolved the issue on non-managed business devices and for most home users via Known Issue Rollback (KIR), a Windows feature that reverses buggy updates delivered via Windows Update.

To fix it on affected Windows enterprise-managed devices running Windows 11 24H2, Windows 11 25H2, and Windows Server 2025, IT administrators must install and configure the .

Admins can find additional guidance on deploying and configuring KIR group policies on .

Redmond says a permanent fix will roll out with a future Windows update, so organizations will no longer need to install a group policy to address this issue.

46% of environments had passwords cracked, nearly doubling from 25% last year.

Get the Picus Blue Report 2025 now for a comprehensive look at more findings on prevention, detection, and data exfiltration trends.

	  ****
