Widespread reports of freezing with yesterday’s Win7 and 8.1 Monthly Rollups, KB 4493472 and KB 4493446

[Karlston]

While most of Patch Tuesday seems to be going relatively smoothly, Win7, Win8.1, Server 2008 R2 and 2012 R2 machines are seeing multiple problems with this month’s patches, both Security-only updates and Monthly Rollups. Sophos has acknowledged that its products may be at the core of the reports.

detsang (CC BY 2.0)

Patch Tuesday seemed uneventful until loads of Windows 7 and Server 2008 R2 machines, as well as Win8.1 and Server 2012 R2 machines, rebooted overnight. Looks like we have another throat-clutching bad round of patches to contend with.

 

Sophos Anti-Virus appears to be at the core of many reported bugs, but it’s still too early to tell if other software will get stung by the same changes.

 

Yesterday, as is its wont, Microsoft released a big bunch of patches: 74 separately identified security holes; two of them actively exploited; with every version of Windows, Office, IE and Edge plugged.

 

As of early this morning, the big news is the astounding gaggle of bugs being reported for the Win7 and Server 2008 R2 Monthly Rollup, KB 4493472, and the Win8.1 and Server 2012 R2 Monthly Rollup, KB 4493446. We’re still at the first-survivor’s round of complaints, but so far there have been reports on Spiceworks of:

• Login screen stuck on Welcome and taking up to an hour to logon. And then even if they can login they freeze up completely.
• Some of our 2008R2 servers were hanging at "applying computer settings". Including the domain controller. After booting into safe mode and removing the update, the problem was gone.
• All of our Windows 7 machines auto installed this update so we've spent since 8AM this morning going to each machine and removing it (having to boot into Safe mode). However the update simply will not remove from our HP ProDesk 400 G2 MINI's we've had to take them out of service as they continue to get stuck even after the removal.

Over on the Sophos site:

• Sophos AntiVirus service was logging lots of error messages in event log. Event IDs : 7022 (service hang), 80, 81, 83, 85, 82, 566, 608, 592. The server became unresponsive, no rdp, no file share access, Ctrl Alt Delete not working.

 

The people at Sophos just acknowledged the problem:

 

After installing the following Microsoft Windows updates Sophos has received reports of computers failing to boot:

• https://support.microsoft.com/en-gb/help/4493467/windows-8-1-update-kb4493467
• https://support.microsoft.com/en-gb/help/4493472/windows-7-update-kb4493472

Applies to the following Sophos product(s) and version(s)

Sophos Endpoint Security and Control

Sophos Central Endpoint Standard/Advanced

There’s no apparent solution, other than uninstalling the Windows patch — and that’s pretty complicated because you have to bypass the Sophos Anti-Virus service. Details in the post.

 

It’s not clear from Sophos’s mea culpa precisely which patches are implicated. They list two:

 

• KB 4493467 - the April Win8.1 Security-only patch
• KB 4493472 - the April Win7 Monthly Rollup

From that, I would infer (but can’t yet confirm) that two additional patches are involved:

• KB 4493446 - the April Win8.1 Monthly Rollup
• KB 4493448 - the April Win7 Security-only patch

Microsoft has yet to report on any of this. In particular, we don’t know if the patches only clobber Sophos Anti-Virus, or if there’s more collateral damage.

 

We’re keeping a close eye on the AskWoody Lounge.

 

Source: Widespread reports of freezing with yesterday’s Win7 and 8.1 Monthly Rollups, KB 4493472 and KB 4493446  (Computerworld - Woody Leonhard)

[debebee]

early adoptors are usually the first casualties.. 

that is why waiting out the upgrade is still a good it practice. 

[shorty6100]

I upgraded through fast ring to test without incident. I have an image of 1809 if something goes wrong. I will clean install 1903 in June or July.

[The AchieVer]

Windows 7 problems: Microsoft blocks April updates to systems at risk of freezing

Microsoft halts Windows 7 patches for Sophos users after updates trigger boot failures, which also affect Avast users.

 

 

 

 

Microsoft has blocked this week's monthly and security-only Windows 7 and Windows 8.1 updates for Sophos antivirus users after widespread reports that computers failed to boot after installing them. 

The updates caused dire problems for Windows 7 and Windows 8.1 systems running Sophos Endpoint Security and Control and Sophos Central Endpoint Standard/Advanced. The same issues affect their corresponding Server versions, Windows Server 2008 R2 and Windows Server 2012.    

 

The problems are caused by Microsoft's Tuesday Windows 7 and Windows 8.1 monthly rollup and security-only updates KB4493467, KB4493446, KB4493448, KB4493472, KB4493450 and KB4493451. 

"Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to freeze or hang upon restart after installing this update," Microsoft said in an update on Thursday morning, European time. 

 

Sophos has warned customers against installing these updates if they have not done so already. Customers this week report that computers have been failing to boot after installing them. 

 

Sophos is telling users who have installed the update to boot into safe mode, disable Sophos antivirus, then boot into normal mode and uninstall the problematic Windows update. After that, users should re-enable Sophos antivirus. 

 

As reported by Ask Woody, the Windows 7 updates also appear to be causing issues with systems running Avast antivirus.    

 

Avast says Windows 7 machines in particular "are becoming locked or frozen on startup after Microsoft updates KB4493472, KB4493448, and KB4493435".

 

Microsoft hasn't listed a block on the updates for Avast users. 

 

Avast customers with Avast for Business and Avast Cloud Care, primarily on Windows 7, have reported machines becoming "stuck or frozen on the login/Welcome screen". Some users cannot log in at all, while other users can log in after a "very extended period of time". 

 

Avast says some customers have been able to log in after booting the machine into Safe Mode and also recommends rolling back the Windows updates. 

 

Source

 

[spudboy]

Not only Win7 and 8.1, but also 10. And not only Sophos and Avast, but also Avira.

 

https://www.avira.com/en/support-for-home-knowledgebase-detail/kbid/1976

[The AchieVer]

Avast Confirms Issues Caused by Windows Updates KB4493472 and KB4493448 

 

A bug introduced by the latest Windows 7 and 8.1 monthly rollups causes devices running these two Windows versions to freeze at boot.

However, it looks like the problem is only encountered on computers running certain antivirus software, including security products developed by Sophos.

Microsoft acknowledged the issue, but said it’s only experienced with Sophos software. The company blocked the updates from being offered to devices running Sophos antivirus.

“Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to freeze or hang upon restart after installing this update,” the company says.

Nevertheless, similar issues are experienced on devices where other antivirus products are installed, and Avast has recently confirmed that its customers are impacted too.

“Avast has received reports of an issue affecting our customers running Avast for Business and Avast CloudCare on Windows machines, particularly those with Windows 7 operating systems. While this problem is currently being researched, we have discovered some temporary solutions to restore functionality to our users,” the security vendor explains.Office patches could cause issues tooHowever, the bug freezing devices isn’t only caused by Windows monthly rollups, but also by a series of other updates, including Office patches. Avast says the following updates could make the system hang on boot: KB4462223, KB4493472, KB4493448, KB4464520, KB4462230 and KB4493435.

While a full fix is currently being developed, Avast recommends its customers to completely uninstall the updates. You can also reach out to customer support if you can’t apply this fix.

Microsoft hasn’t provided any ETA as to when a solution to these bugs would be released, but for now, the update block could be expanded to cover more devices running security products from other vendors too.

If you haven’t installed this month’s monthly rollups, you should avoid doing it until patch reliability becomes clear.

 

 

 

Source

[The AchieVer]

How to Fix Issues with Windows Updates KB4493472 and KB4493446

Just when it seemed like Microsoft finally stopped rolling out botched updates, here’s the April 2019 Patch Tuesday cycle that brings a handful of updates causing devices to freeze on boot.

It’s happening on Windows 7 and Windows 8.1 systems after installing the April 2019 monthly rollups, and by the looks of things, the culprit is a compatibility bug with a number of antivirus products.

First and foremost, it looks like such issues are only experienced on Windows 7 and Windows 8.1 for now, though I’m also seeing reports that Windows 10 might be hit as well. Microsoft, however, has only acknowledged such bugs on Windows 7 and 8.1.

The updates that are said to cause the freezing on boot and to make devices unresponsive are the following:
 

Windows 7 April 2019 monthly rollup KB4493472

Windows 7 April 2019 security-only update KB4493448

Windows 8.1 April 2019 monthly rollup KB4493446

Windows 8.1 April 2019 security-only update KB4493467

Additionally, some security vendors claim the following updates could also cause similar issues on Windows versions older than Windows 10:
 

Office 2010 April 2019 security update KB4462223

Office 2010 April 2019 security update KB4464520

Excel 2010 April 2019 security update KB4462230

Internet Explorer April 2019 cumulative update KB4493435

 
The affected security products are the following:
 

Sophos Central Endpoint

Sophos Enterprise Console

Avast for Business

Avast CloudCare

Avira Antivirus (versions not confirmed)

 
While Microsoft is working with security vendors to resolve these issues, it looks like the easiest workaround right now is to simply uninstall these updates.

To do this, all you have to do is to follow this path on Windows 7 and Windows 8.1:

Control Panel > Programs > Programs and Features > Installed Updates

Look for the updates mentioned above and which apply to your Windows version, select them, and then hit the Uninstall button. A reboot will be required.

If you can’t boot to the desktop because the device freezes, you can remove the update from the Safe Mode. To enter Safe Mode in Windows 7, just press the F8 key before the Windows 7 loading screen appears. You will then be presented with a series of advanced options, including Safe Mode, so choose this one to log in to the desktop and remove the update.

As an alternative, you can also try to remove the affected security products, as the freezing only occurs when these apps are installed.

Microsoft says it has already halted the rollout to devices with impacted security products, but until now, the only stated that only Sophos devices are concerned by this restriction. It’s not yet clear if Avira and Avastmachines continue to be provided with the botched updates.

As an alternative, security vendors also recommend their customers to get in touch with customer support services for additional information and assistance should it be needed.

Meanwhile, security vendors and Microsoft are still working on a fix. Avast says Windows 7 are most often affected, and the company doesn’t say anything about any potential issues that Windows 8.1 customers might experience.

On the other hand, Microsoft says the issue that hits Sophos machines exists on both Windows 7 and 8.1.

There’s no estimated date as to when Microsoft could publish a fix, but given how widespread this turns out to be, there’s a high chance the software giant wouldn’t wait until the next Patch Tuesday cycle to publish it. The May 2019 Patch Tuesday takes place on the 14th so we’re more than a month away from the moment the company could provide users on Windows 7 and 8.1 with a fix on this.

 

 

Source