Patch Tuesday seemed uneventful until loads of Windows 7 and Server 2008 R2 machines, as well as Win8.1 and Server 2012 R2 machines, rebooted overnight. Looks like we have another throat-clutching bad round of patches to contend with.
Sophos Anti-Virus appears to be at the core of many reported bugs, but it’s still too early to tell if other software will get stung by the same changes.
Yesterday, as is it won’t, Microsoft released a big bunch of patches: 74 separately identified security holes; two of them actively exploited; with every version of Windows, Office, IE and Edge plugged.
As of early this morning, the big news is the astounding gaggle of bugs being reported for the Win7 and Server 2008 R2 Monthly Rollup, KB 4493472, and the Win8.1 and Server 2012 R2 Monthly Rollup, KB 4493446. We’re still at the first survivors round of complaints, but so far there have been reports on Spiceworks of:
- Login screen stuck on Welcome and taking up to an hour to log in. And then even if they can log in they freeze up completely.
- Some of our 2008R2 servers were hanging at “applying computer settings”. Including the domain controller. After booting into safe mode and removing the update, the problem was gone.
- All of our Windows 7 machines auto installed this update so we’ve spent since 8 AM this morning going to each machine and removing it (having to boot into Safe mode). However, the update simply will not remove from our HP ProDesk 400 G2 MINI’s we’ve had to take them out of service as they continue to get stuck even after the removal.
Over on the Sophos site:
- Sophos AntiVirus service was logging lots of error messages in the event log. Event IDs : 7022 (service hang), 80, 81, 83, 85, 82, 566, 608, 592. The server became unresponsive, no rdp, no file share access, Ctrl Alt Delete not working.
The people at Sophos just acknowledged the problem:
After installing the following Microsoft Windows updates Sophos has received reports of computers failing to boot:
Applies to the following Sophos product(s) and version(s)
Sophos Endpoint Security and Control
Sophos Central Endpoint Standard/Advanced
There’s no apparent solution, other than uninstalling the Windows patch — and that’s pretty complicated because you have to bypass the Sophos Anti-Virus service. Details in the post.
It’s not clear from Sophos’s mea culpa precisely which patches are implicated. They list two:
- KB 4493467 – the April Win8.1 Security-only patch
- KB 4493472 – the April Win7 Monthly Rollup
From that, I would infer (but can’t yet confirm) that two additional patches are involved:
- KB 4493446 – the April Win8.1 Monthly Rollup
- KB 4493448 – the April Win7 Security-only patch
Microsoft has yet to report on any of this. In particular, we don’t know if the patches only clobber Sophos Anti-Virus, or if there’s more collateral damage.