AnsweredAssumed Answered

Microsoft's killer Windows 7 patch: Breaks networking, flags legit PCs as 'Not genuine'  Windows sysadmins wake up on Wednesday with an almighty Patch Tuesday headache.

Question asked by elstaci on Jan 10, 2019

For Users with Windows 7 you may want to block the latest Patch Tuesday Update: Microsoft's killer Windows 7 patch: Breaks networking, flags legit PCs as 'Not genuine' | ZDNet

 

Some Windows 7 admins are feeling the pain of Microsoft's latest updates in this week's Patch Tuesday releases. 

Thankfully for Microsoft, hardworking admins continue to spot bugs that it didn't detect during pre-release testing.

This time they've found that its January security updates are bricking Windows 7 devices with an errant 'Not Genuine' Windows license error, and a bug that blocks administrator access to remote shares on Windows Server 2008 R2 and Windows 7.    

The issues stem from the Monthly Rollup update, KB4480970, and the security-only update, KB4480960, for Windows 7 SP1 and Windows Server 2008 R2 SP1.

Günter Born's Borncity was first to report the Windows 7 Genuine brick and the separate network share issues bundled in these updates. 

As Born notes, monthly rollup KB4480970 addresses a serious PowerShell flaw and adds extra mitigations for Meltdown and Spectre side-channel attacks. 

While it was prudent to patch quickly, admins discovered the update tripped up network shares over the SMBv2 file-sharing protocol. Born figured the security-only update might dodge the bugs, but he discovered that it caused the same issues. 

 

  Born's and other reports commented that Microsoft hasn't listed the bugs as known issues on its support pages for KB4480960 and KB4480970. But Microsoft has now acknowledged the issues. 

Regarding the 'Not Genuine' Windows 7 error, Microsoft confirms that "some users are reporting the KMS Activation error, 'Not Genuine', 0xc004f200 on Windows 7 devices".

"We are aware of this incident and are presently investigating it. We will provide an update when available," writes Microsoft on both KB4480960 and KB4480970. 

SEE: Windows 10 April 2018 Update: An insider's guide (free PDF)

The source of the activation error is an eight-month-old update for Microsoft's anti-piracy Windows Activation Technologies, the same tech that recently caused panic after deactivating legitimate copies of Windows 10

As noted by AskWoody.com, Microsoft for some reason this week pushed the April update, KB971033, which was meant to help "confirm that the copy of Windows 7 that is running on your computer is genuine".

The problem, as one sleuthing sysadmin concluded on Reddit, is that KB971033 should never have been installed in a KMS environment. The sysadmin discovered the cause while fixing several thousand Windows 7 virtual desktops that suddenly and wrongly reported they were running non-genuine Windows. 

"Woke up this morning to find a few thousand Windows 7 VDI machines reporting that Windows 7 wasn't genuine. After much troubleshooting we found that KB971033 (should not have been installed in a KMS environment in the first place) was installed on these machines," the sysadmin wrote.

"Until today having this KB installed hasn't been an issue, it appears a change to how Microsoft's activation servers respond to a standard KMS key being sent to them may be to blame. Removing the update, deleting the KMS cache and activation data from the PCs and reactivating against KMS resolved the issue."

Microsoft has also posted a description of the conditions when users will see network share blocked, and a workaround until it releases a fix. 

"Local users who are part of the local 'Administrators' group may not be able to remotely access shares on Windows Server 2008 R2 and Windows 7 machines after installing the January 8th, 2019 security updates. This does not affect domain accounts in the local 'Administrators' group," explains Microsoft.  

"To work around this issue use either a local account that is not part of the local 'Administrators' group or any domain user (including domain administrators). We recommend this workaround until a fix is available in a future release."

Outcomes