Reports are coming in left and right that the recent security updates for Windows 7, Windows 8.1, Windows Server 2008 R2 and Windows Server 2012 R2 are causing issues on machines they are installed on under certain circumstances.
I added a note to the Tuesday's Patch Overview for this month's Windows updates but the issue appears even more widespread than thought initially.
Update: Microsoft added the issue to the known issues on support pages that highlights the incompatibility issue with Sophos products. Microsoft blocked devices with affected Sophos software from receiving the update.
What we know so far
The issue affects pre-Windows 10 operating systems only, at least that is what is been reported at the time. In other words: Windows 7, Windows 8.1, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2.
The updates that may cause issues are:
- KB4493448 Security-only update for Windows 7 SP1 and Windows Server 2008 R2 SP1
- KB4493472 Monthly rollup update for Windows 7 SP1 and Windows Server 2008 R2 SP1
- KB4493467 Security-only update for Windows 8.1 and Windows Server 2012 R2
- KB4493446 Monthly rollup update for Windows 8.1 and Windows Server 2012 R2
- KB4493450 Security-only update for Windows Server 2012
- KB4493451 Monthly rollup update for Windows Server 2012
Sophos reports that machines with the update may fail to boot. The computer mentions systems with Sophos Central Endpoint and SEC installed specifically and recommends not to install the new update at this point in time.
If the update is installed already, Sophos recommends booting into Safe Mode, disabling Sophos Antivirus, booting into the regular system, uninstalling the Windows update there, and enabling the Sophos Anti-Virus service afterward.
Avast published a support article on the company's KB site that describes a similar issue. The company reports that PCs running Avast for Business and Avast Cloud Care on Windows machines may become locked or frozen on start after installing the new Windows updates.
Windows machines (particularly those running Windows 7) are becoming locked or frozen on startup after Microsoft updates KB4493472, KB4493448, and KB4493435.
Some of these machines are completely unable to log in, and some log in after a very extended period of time.
Avast suggests that users roll back the update as well and has published instructions on how to do so on the linked support page.
Microsoft has yet to acknowledge the issue; no support article lists the problem as a known issue yet.
It is still recommended to create a system backup before you install any new update for Windows on your machines.