Microsoft updates break AV software, again!
Microsoft’s May 2019 security fixes have again disrupted the normal functioning of some endpoint security products on certain Windows versions.
Current problems
“We have had a few customers reporting that following on from the Microsoft Windows 14th May patches they are experiencing a hang on boot where the machines appear to get stuck on ‘Configuring 30%’,” UK-based Sophos explained.
“We have currently only identified the issue on a few customers running Windows 7 and Windows Server 2008 R2.”
Sophos is working on fixing the problem. In the meantime, users of Sophos Endpoint Security and Control and Sophos Central Endpoint Standard/Advanced have been advised to remove the “offending” Windows updates (KB4499164 or KB4499165) for the AVs to work, and delay the patching until Sophos delivers the update that will fix the conflict.
Microsoft’s monthly rollup update has also negatively affected systems that have McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed.
Past problems
A similar situation has happened in April, when Microsoft’s updates impacted Sophos and several other AV vendors (McAfee, Avast, ArcaBit, Avira) and caused some customers using older Windows and Windows Server versions to occasionally experience system fails or hangs during boot up, slow startups, unresponsiveness at restart, or the inability to log in after applying the update.
Those issues were solved by emergency updates on behalf of the security companies and by Microsoft temporarily blocking the Microsoft update from being visible for download if the affected endpoint solutions were present on the system.
It is to be hoped that the AV companies will push out updates soon, as the May 2019 Microsoft updates fix some pretty serious vulnerabilities, including a “wormable” RDP flaw (CVE-2019-0708) that is expected to soon be widely exploited by attackers.