This month’s Patch Tuesday sent many Windows users running for cover. As I reported on Wednesday morning, Win7 and 8.1 machines running Sophos antivirus products frequently refused to boot. The dragnet has since expanded, with both Avira and Avast now admitting their products are having problems, and rumors are swirling about many other antivirus manufacturers.
You have to ask: Who’s testing this stuff?
In a nutshell, we’ve seen PC-breaking behavior with all of these April patches:
- Win7 and Server 2008 R2 Monthly Rollup (KB 4493472) and Security-only (KB 4493448) patches
- Win8.1 and Server 2012 R2 Monthly Rollup (KB 4493446) and Security-only (KB 4493467) patches
- Server 2012 Monthly Rollup (KB 4493451) and Security-only (KB 4493450 ) patches
Microsoft has modified the Knowledge Base articles for all six of those patches to include the admonition:
Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to freeze or hang upon restart after installing this update.
Which is a bit disingenuous. In fact, Sophos, Avast and Avira have all reported problems with various combinations of those patches. I’ve seen an anonymous report that the Win7 patch interferes with McAfee virus definition updates. Nobody knows what to think because there’s been no clear advice from Redmond.
Microsoft now says that it …
has temporarily blocked devices from receiving this update if the Sophos Endpoint is installed until a solution is available.
Spiceworks has a long-running thread on the screw-up. Much to their credit, both Sophos and Avast have named employees working on the reports.
I’ve heard persistent rumors that Microsoft is also blocking the six patches on machines with other antivirus products (Avast? Avira? McAfee?) but there’s no official confirmation. If Microsoft had a solid reputation for reporting the antics of its installers, I’d be skeptical of the rumors. But, of course, Microsoft’s reputation is precisely the opposite. We’re coming up on three days after the bomb dropped, and we really have no idea.
There’s an additional problem that’s starting to rear its ugly head. I’m seeing many reports of this month’s first cumulative update for Win10 version 1809, KB 4493509, slowing machines down to the point they’re unusable. Avira has mentioned this problem, too.
Right now, with the background decibel level so high, it’s hard to know exactly what’s causing problems. But anyone running Windows 7, 8.1, Server 2008 R2, 2012, or 2012 R2 should be cautious. And Win10 version 1809 cumulative updates are always a crapshoot — as many of you can painfully attest.
Why isn’t anybody testing this stuff? Good question, but there’s no easy answer.
Clearly, there was some change in those six patches that broke a long-standing entry into the internals of Windows. Clearly, at least some Sophos, Avast and Avira products used the now-broken hook. Does Microsoft have the right to cut off a hole in Windows, even if it’s being used by antivirus vendors? Certainly. Do the antivirus vendors have a right to know about — be explicitly warned about — changes that are coming that’ll break their products? I would answer yes. Should everybody — Microsoft and the antivirus vendors — be testing this stuff before it’s released? Absolutely. We’re talking about major AV products here, with millions of users.
We can point the finger in a dozen different directions, but there’s one sad fact: Whoever decided to release these six patches either a) didn’t know or b) didn’t care that they’d brick millions of machines.
Which is worse? Doesn’t matter. We, the customers, got screwed.
All in all, it would be a very good idea to sit out this month’s patches until Microsoft and the AV vendors get their acts together. I know there are people who say you have to prioritize one patch or another — get those patches installed right away, bucko! — but at this point, unless you’re protecting state secrets, there’s no point in sticking your finger in the pencil sharpener.
We’ve moved to MS-DEFCON 1 on the AskWoody Lounge.