[Sophos Notification] Following the Microsoft Windows 14th May update some machines hang on boot

Hi Community,

We have had a few customers reporting that following on from the Microsoft Windows 14th May patches they are experiencing a hang on boot where the machines appear to get stuck on "Configuring 30%"

Initial findings suggest that this relates to the below Microsoft Patches:

May 14, 2019—KB4499164 (Monthly Rollup)
May 14, 2019—KB4499175 (Security-only update)

We have currently only identified the issue on a few customers running Windows 7 and Windows Server 2008 R2

Please visit KB article https://community.sophos.com/kb/en-us/134117 for any updates on this issue.

  • Update 22-05-2019
    We have been continuing to work directly with Microsoft to resolve this issue as quickly as possible. Progress has been made in identifying the root cause and we will continue to update this KBA when new information becomes available.

    Please note: Microsoft customers using different security products are also seeing similar issues. For more information please refer to the Microsoft KBA: https://support.microsoft.com/en-us/help/4499164/windows-7-update-kb4499164 

  • In reply to FloSupport:

    Update 24-05-2019
    Microsoft and Sophos have been working closely to identify and resolve the issue. Microsoft has provided the following information:

    Customers running Windows Defender ATP (Advanced Threat Protection) on Windows 7 or Windows Server 2008 R2 may see sporadic issues installing Windows updates.

    Microsoft is aware of the issue and is rolling out a fix to Windows Defender ATP over the coming 36 hours. No customer action is required. The fix will be automatically applied by the Microsoft Monitoring Agent Service.

  • In reply to FloSupport:

    So as of today (Mon 03/06) what is Sophos's support statement about the May 2019 microsoft security patch and sophos?


    Are we clear to roll out the above security patch where Sophos is installed? Or is there still a live issue?


  • In reply to John Gregory:


    This related issue above was determined to not have been caused by our Sophos Endpoint, but related to Windows Defender ATP which Microsoft has since patched.


  • In reply to FloSupport:

    Thanks for the confirmation.

    Can I suggest that the article (https://community.sophos.com/kb/en-us/134117) is updated to reflect this status, as it is currently a bit ambigious.



  • In reply to John Gregory:


    Its 11. June and still we have no new informations about Microsoft May update and we are still facing problems if updating is proceeded.  

    When will this issue be resolved or it is expected? Who is resolving this issue Microsoft or Sophos?


  • In reply to FloSupport:

    We have customers that do not use Windows Defender ATP and are still getting the issue. The KB article seems to refer to the fact that it only fixes the issue with Defender ATP. Our customers are certainly still experiencing the issue if they install the patch. Do you know if there is a fix for this scenario?

  • In reply to KingRolo:


    Who is resolving this issue Microsoft or Sophos?

    As stated in this article, "The fix will be automatically applied by the Microsoft Monitoring Agent Service.".

  • In reply to Chris H:


    I believe something else might be causing the issue. Can you please raise a support case so that we resolve it for you?

  • In reply to Yashraj:

    We released the May 2019 patch for Windows 7 into our environment late last week. We are finding that a small portion of PCs are having issues. These seem to be those with older/not updated versions of Sophos. We have pulled the patch again.

    Our short term resloution is to remove the MS patch via Safe mode, restart, remove & reinsall Sophos, restart and then install MS patch manually,.

    We are looking at what problematic PCs report for their Sophos status and will try to target those PCs proactively.