This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[Sophos Notification] Sophos Central Endpoint and SEC: Computers fail/hang on boot after the Microsoft Windows April 9, 2019 update

Gowtham Mani over 5 years ago

Hi Everyone,

After installing the following Microsoft Windows updates Sophos has received reports of computers failing to boot:

https://support.microsoft.com/en-gb/help/4493467/windows-8-1-update-kb4493467 (Security-only update)
https://support.microsoft.com/en-gb/help/4493446 (Monthly Rollup)
https://support.microsoft.com/en-gb/help/4493448 (Security-only update)
https://support.microsoft.com/en-gb/help/4493472/windows-7-update-kb4493472 (Monthly Rollup)
https://support.microsoft.com/en-us/help/4493458 (Security-only update)
https://support.microsoft.com/en-us/help/4493471/windows-server-2008-update-kb4493471 (Monthly Rollup)
https://support.microsoft.com/en-gb/help/4493450 (Security-only update)
https://support.microsoft.com/en-gb/help/4493451/windows-server-2012-update-kb4493451 (Monthly Rollup)

The issue is currently being investigated. For more updates and workaround, please follow the below KBA.

Following the Microsoft Windows 09th April update computers fail/hang on boot

This thread was automatically locked due to age.

Parents

Sammore over 5 years ago

So when can we expect this to be resolved? Not updating isn't a solution.

Hopefully this isn't like the last major windows 7 issue we ran into that took over a month for sophos to "resolve" https://community.sophos.com/kb/en-us/131685
Cancel
Vote Up 0 Vote Down

Cancel
QC over 5 years ago in reply to Sammore

Hello Sammore,

it looks - from the rather prompt reaction of Microsoft - like this is not an issue for which Sophos has to bear the undivided blame (or even the major part of it). Microsoft wouldn't block their patches if some other vendor has "self-inflicted" problems.

Christian
Cancel
Vote Up 0 Vote Down

Cancel
Richie Knight over 5 years ago in reply to QC

To be a little fairer to Microsoft, I feel that both Microsoft and Sophos should be working closer together when OS changes such as the new patches are implemented. From what I have seen so far, if you are not running Sophos, Avast or Bit Defender then you were unaffected by problems with the updates that were released.

The files that were patched, more specifically WININIT.dll and PRINTUI.dll, appear to have a new file signature. Had Sophos been made aware of these changes (If they weren't, I am speculating here) then I am sure their Dev team could have rolled an update out to account for these changes and prevent the problems being experienced.

There is actually nothing wrong with the updates released by Microsoft. It's just simply a case that in order for them to work without issue, 3rd party vendors need to be aware of the changes and have patches in place for their products prior to release.
Cancel
Vote Up 0 Vote Down

Cancel
Sammore over 5 years ago in reply to QC

I'm not interested in who bares the blame, I'm interested in a solution that resolves the issue at hand and helps us avoid these issues in the future.

Right now we're at the mercy of Sophos to release a fix, whose track record in fixing these issues is slow to say the least.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

Sammore over 5 years ago in reply to QC

I'm not interested in who bares the blame, I'm interested in a solution that resolves the issue at hand and helps us avoid these issues in the future.

Right now we're at the mercy of Sophos to release a fix, whose track record in fixing these issues is slow to say the least.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data