facebook rss twitter

Microsoft's worm patches are breaking AV software

by Mark Tyson on 21 May 2019, 14:11

Tags: Microsoft (NASDAQ:MSFT), Windows 7, Sophos, McAfee (NASDAQ:INTC)

Quick Link: HEXUS.net/qad7w5

Add to My Vault: x

A week ago HEXUS reported upon the fixes released by Microsoft to patch up a critical Remote Desktop Services Remote Code Execution Vulnerability. Modern systems running Windows 8 and Windows 10 weren't vulnerable. However, the update was newsworthy - not just because of the potential spreading of malware via this vulnerability - but that Microsoft had seen fit to furnish users of OSes well past end-of-support dates with a patch. Thus Windows XP users got their first OS security update in a very long time, for example.

A week later and reports have been piling up of those who updated with the collection of 'Patch Tuesday' fixes suffering with systems that get stuck at boot time. A common set of conditions which might mean that you will be a victim of the boot failures are that; you are running Windows 7 or Windows Server 2008 R2, and you are using third party AV software from the likes of Sophos, McAfee, Avast, Avira and ArcaBit.

As The Inquirer reports, a similar thing happened in the wake of April's Patch Tuesday. As an example of the issues and workarounds this month, the tech news site included a quote from Microsoft and McAfee as follows:

"Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update."

Another site, The Register, said Sophos was going further - it recommended users roll back Microsoft's latest critical security fixes so that its AV software would not cause boot failures. Sophos apparently had to do this for "300+ machines for clients around the US," but one wonders about the machines' subsequent re-exposure to the critical vulnerabilities.

In another related piece of news Microsoft has just fixed another Patch Tuesday bug introduced last week, which was preventing access to some UK government websites in Edge and Internet Explorer.

Microsoft is expected to release its May 2019 Update to Windows 10 any day now. Let's hope it is a smooth and uneventful experience, especially compared to the Windows 10 October 2018 Update shenanigans.

HEXUS Forums :: 5 Comments

Login with Forum Account

Don't have an account? Register today!
Posted by Syphadeus - Tue 21 May 2019 15:34
This is getting really silly now and it's not at all funny. What are MS playing at? Their software quality control appears to be non-existent. They keep on pushing out updates that break lots of things and they keep saying sorry. At what point does “sorry” stop cutting the mustard? If they were actually sorry they would put controls in place to reduce occurrences but instead the problem is getting worse as time goes by.
Posted by fmq203 - Tue 21 May 2019 15:44
Syphadeus
This is getting really silly now and it's not at all funny. What are MS playing at? Their software quality control appears to be non-existent. They keep on pushing out updates that break lots of things and they keep saying sorry. At what point does “sorry” stop cutting the mustard? If they were actually sorry they would put controls in place to reduce occurrences but instead the problem is getting worse as time goes by.

It's easier to fix a slow PC than being sued by thousands because of a hole in your OS.
Posted by Kato-2 - Tue 21 May 2019 16:08
Syphadeus
This is getting really silly now and it's not at all funny. What are MS playing at? Their software quality control appears to be non-existent. They keep on pushing out updates that break lots of things and they keep saying sorry. At what point does “sorry” stop cutting the mustard? If they were actually sorry they would put controls in place to reduce occurrences but instead the problem is getting worse as time goes by.

It's not MS fault, AV software performs deep hooks into the system, AV vendors didn't bother to respond quickly enough in updating it, MS informs partner companies about series threats.

A lot of AV software is just outright bad doing more harm than good.
Posted by Output - Tue 21 May 2019 18:58
I haven't seen any problem whatsoever here, using ESET.
Posted by Tabbykatze - Tue 21 May 2019 19:31
Kato-2
It's not MS fault, AV software performs deep hooks into the system, AV vendors didn't bother to respond quickly enough in updating it, MS informs partner companies about series threats.

A lot of AV software is just outright bad doing more harm than good.

This comment is the height of ignorance. Those hooks are to prevent exploits and other malicious holes in Microsoft and Hardware security. You really think that something as complex as the AVs of today can be modified and updated in a couple of weeks, jesus H.

Microsoft is very reputable over the last 18 months on releasing to market updates that haven't been tested properly just generally and with its partners. Two major updates were pulled because of this carp.