Microsoft Confirms Another Antivirus Issue in Windows Update KB4493472

[The AchieVer]

Microsoft Confirms Another Antivirus Issue in Windows Update KB4493472 

 

Microsoft has just confirmed that McAfee security products are also impacted by a bug in Windows 7 monthly rollup KB4493472.

 

Previously, the company said that devices running Avast, ArcaBit, Sophos, and Avira antivirus software failed to start or became unresponsive after installing the April 2019 monthly rollup for Windows 7.

In an updated KB page, Microsoft says that systems with McAfee Endpoint Security Threat Prevention and McAfee Host Intrusion Prevention installed could also experience issues when trying to boot after installing the monthly rollup.

“Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update,” Microsoft explains.Windows 10 also affected?The software giant says it’s currently working with McAfee on investigating the issue and links to additional support articles for McAfee Security (ENS) Threat Prevention 10.x and McAfee Host Intrusion Prevention (Host IPS) 8.0.

While McAfee confirms that devices running its software could experience slow boot times or degraded performance, the company also indicates that Windows 8.1 and Windows 10 devices could be impacted in addition to Windows 7.

“Changes in the Windows April 2019 update for Client Server Runtime Subsystem (CSRSS) introduced a potential deadlock with ENS,” McAfee says. “McAfee is investigating this issue and will resolve it in a future update. A Proof of Concept (POC) build to test a fix is currently available. Escalate a Service Request to Technical Support to obtain the POC.”

The workaround, according to the McAfee, is to “disable any access protection rule that protects a service.”

There’s no ETA as to when a fix could land. The next Patch Tuesday update cycle takes place on May 14.

 

 

Source

[The AchieVer]

Microsoft’s Latest Patch Hoses Some Antivirus Software

 

McAfee, Sophos and Avast are among the antivirus software suites impacted. 

 

Microsoft’s April 9 security update is bogging down systems running antivirus software packages made by McAfee, Avast, ArcaBit, Avira and Sophos.

 

According to Microsoft, the company’s April Patch Tuesday security update is causing some systems to have slow startup times, sluggish performance or become completely unresponsive. For days now, Microsoft has been adding more antivirus titles to those impacted by the bug.

 

Those antivirus titles affected are: Sophos Endpoint and Sophos Enterprise Console, Avira antivirus software, ArcaBit antivirus software, Avast and McAfee Security Threat Prevention 10.x & McAfee Host Intrusion Prevention 8.0.

 

McAfee is the latest antivirus vendor to issue a warning to its customers. On Thursday it said Microsoft’s security update is causing affected systems to boot up slowly and run slowly.

 

“McAfee is investigating this issue and will resolve it in a future update,” McAfee wrote.

 

Earlier this week, Sophos sent a note to customers explaining, “After installing certain Microsoft Windows updates… Sophos has received reports of computers failing to boot. Sophos is actively investigating this issue and will update this article when more information is available.”

 

Sophos notes those running Sophos Intercept X are not affected by this issue.

 

It’s unclear what the root cause of the issue is. Microsoft describes symptoms tied a bug introduced with the April security update impacting the Kerberos implementation in several versions of Windows. Kerberos is a key authentication protocol that’s used in a huge number of open-source and commercial products.

 

Microsoft is offering a technical workaround with options such as purging the Kerberos tickets on affected systems, restarting the Internet Information Services app pool and use “constrained delegation”.

 

“Microsoft is working on a resolution and will provide an update in an upcoming release,” according to Microsoft’s support page for the issue.

 

According to McAfee and Avast, both suggest the problem are tied to a change Microsoft made to the Windows Client-Server Runtime Subsystem (csrss.exe). The CSRSS is a vital part of Windows, responsible for the user mode side of Win32 subsystem driving console windows and the shutdown process, according to a description.

 

“Changes in the Windows April 2019 update for Client Server Runtime Subsystem (CSRSS) introduced a potential deadlock with ENS,” McAfee wrote.

 

 

Source