Jump to content
Login new information ×
Login new information

Installing Windows 7 from a backup? You need a BitLocker patch right away

Karlston

By Karlston
in Software News

Recommended Posts

Karlston

Karlston

Posted
Posted

Installing Windows 7 from a backup? You need a BitLocker patch right away

Whether you’re installing Win7 from backup on bare metal or on a VM, watch out for a missing patch. On Friday, Microsoft issued a hidden advisory saying you need to run bcdboot.exe and get the SHA-2 patch KB 3133977 – a BitLocker fix – before you do anything else.

windows 7 logo on mirrors man with derby hat on dock
Getty Images / Microsoft

No doubt you recall the warning back in February that Windows 7, Server 2008 and Server 2008 R2 patches starting in July would use the SHA-2 encryption protocol. If you want to install Win7 patches issued after July, you have to get the SHA-2 translator installed.

 

A few days ago, Microsoft tossed a zinger into the FAQs down at the bottom of its SHA-2 post, 2019 SHA-2 Code Signing Support requirement for Windows and WSUS. That post now says that you have to install a seemingly unrelated patch, KB 3133977, entitled, BitLocker can't encrypt drives because of service crashes in svchost.exe process in Windows 7 or Windows Server 2008 R2.  

 

That should immediately raise your eyebrows. It’s a BitLocker fix, fer heaven’s sake, and Microsoft now says you better install that fix before you try to run a new instance of Win7 – whether you have BitLocker or not.

 

Specifically, the SHA-2 post was updated on Aug. 16 to say you can run into trouble in any of these scenarios:

  • You’re using setup to perform a clean install of Win7 using an image (perhaps created by DISM) that’s been customized with updates.
  • You’re burning an image of Win7 directly to disk without running setup.
  • You install an image with SHA-2 support, but the system won’t boot, tossing error 0xc0000428, “Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.” 

The remedies in each of those situations is a little bit different, but in general it includes installing the BitLocker fix KB 3133977 (even if you’ve hidden it!) and running the bcdboot.exe program to refresh your boot files.

 

This, buried at the bottom of a FAQ in an old KB article.

And you thought Win10 users got all the new bizarre bugs.

 

Thx @abbodi86, @PKCano

Stay up on the latest -- Win7, too -- on AskWoody.com.

 

 

 

Source: Installing Windows 7 from a backup? You need a BitLocker patch right away (Computerworld - Woody Leonhard)

Link to comment
Share on other sites
  • Replies 3
  • Views 757
  • Created
  • Last Reply
mp68terr

mp68terr

Posted
Posted
7 minutes ago, Karlston said:

Microsoft now says you better install that fix before you try to run a new instance of Win7 – whether you have BitLocker or not.

BitLocker is removed from my w7 install, what would this fix fix? Or is this BitLocker fix affecting something else than BitLocker?

Link to comment
Share on other sites
Karlston

Karlston

Posted
  • Author
Posted
29 minutes ago, mp68terr said:

BitLocker is removed from my w7 install, what would this fix fix? Or is this BitLocker fix affecting something else than BitLocker?

 

As I read the article, you need the fix only if...

 

42 minutes ago, Karlston said:

Specifically, the SHA-2 post was updated on Aug. 16 to say you can run into trouble in any of these scenarios:

  • You’re using setup to perform a clean install of Win7 using an image (perhaps created by DISM) that’s been customized with updates.
  • You’re burning an image of Win7 directly to disk without running setup.
  • You install an image with SHA-2 support, but the system won’t boot, tossing error 0xc0000428, “Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.” 

 

...or...

 

45 minutes ago, Karlston said:

BitLocker can't encrypt drives because of service crashes in svchost.exe process in Windows 7 or Windows Server 2008 R2.  

 

I suspect the fix is harmless if installed. And if you don't have Bitlocker installed, then the fix is pointless.

Link to comment
Share on other sites
mp68terr

mp68terr

Posted
Posted
2 minutes ago, Karlston said:

I suspect the fix is harmless if installed. And if you don't have Bitlocker installed, then the fix is pointless.

Thought so too.

Was wondering why the article, citing msoft, propose to install the fix even if BitLocker is not there.
Let's see what crazy stuff will be proposed when w7 EOL will be for real 😅

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...