Microsoft pulls security update after reports of issues affecting some PCs

A standalone security update released as part of the February Patch Tuesday cycle has created headaches for some owners of PCs running Windows 10. After investigating reports of those issues, Microsoft has yanked KB4524244 from its update servers.

stop-windows-update.jpg

Update 16-Feb-2020: The mess gets messier: Judging from a series of cryptic tweets by security experts, this update and its revocation are tied to a situation involving Kaspersky Rescue Disk and a signed bootloader that can circumvent the Secure Boot feature that is the bedrock of security on modern PCs.

As near as I can figure out, based on those tweets and some additional digging, the problem is related to a vulnerability reported in April 2019 that allows "signed Kaspersky Rescue Disk files [to achieve] a silent boot of any untrusted .efi files with Secure Boot enabled." That's a major security flaw.

As a Kaspersky FAQ notes, the Rescue Disk issue was fixed last August, but the older Rescue Disk remained available for misuse.

The fix is to add those Kaspersky keys to the UEFI Revocation List File, which is jointly managed by Microsoft and the UEFI Forum. This file in turn updates the Secure Boot Forbidden Signature Database, dbx. Apparently, that update caused havoc with the HP utility referenced in this post. If you installed the two updates described in this post and didn't encounter any issues, you've successfully blocked those Kaspersky UEFI keys from being misused. If you did encounter issues, you should uninstall the update and await a revised version.

The original post follows: 

Microsoft has removed a standalone security update from its Windows Update servers and enterprise update channels after acknowledging reports of "an issue affecting a sub-set of devices." The company says it's "working on an improved version of this update in coordination with our partners and will release it in a future update."

The security update, KB4524244, was released on February 11, 2020, as part of the normal Patch Tuesday release cycle, and was targeted for all Windows 10 versions via Windows Update. It was intended to address a security vulnerability affecting third-party Unified Extensible Firmware Interface (UEFI) boot managers. A second, related update, KB4502496, which addresses the same issue for Windows 8.x and Windows 10 version 1507, has also been pulled.

In its documentation for the KB4524244 update, Microsoft says its engineers have confirmed at least two known issues:

  • You might encounter issues trying to install or after installing KB4524244.
  • Using the "Reset this PC" feature, also called "Push Button Reset" or PBR, might fail. You might restart into recovery with "Choose an option" at the top of the screen with various options or you might restart to desktop and receive the error "There was a problem resetting your PC."

In the documentation for KB4502496, Microsoft reports that customers "might encounter issues trying to install or after installing [the update]."

According to reports from users on Microsoft's support forums, some users encountered problems restarting after the update attempted to install, while others were signed in using a temporary user profile.

In a separate set of reports, owners of HP PCs with AMD Ryzen PCs reported issues with Sure Start Secure Boot Key Protection enabled. A Reddit thread includes more HP-specific reports.

An update to the KB article documenting this update notes that Microsoft has removed the defective patch from all supported channels:

This standalone security update has been removed due to an issue affecting a sub-set of devices. It will not be re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog. Note Removal of this standalone security update does not affect successful installation or any changes within any other February 11, 2020 security updates, including Latest Cumulative Update (LCU), Monthly Rollup or Security Only update.

Microsoft says customers who have successfully installed the update don't need to take any further steps. Those who have configured PCs to defer installation of updates by at least four days should also be unaffected.

For those who are experiencing issues related to this update, Microsoft recommends uninstalling the update.

  1. In the Windows 10 search box, type update history and then select View Your Update History.
  2. On the View Update History page, click Uninstall Updates. That action opens the Control Panel Uninstall An Update dialog box.
  3. Under the Microsoft Windows heading, select the KB4524244 entry and then click the Uninstall button (above the list of updates).

After completing those steps, restart to complete the uninstall process. Because this update has been pulled from the Windows Update servers, it's not necessary to take any additional steps to block it.