Microsoft April Updates Cause Issues for Some Users
Microsoft has come under fire over the past year for the quality of its biannual feature updates for Windows 10. To help improve quality, Microsoft announced recently that it would be delaying the release of Windows 10 19H1, which was originally expected to drop late March or early April, to sometime at the end of May while it tested the update with OEMs, users in the Release Preview ring, and internally at Microsoft. The update is now officially called the Windows 10 May 2019 Update. For more information on these changes, see Microsoft’s Making Significant Changes to Windows Updates and Feature Rollouts for Windows 10 on Petri.
But it appears that feature updates aren’t Microsoft’s only quality issue. This month has seen Windows 7 and Windows Server 2008 R2 users experience issues with some third-party antivirus products and a security issue caused by applications using unconstrained delegation. Windows 10 users haven’t been left out either, with some reporting serious performance issues after the update when third-party AV is installed.
Windows 7 and Windows Server 2008 R2
After installing this month’s monthly rollup for Windows 7 SP1 and Windows Server 2008 R2 (KB4493472), some users are reporting that after rebooting, they are unable to log in to their systems. This affects users that have Sophos Endpoint Antivirus, Avira, ArcaBit, or Avast software installed. Microsoft announced that it is now blocking KB4493472 for devices running these products until it finds a solution.
Another issue being reported is that authentication fails for services that require unconstrained delegation after the Kerberos ticket expires. You might see this manifest itself in the SQL Server service failing. Microsoft has published a few workarounds which involve changing to constrained delegation, restarting the affected application, or purging Kerberos tickets on the application server. For more information on both issues affecting KB4493472, take a look at Microsoft’s website here.
The antivirus issues don’t seem to be limited to Windows 7. Some users have been reporting that their machines run slowly after this month’s cumulative update (KB4493509) if they have a third-party antivirus solution installed. Users on Reddit said that Windows 10 slowed down with Avira because Windows Defender was also scanning files in real-time. When you install a third-party antivirus solution in Windows, Defender should automatically be disabled. But after the April CU, it looks like Defender is still active, leading to performance issues.
Microsoft hasn’t officially acknowledged this to be an issue. However, Avira has posted an article on its website recommending users uninstall KB4493509 and that a fix will be implemented with the next product update. Another, and possibly a better solution, is to uninstall Avira and rely on Windows Defender until the issue is resolved. This month’s CU includes fixes for two zero-day elevation of privilege (EOP) flaws where the Win32k component improperly handles objects in memory, potentially allowing an attacker to run arbitrary code in kernel mode. Plus, a raft of other issues have been patched, including 8 remote code execution vulnerabilities rated critical.