Yesterday Microsoft have deployed a new, as every month, set of updates to improve stability and increase security of our systems but also fix bugs and add new features to the table.
In the recent past Microsoft have already deployed (and then fixed) some updates with their fair share of issues and bugs (let's see the Office 2010 and 2013 suites).
The Windows 7 KB4480970 is one of those updates that will bring a lot of pain on multiple Windows 7 and Windows Server 2008 (and probably 2008 R2) systems. This is the first Patch Tuesday of 2019 and is all about security. The update should brings a series of very useful security improvements that you can read more about in the following changelog (reported here):
- Provides protections against an additional subclass of speculative execution side-channel vulnerability known as Speculative Store Bypass (CVE-2018-3639) for AMD-based computers. These protections aren’t enabled by default. For Windows client (IT pro) guidance, follow the instructions in KB4073119. For Windows Server guidance, follow the instructions in KB4072698. Use these guidance documents to enable mitigations for Speculative Store Bypass (CVE-2018-3639). Additionally, use the mitigations that have already been released for Spectre Variant 2 (CVE-2017-5715) and Meltdown (CVE-2017-5754).
- Addresses a security vulnerability in session isolation that affects PowerShell remote endpoints. By default, PowerShell remoting only works with administrator accounts, but can be configured to work with non-administrator accounts. Starting with this release, you cannot configure PowerShell remote endpoints to work with non-administrator accounts. When attempting to use a non-administrator account, the following error will appear: "New-PSSession: [computerName] Connecting to remote server localhost failed with the following error message: The WSMan service could not launch a host process to process the given request. Make sure the WSMan provider host server and proxy are properly registered."
- Security updates to Windows Kernel, Windows Storage and Filesystems, Windows Wireless Networking, and the Microsoft JET Database Engine.
At the same time, KB4480970 also causes severe network issues (not only on AMD systems as stated on Microsoft website, but also Intel based systems) and Windows Server 2008 problems; this patch could also triggers invalid handle errors.
Block on your WSUS systems the patch KB4480970 and/or decline it immediately for you Windows 7 computers group, or completely for all the infrastructure.
Windows 7 KB4480970 Bugs
The following are additional KB4480970 issues reported by users and sysadmins.
The network drive doesn’t work and many users are getting error 0x80070035.
You coudl encounter a problem to connect the network drive to a share in the network and this during the installation of the latest Windows update: the Security Update KB4480970.
Everything will work again after the uninstallation of the update KB4480970 (09/01/2019).
SMBv2 Folder Sharing does not work
Here’s a description for this problem:
After installing KB4480970 on a Windows 7 system hosting a SMBv2 share it could not be connected to anymore.
Even in this case, after deinstalling the update it was working again.
As you can see, in both cases, uninstalling the patch fixed the problem.
Database Errors (SQL Server)
If you regularly work with databases (SQL Server), you might want to skip this update.
After installing in Windows 10 the KB4480116, applications, for example, developed in Visual Studio 2010 that interacts with Microsoft Access 97 database MDB will raise an error like "Unknown database format".
The same problem will raise on Windows 7 systems after the KB4480970 installation.
These are some of the most common issues affecting the latest Windows 7 Patch Tuesday update regarding KB4480970.
If the KB4480970 has already been installed on Windows 7 systems and/or Windows Server 2008 servers, we can undo this by using the following command to instruct Windows to remove the specified update from the system (remember that if you are using WSUS internally it is recommended to block it by declining it on management interface on WSUS server):
wusa /uninstall /kb:4480970
wusa /uninstall /kb:4480970 /quiet