Microsoft Pulls Bad Windows Update After Patch Issue

2021-02-16T16:47:36
ID THREATPOST:FFC3DB875D4337781CF78C0D4B39F0E0
Type threatpost
Reporter Lindsey O'Donnell
Modified 2021-02-16T16:47:36

Description

Microsoft has removed a faulty servicing stack update, which was causing issues for Windows users when they tried to install last week’s Patch Tuesday security updates.

Microsoft’s servicing stack update provides fixes for the component that installs Windows updates. This particular defective update (KB4601392) applied to Windows 10 users (version 1607 for 32-bit and x64-based systems) and Windows Server 2016 users.

To address this issue, Microsoft has removed the faulty update and released a new one (KB5001078).

“There is a known issue that halts the installation progress of the February 9, 2021 security update,” said Microsoft on Friday.

Microsoft Faulty Update: A Windows Security Issue

Microsoft said that the erroneous servicing-stack update (KB4601392) froze installations for the “Cumulative Update” from the recent Windows Update. This resulted in the installation for the update halting at 24 percent.

Windows users – who reported issues – must install this new servicing stack update before installing the its recent February Patch Tuesday security update from last week.

“You must install the new servicing-stack update (SSU) KB5001078 before installing this cumulative update (LCU),” according to Microsoft. “SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes.”

How Windows Users Can Mitigate if They Already Installed KB4601392

Microsoft gave the follow mitigation advice for devices that have already installed KB4601392:

  • Users should restart their devices and then follow only steps 1, 2 and 4a from Reset Windows Update components manually.
  • They should then restart their devices again.
  • KB5001078 should now install from Windows Update when users select “check for updates” – or they can wait for it to install automatically.
  • Users should then be able to install the latest Cumulative Update from Windows Update.

For Windows users who haven’t applied the previous update, the new update “is available through Windows Update,” said Microsoft. “It will be downloaded and installed automatically.”

To get the stand-alone package for the update, users can also go to the Microsoft Update Catalog website said Microsoft.

Patch Tuesday Security Updates: Apply Now

Microsoft’s February Patch Tuesday from last week addressed nine critical-severity cybersecurity bugs, plus an important-rated vulnerability that is being actively exploited in the wild.

The bug tracked as CVE-2021-1732, is being actively exploited, according to Microsoft’s advisory. This underscores the need for sysadmins to quickly apply the update. This is why the faulty servicing-stack update creating an obstacle for deploying Patch Tuesday updates is an issue for companies.

“The exploitation of this vulnerability would allow an attacker to execute code in the context of the kernel and gain SYSTEM privileges, essentially giving the attacker free rein to do whatever they wanted with the compromised machine,” said Chris Hass, director of Information Security and Research at Automox, in an email.

“Because this vulnerability is already being used by attackers, patching this vulnerability is as soon as possible is absolutely crucial,” said Hass.

Is your small- to medium-sized business an easy mark for attackers?

Threatpost WEBINAR:* _ Save your spot for __“_15 Cybersecurity Gaffes SMBs Make,” a FREE Threatpost webinar on Feb. 24 at 2 p.m. ET._ Cybercriminals count on you making these mistakes, but our experts will help you lock down your small- to mid-sized business like it was a Fortune 100. Register NOW for this **_LIVE *webinar on Wed., Feb. 24.