[German]One week after Microsoft released Windows security updates causing install issues, the situation for victims are not clear. Here’s an overview, what we know so far.
After Microsoft released security updates for Windows on April 9, 2019, reports about serious issues spread within internet forums. Some users claims freezes or slowdown from Windows 10 (see Windows 10 V1809: Slow down with Update KB4493509?), while others are facing startup and login issues.
Later on, antivirus vendors Sophos, Avast and Avira confirmed, that their products interferes with the April 2019 security updates. I’ve addressed this within my blog post AVAST and Avira confirms April 2019 Update issues. Now we are a week older, but things doesn’t become more transparent.
Microsoft’s extended known issues list
Some days after Microsoft has released the April 9, 2019 patches, the company has extended the knows issues sections of their kb articles dealing with Windows Updates. Most kb articles dealing with updates for Windows 7, Windows 8.1 and Windows 10 (and it’s server pendants) contains now the following know issues (see kb4493467 for Windows 8.1 for instance):
| Issue | Remark |
| Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing this update. | Microsoft has temporarily blocked devices from receiving this update if the Sophos Endpoint is installed until a solution is available.
Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the Sophos support article. |
| Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing this update. | Microsoft has temporarily blocked devices from receiving this update if Avira antivirus software is installed.
We are presently investigating this issue with Avira and will provide an update when available. |
| Microsoft and Avast have identified an issue on devices running Avast for Business, Avast CloudCare, and AVG Business Edition antivirus software after you install this update and restart. Devices may become unresponsive at the login or Welcome screen. Additionally, you may be unable to log in or log in after an extended period of time. | Avast has released emergency updates to address this issue. For more information and AV update schedule, see the Avast support KB article. |
The Microsoft support article for KB4493509 (April 9, 2019, cumulative update for Windows 10 V1809) contains another entry:
Microsoft and ArcaBit have identified an issue on devices with ArcaBit antivirus software installed that may cause the system to become unresponsive upon restart after installing this update.
No issues with Sophos, Avast or Avira are mentioned. ArcaBit is a polish antivirus vendor, not known to me before. Microsoft says ‘ArcaBit has released an update to address this issue.’ The know issues entry doesn’t provides details so far.
Withdrawn vendor statements
While Microsoft mentions ArcaBit has released an update, other things went odd. Within Microsoft’s support article for KB4493509 they say in the known issues section ‘For more information, see the Arcabit support article’. But the link to Arcabit’s support article isn’t to helpful. It seems, that Arcabit deleted the article – the linked page just contains a sentence in polish, that support for customers is available from 8.00 a.m. to 4 p.m. and the phone and e-mail contact data.
Also Avira decides to withdraw their first statement. While Microsoft still write within its knowledge articles:
Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing this update.
Avira is tight lipped. Within my blog post Windows 10 V1809: Slow down with Update KB4493509? I cited from a Avira knowledge base article, title Why does my system run very slow?. Within this article Avira says, that systems may be slowed down by Windows 10 V1809 update KB4493509. And they mentioned also Windows 7 Updates KB4493472 and KB4493448. Avira also confirmed, that they can reproduce this behavior, and recommended to uninstall those updates. But now, the support article has been deleted without further comments. And Microsoft doesn’t write a word about issues within it’s kb article for Windows 10 V1809 update KB4493509.
German blog readers confirmed, that there are issues with Windows April 2019 updates in conjunction with Avira antivirus solutions and Windows //10. After uninstalling either Avira or the security updates, this issues are gone. Also a comment I received for my article a German news site Heise reported similar things. On the other hand, I came across these comments to my Heise article. A user writes there:
My computer hasn’t limped since a few days ……
although I didn’t uninstall the update KB4493472, and the Avira virus scanner (under Windows 7) is still installed and active.
The extremely long boot time and the “hangs” when booting seem to have disappeared again. Four days ago it looked quite different.
One could almost think that Avira secretly did a software update …
A second user confirms this observation. Maybe sombody affected can commont on this observation. All in all not a good and transparent situation.
Updates and more details from Avast and Sophos
Sophos has the most detailed knowledge base article about these issues, released on April 15, 2019. Microsoft has temporarily blocked devices from receiving this update if the Sophos Endpoint is installed. And Sophos provides temporary solutions to overcome issues with these Windows updates. For Enterprise Console customers Sophos is performing an update that will automatically add Windows exclusions to all Anti-virus and HIPS policies in Enterprise Console. Details are given within the kb article linked above. Also Avast has begun to ship micro updates, according to this support article.
But after a week, things seems still broken and neither Microsoft nor the antivirus vendors are acting with transparent and reliable information about these issues. On the other hand, Windows security updates are intended to fix serious 0-day vulnerabilities. Imho an odd situation, or what’s your opinion?