News

Windows 7 File Share and Connection Problems Traced to January Patch KB4480970

• By Kurt Mackie
• 01/10/2019

Windows 7 was a notable victim of this month's "update Tuesday" security patch releases by Microsoft, according to various accounts.

Some Windows 7 environments had network sharing issues after applying the new January patches. Others reported getting their Windows 7 installations labeled as "not genuine" due to a Key Management Server (KMS) issue. The problems were chronicled in posts by Born's Tech and Windows World, a blog series focused on patch and security issues, although it's not clear how extensively Windows 7 systems were affected by these issues.

The main culprit associated with the problems appears to be January patch KB4480970, a monthly rollup patch for Windows 7 and Windows Server 2008 R2 Service Pack 1 systems. This patch was designed to address a PowerShell-remoting security flaw, as well as a speculative execution processor flaw.

Admins reported getting problems connecting to SQL Server and file shares after installing KB4480970, as well as remote access connection problems, according to this Born's Tech post. Microsoft's Knowledge Base article for KB4480970 currently includes an acknowledgment that there is an issue with network interface controllers, which may stop working after this patch is applied for Windows 7 systems. There's a workaround described for the network interface controller issue. The remote access issue is also acknowledged, and Microsoft described a workaround for it, too.

The KMS activation error that caused Windows 7 machines to be seen as not genuine is also listed as a known issue in KB4480970. It's under investigation, per Microsoft's Knowledge Base article:

We are aware of this incident and are presently investigating it. We will provide an update when available.

Early reports had suggested that an old Windows 7 update, KB971033, designed to validate Windows 7 copies, was responsible for the not-genuine problem arising. However, Microsoft confirmed that it is investigating KB4480970, as well as its security-only patch cousin, KB4480960, as the possible culprits. A post via the Patchmanagement.org list-serve forum, though, noted the problem was seen in a Windows 7 environment that did not have the January patches applied.

Those notions are chronicled in this updated Born's Tech post.

Update 1/11: This Microsoft support article, dated January 10, indicates that KB4480970 and KB4480960 are not associated with the not-genuine problem affecting some Windows 7 systems. Here's Microsoft's explanation, per the support article:

A recent update to the Microsoft Activation and Validation unintentionally caused a "not genuine" error on volume-licensed Windows 7 clients that had KB 971033 installed. The change was introduced at 10:00:00 UTC on January 8, 2019, and was reverted at 4:30:00 UTC on January 9, 2019.

Microsoft doesn't recommend having KB971033 installed if an organization is using KMS or Multiple Activation Key volume activation. KB971033 is just "targeted at consumer installs of Windows" per the support article. Organizations with the problem can check for, and remove, KB971033, but then Microsoft recommends rebuilding the "activation-related files" and reactivating the system, as described in the support article.

On another note, IT pros perhaps need to know that Microsoft introduced a "breaking change for a PowerShell remoting scenario" with an unidentified security patch this month, according to this January 9 announcement by Microsoft. The breaking change is actually a positive security move to prevent users with non-administrator accounts from creating remote sessions. Organizations can avoid the potential issue of this breaking change by always requiring the use of administrator credentials for PowerShell remote sessions.

This breaking change appears to be unrelated to the remote connection issues described above for KB4480970 and KB4480960.