A cybersecurity alert has been issued Friday, April 12, 2019, regarding system issues arising from Microsoft patches and Sophos endpoint protection. The most severe of these issues could lead to a system failure or hangs after rebooting following application of the update.
What It Is:
Microsoft has recently released security updates that are negatively impacting some security anti-virus vendors including certain Sophos products. These most recent security updates by Microsoft are causing some customers using Windows 7, Windows 8.1, Windows 2008 R2, and Windows 2012 to occasionally experience system fails or hangs during boot up after applying the update.
A small number of Sophos customers have reported experiencing this issue. Sophos is working very closely with Microsoft to resolve the issue. In the interim, Microsoft has introduced a temporary block to stop computers not already affected from applying the latest Windows security update. Additionally, Microsoft and Sophos have developed a workaround for impacted customers.
The good news is that the majority of Sophos customers do not seem to be affected so it is possible that during the ongoing investigation additional criteria will be added to further limit the scope of impacted customers. Until we have more information, please do not apply the latest Windows security update if you believe you may be affected. If you have already applied it, please do not reboot your computer until you have uninstalled it.
Read the notice about this issue on the Sophos Community page to learn more.
The following reference the affected Windows updates:
• https://support.microsoft.com/en-gb/help/4493467/windows-8-1-update-kb4493467 (Security-only update)
• https://support.microsoft.com/en-gb/help/4493446 (Monthly Rollup)
• https://support.microsoft.com/en-gb/help/4493448 (Security-only update)
• https://support.microsoft.com/en-gb/help/4493472/windows-7-update-kb4493472 (Monthly Rollup)
• https://support.microsoft.com/en-us/help/4493458 (Security-only update)
• https://support.microsoft.com/en-us/help/4493471/windows-server-2008-update-kb4493471 (Monthly Rollup)
• https://support.microsoft.com/en-gb/help/4493450 (Security-only update)
• https://support.microsoft.com/en-gb/help/4493451/windows-server-2012-update-kb4493451 (Monthly Rollup)
How do I know if my business is affected?
To be impacted, customers must meet all of the criteria below. If your business does not meet all of the following criteria, then your business is not impacted by this issue.
• Running Windows 7, Windows 8.1, Windows 2008 R2, or Windows 2012.
• Running any Sophos Windows endpoint or server product except Sophos Central Intercept X (Note: This does impact Intercept X Advanced and Intercept X Advanced with EDR).
• Have applied the latest Windows security update and have rebooted after the update is complete. Important note: If you have not yet rebooted, you should uninstall the latest Microsoft security update before rebooting.
What It Means:
If you, your business, or organization uses Microsoft Windows 7, Windows 8.1, Windows 2008 R2, or Windows 2012, and you are running any Sophos Windows endpoint or server product except Sophos Central Intercept X, you may be impacted by this issue.
If the above criteria applies to your business, do not install any Microsoft security updates in order to prevent a system failure or hangs during reboot. If you meet the above criteria and have already installed the Microsoft security updates but have not yet rebooted, uninstall the updates before rebooting.
Systems Affected Include:
• Systems running Windows 7, Windows 8.1, Windows 2008 R2, or Windows 2012 in conjunction with any Sophos Windows endpoint or server product other than Sophos Central Intercept X.
What To Do:
We recommend the following actions be taken:
• If you meet the above-listed criteria, do not install any Microsoft security updates.
• If you meet the above-listed criteria and have already installed the updates but have not yet rebooted, uninstall the updates before you reboot.
• Inform other users impacted by this issue and share this information with them.
Negative Consequences of Lost or Stolen Data:
The loss or theft of proprietary data can have severe impacts, particularly if the compromise becomes public and sensitive information is exposed. Possible impacts include:
• Temporary or permanent loss of sensitive or proprietary information.
• Disruption to regular operations.
• Financial losses incurred to restore systems and files.
• Potential harm to an organization’s reputation.
Should your agency or business need assistance with issues arising from Microsoft security patches in conjunction with Sophos endpoint protection, Dox can help. Please contact Dox if there is anything we can do to assist in securing your agency, business, or organization.
Thank you for your time and stay safe online.