The incident took thousands of users by surprise
Microsoft launched in recent days two software
updates that, according to reports of experts in network security, would have bricked
some Windows 7
computers by mistake.
The incident was presented after the
implementation of the security update of January 9th, identified as Microsoft Monthly
Rollup update KB4480970, in combination with the previous update, KB971033,
launched in April 2018.
The two most recent updates introduced new
security measures against the well-known Spectre and Meltdown side channel
vulnerabilities; fixed a session isolation error that affected to PowerShell
remote endpoints, as well as fixing other Windows bugs. The update corrected
the activation and validation components in Windows Activating Technologies,
helping users confirm that an original version of Windows 7 is running on their
computers.
According to experts in network security, through a publication in Reddit a user commented: “This morning we
found the news that some thousands of computers with Windows 7 reporting bugs.
After investigating the incident, we discovered that KB971033 had been
installed on these machines. Until today, having this KB installed had not been
a problem, it seems that a change in the way Microsoft’s activation servers
respond to a standard key management service that is sent to them can be
responsible for the error”.
This Key Management Service (KSM) allows users
to automatically enable Windows and Office Volume Licensing editions. Both
Microsoft updates on January 8th also refer to the unexpected flaw in a
sub-section titled “Known issues in this update”.
“After installing this update, some users
report the non-legitimate KSM activation error 0xc004f200 on Windows 7 devices”,
reported network security experts. On the other hand, Microsoft claimed though
a statement: “We are aware of this incident and we are investigating it at the
moment. We will provide an update when available”.
Through Reddit, some users commented that it
was possible to solve this drawback by eliminating the update, eliminating the
KMS cache and the PC activation data.
