Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

[Cb Response] Potential BSOD after taking latest patches on multiple Windows versions

[Cb Response] Potential BSOD after taking latest patches on multiple Windows versions

[CLOSED Aug 01, 2018 12:26 PM EDT]

 

This is the final update to this post. Microsoft patches released between July 16-18th across all active versions of Windows have resolved the BSOD issue experienced after the July 10 updates:

Screen Shot 2018-07-17 at 11.34.56 AM.png

If you are still experiencing an issue after applying the latest patches, please reach out to our Customer Support team.

 

Cb Response Team

 

[UPDATED Jul 17, 2018 7:08 PM EDT]

 

Early testing indicates that the latest set of updates released by Microsoft for all active versions of Windows (see below) has resolved the root cause of the issues experienced after the application of the initial set of patches:

 

https://www.catalog.update.microsoft.com/Search.aspx?q=2018-07 -- All active versions of Windows – Win10 1803, 1709, 1703, Win7, Win8.1, Server 2008 R2, Server 2012:

 

Screen Shot 2018-07-17 at 11.34.56 AM.png

 

We'll continue to collect feedback and test data over the next couple of days - with an update to follow if we see any change. We recommend that our customers test these latest set of updates alongside Cb Response sensor to verify for themselves and contact Carbon Black Support if they encounter any issues.

 

Cb Response Team

 

[UPDATED Jul 16, 2018 2:51 PM EDT]

 

We are working with our impacted customers and Microsoft Support for a resolution to this issue. A dump file shared with Microsoft Support in partnership with one of our customers confirmed that the endpoint was impacted due to the Known Issue referenced below. At this point, we do not have a workaround and our recommendation to hold off applying these new patches on endpoints running Cb Response remains the same.

 

Our Engineering teams and IT services are working to reproduce the issue on various configurations and we will be providing additional updates and recommendations as data becomes available. Currently we have not been able to reproduce the issue on Virtual Machines but continuing our investigation on physical laptops and workstations.

 

Cb Response Team

 

[UPDATED Jul 13, 2018 10:19 PM EDT]

 

Hello All,

 

Cb Response team is actively investigating reports from a few customers today of BSOD after applying the latest patches from Microsoft Windows on multiple OS versions (Windows 10, Server 2012 and 2016.) 

 

We are also aware of the Microsoft posts referenced below, and currently researching any specific correlation between the Microsoft update and the Cb Response Sensor.  We also have many customers who have updated to the latest Microsoft patch and are not experiencing any BSODs.

 

We recommend not applying the latest patches on endpoints running Cb Response sensor until after our investigation completes. Please follow this UeX post for further information.

 

We apologize for any inconvenience this may have caused.

 

Cb Response Product Team.

 

Microsoft posts:
https://support.microsoft.com/en-us/help/4338819/windows-10-update-kb4338819

https://support.microsoft.com/en-us/help/4338818/windows-7-update-kb4338818
https://support.microsoft.com/en-us/help/4338825/windows-10-update-kb4338825

 

pastedImage_5.png

Labels (1)
Comments

it's probably best to specify the search strings for the ms catalog

Microsoft Update Catalog (win10)

Microsoft Update Catalog  (win7) etc...

not sure if win7 is affected but seems to be listed. as well as to back-link to Anyone experiencing BSODs after taking the latest Microsoft patches

I was just about to post this link!

It's also been determined that KB 4338831 also fixes this issue: https://support.microsoft.com/en-us/help/4338831/july172018kb4338831osbuildpreviewofmonthlyrollup

Listed in the fixes is: "Addresses an issue that may cause some devices running network monitoring workloads to receive the 0xD1 Stop error because of a race condition after installing the July update."

Article Information
Author:
Creation Date:
‎07-13-2018
Views:
4807
Contributors