Microsoft updates brick Windows 7 devices

News by Bradley Barth

Microsoft Corp. this Tuesday released two software updates that reportedly rendered some Windows 7-based machines useless by mistake.

Microsoft Corp. this Tuesday released two software updates that reportedly rendered some Windows 7-based machines useless by mistake.

The problem springs from the implementation of Microsoft’s 8 January, 2019, security-only update KB4480960 or Monthly Rollup update KB4480970, in combination with older update KB971033, whose previous iteration dates back to April 2018.

The two more recent updates introduced new protections against the Spectre and Meltdown side-channel vulnerabilities, fixed a session isolation bug affecting PowerShell remote endpoints, and patched various other Windows offerings. The other, KB971033, updated the activation and validation components found in Windows Activation Technologies, which help users confirm they are running a genuine version of Windows 7 on their computers. 

A 9 January post and subsequent thread on Reddit’s sysadmin forum addressed the error. "Woke up this morning to find a few thousand Windows 7 VDI machines reporting that Windows 7 wasn’t genuine," the sysadmin’s original post said. "After much troubleshooting we found that KB971033 (should not have been installed in a KMS environment in the first place) was installed on these machines. Until today having this KB installed hasn’t been an issue, it appears a change to how Microsoft’s activation servers respond to a standard KMS key being sent to them may be to blame."

KSM stands for Microsoft’s Key Management Service, which allows users to automatically activate volume license editions of Windows and Office.

Both Microsoft 8 January updates also reference the unexpected glitch in a subsection titled "Known issues in this update."

"After installing this update, some users are reporting the KSM Activation error, ‘Not Genuine’, 0xc004f200 on Windows 7 devices," the company advisory said. "We are aware of this incident and are presently investigating it. We will provide an update when available."

In the Reddit post, the sysadmin said that one way users can resolve the issue is by "removing the update, deleting the KMS cache and activation data from the PCs and re-activating against KMS."

This article was originally published on SC Media US.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events