Network Security, Patch/Configuration Management, Vulnerability Management

Microsoft updates brick Windows 7 devices

Microsoft Corp. this Tuesday released two software updates that reportedly rendered some Windows 7-based machines useless by mistake.

The problem springs from the implementation of Microsoft's Jan. 8, 2019, security-only update KB4480960 or Monthly Rollup update KB4480970, in combination with older update KB971033, whose previous iteration dates back to April 2018.

The two more recent updates introduced new protections against the Spectre and Meltdown side-channel vulnerabilities, fixed a session isolation bug affecting PowerShell remote endpoints, and patched various other Windows offerings. The other, KB971033, updated the activation and validation components found in Windows Activation Technologies, which help users confirm they are running a genuine version of Windows 7 on their computers. 

A Jan. 9 post and subsequent thread on Reddit's sysadmin forum addressed the error. "Woke up this morning to find a few thousand Windows 7 VDI machines reporting that Windows 7 wasn't genuine," the sysadmin's original post said. "After much troubleshooting we found that KB971033 (should not have been installed in a KMS environment in the first place) was installed on these machines. Until today having this KB installed hasn't been an issue, it appears a change to how Microsoft's activation servers respond to a standard KMS key being sent to them may be to blame."

KSM stands for Microsoft's Key Management Service, which allows users to automatically activate volume license editions of Windows and Office.

Both Microsoft Jan. 8 updates also reference the unexpected glitch in a subsection titled "Known issues in this update."

"After installing this update, some users are reporting the KSM Activation error, 'Not Genuine', 0xc004f200 on Windows 7 devices," the company advisory said. "We are aware of this incident and are presently investigating it. We will provide an update when available."

In the Reddit post, the sysadmin said that one way users can resolve the issue is by "removing the update, deleting the KMS cache and activation data from the PCs and re-activating against KMS."

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.