Microsoft published the security updates KB4480960 and KB4480970 on yesterday's January 2019 Patch Day for the operating systems Windows 7 SP1 and Windows Server 2008 R2 SP1.
Reports are coming in that installation of these updates may introduce networking issues. More precisely: network shares are no longer accessible using SMBv2.
The security updates, both the monthly security update and the security-only update, fix security issues in several components. Additionally, they include a new protection against Speculative Store Bypass for AMD-based computers, and disable the option to configure PowerShell remote endpoints to work with non-administrator accounts. Microsoft made the change to PowerShell remote endpoints in all supported versions of the Windows operating system.
The only known issue listed on the update page for KB4480970 is the long-standing issue that network interface controllers may stop working. The workaround, also available for months, is to install drivers for affected devices.
Both KB4480960 and KB4480970 seem to cause issues with network shares under certain circumstances. Günter Born published a detailed account on his site about the issue.
Several administrators reported networking issues after installation of KB4480970 stating that shares could not be reached after the installation of the update.
An analysis of the issue was published on the German admin website Administrator.de. The analysis confirms the network share issue and that it is caused by the installation of KB4480960 or KB4480970.
The issue is triggered only if the user attempting to make the connection is an administrator on the machine that hosts the Share. If the user is "just" a user on the device that hosts the share, the connection should be fine.
A workaround has been published to address the issue. It modifies the Windows Registry and should be run on the system that hosts the share. Note that you need to run from an elevated command prompt.
The Registry entry defines how administrator credentials are applied for remote access. A value of 1 sets the restrictions to Audit mode.
Removal of the updates resolve the issue as well but will remove the security patches on the target system that Microsoft released in January 2019.
Now You: Have you been affected by the issue?Advertisement
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.