Windows 7 and Server 2008 R2 updates KB4480970 and KB4480960 causing network issues
Microsoft published the security updates KB4480960 and KB4480970 on yesterday's January 2019 Patch Day for the operating systems Windows 7 SP1 and Windows Server 2008 R2 SP1.
Reports are coming in that installation of these updates may introduce networking issues. More precisely: network shares are no longer accessible using SMBv2.
The security updates, both the monthly security update and the security-only update, fix security issues in several components. Additionally, they include a new protection against Speculative Store Bypass for AMD-based computers, and disable the option to configure PowerShell remote endpoints to work with non-administrator accounts. Microsoft made the change to PowerShell remote endpoints in all supported versions of the Windows operating system.
The only known issue listed on the update page forÂ KB4480970 is the long-standing issue that network interface controllers may stop working. The workaround, also available for months, is to install drivers for affected devices.
Both KB4480960 and KB4480970 seem to cause issues with network shares under certain circumstances. GÃ¼nter Born published a detailed account on his site about the issue.
Several administrators reported networking issues after installation of KB4480970 stating that shares could not be reached after the installation of the update.
An analysis of the issue was published on the German admin website Administrator.de. The analysis confirms the network share issue and that it is caused by the installation of KB4480960 or KB4480970.
The issue is triggered only if the user attempting to make the connection is an administrator on the machine that hosts the Share. If the user is "just" a user on the device that hosts the share, the connection should be fine.
A workaround has been published to address the issue. It modifies the Windows Registry and should be run on the system that hosts the share. Note that you need to run from an elevated command prompt.
- reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f
- Reboot the PC.
The Registry entry defines how administrator credentials are applied for remote access. A value of 1 sets the restrictions to Audit mode.
Removal of the updates resolve the issue as well but will remove the security patches on the target system that Microsoft released in January 2019.
Now You: Have you been affected by the issue?Advertisement