Network issues with updates KB4480970 and KB4480960

Windows Update[German]The KB4480970 (Monthly Rollup) and KB4480960 (Security only) updates were released by Microsoft on January 8, 2018 for Windows 7 SP1 and Windows Server 2008 R2 SP1. The updates seem to cause serious network issues for some people. Network shares can no longer be achieved via SMBv2 in certain environments. Here are details and a probably a fix.


Advertising


I thought I’d put the subject in a separate blog post. Maybe there will be a solution. Or Microsoft improves.

What is Update KB4480970 doing?

Last night Microsoft released the update KB4480970 (Monthly Quality Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1). his fixes several security vulnerabilities, including a remote execution vulnerability in PowerShell. Furthermore, Windows is to be hardened against various side channel attacks.

Windows 7 SP1 and Windows Server 2008 R2 SP1 should therefore be patched quickly because of the vulnerabilities (especially PowerShell). I covered the update in Patchday: Updates for Windows 7/8.1/Server Jan. 8, 2019.

Microsoft mentioned, that after installing this update, network controllers (NICs) stop working – and provided a workaround to fix this issue. See KB4480970 for details.

Also security only update KB4480960 addresses the same vulnerabilities. But for this update Microsoft writes, that there are no known issues – although this update is also causing the share-issue – see below.

Shares not accessible

Afer I released my German blog post Patchday: Updates für Windows 7/8.1/Server 8. Jan. 2019 I received several comments from administrators, reporting, that after installing KB4480970, network shares could not be accessed anymore.


Advertising

#1: For one of our customers who do not yet participate in patch management (“save costs”), the installation of the KB4480970 could not achieve network shares on other clients. Was/is this also the case for others?

#2: KB4480970 has caused us communication problems with SQL servers at various customers today (strangely, even the fileshare could not be reached partially, if it was on a server with SQL installation). Uninstallation fixed the problem.

#3: We use RDP to access RemotePC from our thin clients, after installing the update KB4480970 this was no longer possible. Only the deinstallation helped. Can / Could somebody still reproduce this or found a way to fix the bug. We do not want to leave such a security update uninstalled.

So there seems to be an issue with KB4480970 and network shares (via SMBv2). You can uninstall the update, then the problem is gone. But a security update with remote execution vulnerability fix should be installed somehow. First I thought, that the security-only update didn’t cause this issue – but I got now feedback, that there is the same behavior. So the ‘workaround’: Installing KB4480960 didn’t help. Also reinstalling the NIC won’t cure that issue.

Analysis: SMBv2 issue and Workaround

Whilst I wrote the German edition of this blog post, German blog reader Andi left a comment (thanks for that)  with a link to German site administrator.de, where he posted some analysis. Here are the analysis for my English readers:

Andy wrote that the updates KB4480960 and KB4480970 are affected. After his analysis, there is no SMB2 connection to a Windows 7/Server 2008 R2 SP2 share anymore. The reason is a STATUS_INVALID_HANDLE error when negotiating the SMBv2 connection.

Meanwhile Andi has published a workaround on administrator.de. The problem: Those updates are applying some restrictions know for administrative shares to all shares. Andri wrote:

If the Windows 7 user accesses a share, and he is an administrator on the remote system, this should work on the W7 that hosts the share (elevated cmd):

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f

Afterwards you have to reboot the system

The registry entry sets above, are discussed within this article from Microsoft. Maybe you can give feedback if that helped.

Warning: The above registry ‘hack’ is just a quick fix. But keep in mind, that this is lowering security – your client has ‘admin credentials’ on shares (bad, if malware nooping your network). So keep this registry change in mind – after Microsoft has released a fix, reset the LocalAccountTokenFilterPolicy to 0.

Addendum: There are also SMBv1 connections are affected (used by scanners pushing scans to network shares for instance). And it seems that those updates also affecting KMS activation on Windows 7 clients, see Update KB971033/KB4480960/KB4480970 bricks Windows 7 Genuine (0xc004f200).

Addendum 2: Microsoft has now informed us, that the KMS activation issue has nothing to do with KB4480960/KB4480970 – it was just coincidence. And Microsoft hat released a fix for the network issue (see my blog post Fix for the Windows 7 SMB network bug caused by Update KB4480970/KB4480960).

Similar articles:
Microsoft Office Patchday (January 2, 2019)
Office 2010 Updates for January 2019 has been pulled
Microsoft Security Update Summary (January 8, 2019)
Patchday: Updates for Windows 7/8.1/Server Jan. 8, 2019
Patchday Windows 10-Updates (January 8, 2019)


Advertising


This entry was posted in issue, Update, Windows and tagged , , , , , . Bookmark the permalink.

50 Responses to Network issues with updates KB4480970 and KB4480960

  1. Pingback: Windows 7 and Server 2008 R2 updates KB4480970 and KB4480960 causing network issues - gHacks Tech News

  2. Pingback: Patch Tuesday updates for Win7, KB 4480970 and KB 4480960 knock out networking | Viajando Perdido

  3. Mystic One says:

    Thank you very much. I was not able to access my network share after the update but after implementing your workaround, it fixed the problem.

  4. crosscompiler says:

    Thanks.

    In my testing:

    The Jan 2019 update also breaks NLA for RDP (it’s the first issue I hit), and the workaround also addresses that.

    Applying the workaround before installing the updates works / saves a step.

  5. Tobias says:

    I also experienced that my W7 machine with shares was not accessable afte patching. Adding the registry entry fixed it.

  6. Advertising

  7. Fisher says:

    Great help ! Thanks! Remote Desktop problems were also fixed!

  8. Jay says:

    Thanks for the post, this resolved our problem!

  9. JasonInOH says:

    Fantastic – thank you for the fix – dead nuts fixed it! After googling around and finding nothing on ‘The Handle is Invalid’ error message when trying to access network shares, I realized I probably should google the lastest KB numbers… And here I am, thank you so much!

  10. Ben Okusogu says:

    How do KB4480970 and KB4480960 affect VMware machines?

    Thank you.

  11. Rodrick says:

    Thanks for this! Saved the day! Works perfectly. You don’t even need to reboot.

  12. Chad says:

    Thanks! Was wondering what was going on. Glad I came across this post

  13. Neil Arnold says:

    As hopeful as I was that this particular fix would help me, it did not. Interestingly I was not experiencing any of the Remote Desktop issues, but all of my file shares were broken. I was forced to restore the pre-update configuration of the two machines that automatically updated in order to restore access to my file shares. I have only experienced this with shares on informal peer to peer workgroups rather than under a domain controller.

  14. Jill Kolodin says:

    Success! I referenced “this article” link you provided so I could manually implement the registry change with the elevated cmd prompt that you noted above.

    https://support.microsoft.com/en-us/help/942817/how-to-change-the-remote-uac-localaccounttokenfilterpolicy-registry-se
    THANK YOU !!!

  15. Rita van Kalmthout-Hense says:

    Thank you. It solved the problem of a central PC with the database not being accessible

  16. Christer says:

    It worked perfect on two different Windows 7 computers with same problem, that the share was unreachable and error message Invalid Handle

  17. Pingback: SMBv2 Netzwerk Problem nach der Installation der KB4480970 und KB4480960 [Workaround] | Deskmodder.de

  18. Turgut Terlemez says:

    Thanks a lot.

  19. John McCombe says:

    The registry change did not work for me, however this did:

    performed on client and ‘server’ machines (both running Windows 7)

    1 in device manager select the network adaptor
    2 right click and select scan for hardware changes

    all of a sudden the shares and mapped drives appeared!

    thanks to this link:
    https://windowsreport.com/fix-kb4480970-bugs/

  20. Martin Nigg says:

    thanks!!! did help us!!!

  21. Dmitry says:

    After installing update KB4480970, it became impossible RDP connection for admin users on SRV2008 R2. Removing solves the isshue.

  22. Yan says:

    THANK YOU!!! Saved me hours of debugging and reverting updates!!!! Have a great day!

  23. Moonchild says:

    Microsoft definitely continues their SNAFU Windows Updates this month.
    This issue bit me because I run some machines headless — and after the update: no more RDP access due to “The Local Security Authority cannot be contacted”.

    Thank you for the quick and easy fix – Microsoft support was no help as usual.

  24. Dimitris B says:

    Thank you for your help. After applying the Windows update, several windows shares could be accessed. Your workaround saved it !

  25. Sachin says:

    Thanks… alot.. it worked for me too as well…

    This was a simple step and wow it worked… thanks … Keep it up…

  26. Jules says:

    Thanks! I spent hours trying to work out what was going on. Your fix worked!

  27. Ever says:

    Thanks… Gracias., Works., funciona ….

  28. J Admin says:

    Thank you, the workaround resolved file share access for Win 10 and Mac OS.

  29. James says:

    Thank you. Finally found this link after 4 hours of troubleshooting

  30. Mike says:

    Registry fix worked for me

    • guenni says:

      Thx, I’m just in front to write another article about that – my German blog post already have had this information.

  31. EP says:

    guenni:

    this came out recently:
    https://www.askwoody.com/2019/patch-lady-that-smb-issue-isnt-smb/

    try installing KB4487345 update after installing either KB4480960 or KB4480970
    https://support.microsoft.com/en-us/help/4487345/

  32. Pingback: Windows KB4480960 & KB4480970 Updates Causing Network and License Problems | Malaysia Software Reseller | Dealer | PCWare2u

  33. Al Airone says:

    The workaround worked for me as well, reconnecting a Windows 10 machine with a Windows 7 laptop. This is on a small home network with a few mapped drives and no domain server. Thanks!

  34. George Mercier says:

    I was pulling my hair out when my network shares stopped working after 1/9/2019. After some research I found a solution in your article. I decided on the registry “hack” instead of backing out the update. Thank you so much for the information. I don’t know if Microsoft will “fix” the problem but I would sure be interested in getting a “fix” for the problem so I won’t be left exposed with registry “hack”.

  35. Ahmed Rasheed says:

    Thanks dude, after changing the registry values it worked perfectly.

  36. Ivan says:

    Thnaks!

  37. phunky D says:

    thanks you it worked by changing value from o to 1 in regedit – no reboot

  38. Salo90S says:

    I was cracking my head to solve this problem at the small office i work. Thanks a lot to you, you dont know how much lives (jobs) you saved uploading this post. God bless you!

  39. marjan J says:

    shame on MS!!!
    I lost a working day on this sloppy and operation-harmful update.
    Result: lost time and associated cost.

    • Anon says:

      Agreed – MS is one of the wealthiest companies in the world because they steal from all other small businesses and cause massive amounts of lost wages, but don’t compensate anyone for it. I’ve been riding this train for 25 years and it is truly sad. Shame is something MS has never felt, despite their poor track record and intentional failures. Atleast we all have job security due to their continual failure.

  40. Jens says:

    Now access from Linux Mint 19.1 to Windows 7 shares works.
    Thank you. Danke für den Tipp.
    Two days wasting for searching the error on Linux Mint side :-(

  41. Vinh Phan says:

    thank you

  42. Pingback: Accessing Windows 7 Shares (after January 2019 update?) | Daiyan's Blog

  43. Gargaza says:

    Right click on NAS Drive in Windows Explorer, then click Restore Previous Versions. Worked for my

  44. ronald mallett says:

    After the updates and the fixes I am still loosing my drives

    Loath to reformat and start again as I have a lot of stuff to reinstall

    My other machines don’t seem to do it (inc my Plex server), just this one

    Very strange

Leave a Reply to JasonInOH Cancel reply

Your email address will not be published. Required fields are marked *