[German]The KB4480970 (Monthly Rollup) and KB4480960 (Security only) updates were released by Microsoft on January 8, 2018 for Windows 7 SP1 and Windows Server 2008 R2 SP1. The updates seem to cause serious network issues for some people. Network shares can no longer be achieved via SMBv2 in certain environments. Here are details and a probably a fix.
Advertising
I thought I'd put the subject in a separate blog post. Maybe there will be a solution. Or Microsoft improves.
What is Update KB4480970 doing?
Last night Microsoft released the update KB4480970 (Monthly Quality Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1). his fixes several security vulnerabilities, including a remote execution vulnerability in PowerShell. Furthermore, Windows is to be hardened against various side channel attacks.
Windows 7 SP1 and Windows Server 2008 R2 SP1 should therefore be patched quickly because of the vulnerabilities (especially PowerShell). I covered the update in Patchday: Updates for Windows 7/8.1/Server Jan. 8, 2019.
Microsoft mentioned, that after installing this update, network controllers (NICs) stop working – and provided a workaround to fix this issue. See KB4480970 for details.
Also security only update KB4480960 addresses the same vulnerabilities. But for this update Microsoft writes, that there are no known issues – although this update is also causing the share-issue – see below.
Shares not accessible
Afer I released my German blog post Patchday: Updates für Windows 7/8.1/Server 8. Jan. 2019 I received several comments from administrators, reporting, that after installing KB4480970, network shares could not be accessed anymore.
Advertising
#1: For one of our customers who do not yet participate in patch management ("save costs"), the installation of the KB4480970 could not achieve network shares on other clients. Was/is this also the case for others?
#2: KB4480970 has caused us communication problems with SQL servers at various customers today (strangely, even the fileshare could not be reached partially, if it was on a server with SQL installation). Uninstallation fixed the problem.
#3: We use RDP to access RemotePC from our thin clients, after installing the update KB4480970 this was no longer possible. Only the deinstallation helped. Can / Could somebody still reproduce this or found a way to fix the bug. We do not want to leave such a security update uninstalled.
So there seems to be an issue with KB4480970 and network shares (via SMBv2). You can uninstall the update, then the problem is gone. But a security update with remote execution vulnerability fix should be installed somehow. First I thought, that the security-only update didn't cause this issue – but I got now feedback, that there is the same behavior. So the 'workaround': Installing KB4480960 didn't help. Also reinstalling the NIC won't cure that issue.
Analysis: SMBv2 issue and Workaround
Whilst I wrote the German edition of this blog post, German blog reader Andi left a comment (thanks for that) with a link to German site administrator.de, where he posted some analysis. Here are the analysis for my English readers:
Andy wrote that the updates KB4480960 and KB4480970 are affected. After his analysis, there is no SMB2 connection to a Windows 7/Server 2008 R2 SP2 share anymore. The reason is a STATUS_INVALID_HANDLE error when negotiating the SMBv2 connection.
Meanwhile Andi has published a workaround on administrator.de. The problem: Those updates are applying some restrictions know for administrative shares to all shares. Andri wrote:
If the Windows 7 user accesses a share, and he is an administrator on the remote system, this should work on the W7 that hosts the share (elevated cmd):
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /fAfterwards you have to reboot the system
The registry entry sets above, are discussed within this article from Microsoft. Maybe you can give feedback if that helped.
Warning: The above registry 'hack' is just a quick fix. But keep in mind, that this is lowering security – your client has 'admin credentials' on shares (bad, if malware nooping your network). So keep this registry change in mind – after Microsoft has released a fix, reset the LocalAccountTokenFilterPolicy to 0.
Addendum: There are also SMBv1 connections are affected (used by scanners pushing scans to network shares for instance). And it seems that those updates also affecting KMS activation on Windows 7 clients, see Update KB971033/KB4480960/KB4480970 bricks Windows 7 Genuine (0xc004f200).
Addendum 2: Microsoft has now informed us, that the KMS activation issue has nothing to do with KB4480960/KB4480970 – it was just coincidence. And Microsoft hat released a fix for the network issue (see my blog post Fix for the Windows 7 SMB network bug caused by Update KB4480970/KB4480960).
Similar articles:
Microsoft Office Patchday (January 2, 2019)
Office 2010 Updates for January 2019 has been pulled
Microsoft Security Update Summary (January 8, 2019)
Patchday: Updates for Windows 7/8.1/Server Jan. 8, 2019
Patchday Windows 10-Updates (January 8, 2019)
Advertising
Pingback: Windows 7 and Server 2008 R2 updates KB4480970 and KB4480960 causing network issues - gHacks Tech News
Pingback: Patch Tuesday updates for Win7, KB 4480970 and KB 4480960 knock out networking | Viajando Perdido
Thank you very much. I was not able to access my network share after the update but after implementing your workaround, it fixed the problem.
Thanks.
In my testing:
The Jan 2019 update also breaks NLA for RDP (it's the first issue I hit), and the workaround also addresses that.
Applying the workaround before installing the updates works / saves a step.
somebody else found this to be also working for them?
I also experienced that my W7 machine with shares was not accessable afte patching. Adding the registry entry fixed it.
Thank you so much!
Great help ! Thanks! Remote Desktop problems were also fixed!
Thanks for the post, this resolved our problem!
Fantastic – thank you for the fix – dead nuts fixed it! After googling around and finding nothing on 'The Handle is Invalid' error message when trying to access network shares, I realized I probably should google the lastest KB numbers… And here I am, thank you so much!
How do KB4480970 and KB4480960 affect VMware machines?
Thank you.
No idea, I haven't the time yet to run tests.
Yes. After this update shares on my VM do not work.
Thanks for this! Saved the day! Works perfectly. You don't even need to reboot.
Thanks! Was wondering what was going on. Glad I came across this post
As hopeful as I was that this particular fix would help me, it did not. Interestingly I was not experiencing any of the Remote Desktop issues, but all of my file shares were broken. I was forced to restore the pre-update configuration of the two machines that automatically updated in order to restore access to my file shares. I have only experienced this with shares on informal peer to peer workgroups rather than under a domain controller.
Success! I referenced "this article" link you provided so I could manually implement the registry change with the elevated cmd prompt that you noted above.
https://support.microsoft.com/en-us/help/942817/how-to-change-the-remote-uac-localaccounttokenfilterpolicy-registry-se
THANK YOU !!!
Thank you. It solved the problem of a central PC with the database not being accessible
It worked perfect on two different Windows 7 computers with same problem, that the share was unreachable and error message Invalid Handle
Pingback: SMBv2 Netzwerk Problem nach der Installation der KB4480970 und KB4480960 [Workaround] | Deskmodder.de
Thanks a lot.
The registry change did not work for me, however this did:
performed on client and 'server' machines (both running Windows 7)
1 in device manager select the network adaptor
2 right click and select scan for hardware changes
all of a sudden the shares and mapped drives appeared!
thanks to this link:
https://windowsreport.com/fix-kb4480970-bugs/
thanks!!! did help us!!!
After installing update KB4480970, it became impossible RDP connection for admin users on SRV2008 R2. Removing solves the isshue.
THANK YOU!!! Saved me hours of debugging and reverting updates!!!! Have a great day!
Microsoft definitely continues their SNAFU Windows Updates this month.
This issue bit me because I run some machines headless — and after the update: no more RDP access due to "The Local Security Authority cannot be contacted".
Thank you for the quick and easy fix – Microsoft support was no help as usual.
Thank you for your help. After applying the Windows update, several windows shares could be accessed. Your workaround saved it !
Thanks… alot.. it worked for me too as well…
This was a simple step and wow it worked… thanks … Keep it up…
Thanks! I spent hours trying to work out what was going on. Your fix worked!
Thanks… Gracias., Works., funciona ….
Thank you, the workaround resolved file share access for Win 10 and Mac OS.
Thank you. Finally found this link after 4 hours of troubleshooting
Registry fix worked for me
This patch solves the issue: http://www.catalog.update.microsoft.com/Search.aspx?q=KB4487345
Thx, I'm just in front to write another article about that – my German blog post already have had this information.
guenni:
this came out recently:
https://www.askwoody.com/2019/patch-lady-that-smb-issue-isnt-smb/
try installing KB4487345 update after installing either KB4480960 or KB4480970
https://support.microsoft.com/en-us/help/4487345/
Pingback: Windows KB4480960 & KB4480970 Updates Causing Network and License Problems | Malaysia Software Reseller | Dealer | PCWare2u
The workaround worked for me as well, reconnecting a Windows 10 machine with a Windows 7 laptop. This is on a small home network with a few mapped drives and no domain server. Thanks!
I was pulling my hair out when my network shares stopped working after 1/9/2019. After some research I found a solution in your article. I decided on the registry "hack" instead of backing out the update. Thank you so much for the information. I don't know if Microsoft will "fix" the problem but I would sure be interested in getting a "fix" for the problem so I won't be left exposed with registry "hack".
Thanks dude, after changing the registry values it worked perfectly.
Thnaks!
thanks you it worked by changing value from o to 1 in regedit – no reboot
I was cracking my head to solve this problem at the small office i work. Thanks a lot to you, you dont know how much lives (jobs) you saved uploading this post. God bless you!
shame on MS!!!
I lost a working day on this sloppy and operation-harmful update.
Result: lost time and associated cost.
Agreed – MS is one of the wealthiest companies in the world because they steal from all other small businesses and cause massive amounts of lost wages, but don't compensate anyone for it. I've been riding this train for 25 years and it is truly sad. Shame is something MS has never felt, despite their poor track record and intentional failures. Atleast we all have job security due to their continual failure.
Now access from Linux Mint 19.1 to Windows 7 shares works.
Thank you. Danke für den Tipp.
Two days wasting for searching the error on Linux Mint side :-(
thank you
Pingback: Accessing Windows 7 Shares (after January 2019 update?) | Daiyan's Blog
Right click on NAS Drive in Windows Explorer, then click Restore Previous Versions. Worked for my
After the updates and the fixes I am still loosing my drives
Loath to reformat and start again as I have a lot of stuff to reinstall
My other machines don't seem to do it (inc my Plex server), just this one
Very strange