[German]Administrators and users should be careful about installing the out-of-band update KB4539602 on Windows 7 SP1 or on Windows Server 2008 R2. If the SHA-2 update KB4474419, dated September 2019, is missing, the machine will not boot after the update installation.
Advertising
Update KB4539602 fixes desktop bug
The security updates KB4534310 (Monthly Quality Rollup) and KB4534314 (Security-only update) for Windows 7 SP1 and Windows Server 2008 R2 SP1 that were released on January 14, 2020 caused some users to end up with a black desktop background.
The reason is that a stretched background image may display a black desktop. This is a direct result of the Windows updates in question.
Microsoft has therefore released a fix for the bug for Windows 7 SP1 and Windows Server 2008 R2 with update KB4539602 (and KB4539601) as of February 7, 2020. Update KB4539602 is an unscheduled standalone update that must be downloaded from the Microsoft Update Catalog and installed manually. Update KB4539601 is the Preview of Monthly Rollup, which will be released as a regular security update (possibly under a new KB number) on February 11, 2020.
Reports about boot issues
I had mentioned in the blog post Windows 7: Update KB4539601 / KB4539602 fixes black Desktop some requirements that must be met befor installing update KB4539602. If that's ignored, the machine will become non bootable.
Advertising
Windows Server 2008 Servers Don't Boot After KB4539602 Update – by @sergheihttps://t.co/KrerwQkIxk
— BleepingComputer (@BleepinComputer) February 10, 2020
Through the above tweet from Bleeping Computer I have become aware that update KB4539602 may cause boot problems. Already during the installation of updates in January 2020 there was this thread on reddit.com, where users reported boot problems in connection with the update installation. With the update, old startup files were deleted (exchanged with newer SHA-2 signed files), so that the machines did not boot anymore.
In this reddit.com post a user reports boot problems after installing the update KB4539602.
Check with your clients who have or are running Windows Server 2008. There is a windows update that is deleting boot file for windows. It was released after they had announced end of support for Server 2008 & Windows 7.
Microsoft update KB4539602
Microsoft released the update to fix issues with the Background but its causing more harm than its supposed to do. Yesterday (9th-feb) one of our clients [bank] we had an issue of the same on 3 Avaya servers running windows server 2008.
However, the specification 'Windows Server 2008' is not correct, it must be Windows Server 2008 R2', because only this server will receive the update. Other users have also reported boot problems. One command:
dism.exe /image:D:\ /cleanup-image /revertpendingaction
(where D: must contain an installation image) rolls back the update not completed for installation and fixes the error.
Missing SHA-2 support as root cause
Within this post it is pointed out that the update KB4474419 (support for SHA-2 code signing) is mandatory, otherwise exactly the described boot problems will occur. That means: First install the above update and let the machine reboot. After that, update KB4539602 can be installed.
The background is that the updates roll out new startup files winload.efi and winload.exe, which require SHA-2 support. If the update is missing, the files cannot be loaded at boot time. A workaround is therefore to copy the old versions of these files from a backup or an unpatched installation to the striked Windows machine when a boot problem occurs.
