Windows 10 20H2-22H2: Update KB5021233 from 13. Dec. 2022 causes BlueScreen

Posted on 2022-12-19 by guenni

Windows[English]The security updates released on Dec. 13, 2022, are causing serious issues for some users. The .NET framework updates cause issues with graphics printing (I've addressed it within my German blog post .Net Update vom 13. Dez. 2022 verursacht Druckprobleme bei DATEV-Briefköpfen mit Grafiken). And cumulative update KB5021233 for Windows 10 22H2, I have numerous reports of BlueScreens occurring. Microsoft has just confirmed that all Windows 10 20H2 – 22Hx versions are affected and explains the cause along with advice on how to fix the problem.

Advertising

Update KB5021233 for Windows 10 22H2

Cumulative update KB5021233 is available for Windows 10 variants from (20H2) 21H1 to 22H2 that are still in support, and it contains security fixes – though Microsoft doesn't provide details. The list of improvements can be read in the blog post Windows 10 20H2-22H2 Preview Update KB5020030 (Nov. 15, 2022), as the preview update will, after all, be included in the regular security update on the following month's patchday. The only fix that Microsoft mentions in a problem in the camera app. The app no longer works without the fix when the storage space is low.

Users report BlueScreens

Shortly after the release of the cumulative update KB5021233, German user Birgit reported a blue screen under  Windows 10 22H2 within this comment (here is the translation):

Problems after KB5021233 on Windows 10 22H2 with bluescreen known? HW: HP Omen 870-260nz

Could have been an isolated case, but German blog reader Christian M. confirmed in this comment that in his corporate environment several machines running Windows 10 22H2 are affected by the BlueScreen triggered by update KB5021233. Here is his translated comment.

Have had 3 systems today where a bluescreen came up and Windows wouldn't boot. Could only be fixed by the system restore.

I'm curious how many failures there will be in the next few days in our company :-(

I had put it on my "watch list", and then came across another post by Susan Bradley on the patchmanagement.org mailing list that also mentions the problem:

Seeing some BSODs reported on REDDIT

Tracking reports of blue screens of death that may be occurring on Windows 10 22H2 on Reddit threads – Cumulative Updates: December 13th, 2022 : Windows10 (reddit.com)  It's unclear at this time if this is being triggered by secure boot patch KB5012170 or with the Windows 10 22H2 patch itself.

Remember secure boot patch KB5012170 is our dear friend that has triggered systems asking for bitlocker recovery keys.

So it seems that update KB5021233 could cause a bigger problem. The reference above to the Secure Boot .dbx update KB5012170 can be ignored.

Advertising

Microsoft confirms the problem

Microsoft then posted the article You might receive an error (0xc000021a) with a blue screen in the Known Issues section of its Windows 10 22H2 Healt status area, confirming the issue.

After installing KB5021233, some Windows devices may boot with an error (0xc000021a) and a blue screen.

Microsoft explains the problem by stating that after KB5021233 is installed, there is a discrepancy between the file versions of hidparse.sys in

c:/windows/system32

and

c:/windows/system32/drivers

(drive c stands as a placeholder for the Windows install drive). This file version discrpancy can cause signature verification to fail during cleanup. The following Windows 10 client versions are affected:

  • Windows 10, version 22H2
  • Windows 10, version 21H2
  • Windows 10, version 21H1
  • Windows 10, version 20H2 (Enterprise and Education only)

However, I currently only have reports of BlueScreens on Windows 10 version 22H2. The module hidparse.sys belongs to Windows by name and has the task to analyze the HID entries (hardware ID entries) in the registry to identify the devices. The stop code 0xc000021a means that the associated system process was terminated unexpectedly (STATUS_SYSTEM_PROCESS_TERMINATED).

Note: Some German users told me, the file isn't stored in the Windows filter system32. I can confirm this on my (still unpatched) Windows 10 22H2 test system. There is the file located unter system32/drivers and system32/driverstore. I don't understand, why Microsoft didn't address this and why the file need to be copied according to the workaround given below from Microsoft.

Workarounds for the issue

In the comments here on the blog, German user Birgit solved the issue by uninstalling the update in safe mode, while Christian M. used the system restore feature to roll back. However, this is not really an option for security reasons.

However, Microsoft has published a fix as a workaround, where you manually copy the drivers in the Windows PE environment command prompt to force the same revision level.

1. First is to call the Windows recovery environment. If this does not happen automatically (should happen after 3 times unsuccessful booting with power off), you can try the hints here.

2. In the Recovery Environment (blue page with tiles), select the Troubleshooting button, then Start Recovery, Troubleshoot and Diagnostic Tools. Then go to the Advanced Options button and then select the Command Prompt option.

3. If necessary, wait for the reboot and log in to the device to run the following command at the command prompt.

The following command copies the updated driver file to the Windows system32 folder so that the versions match.

xcopy C:\windows\system32\drivers\hidparse.sys C:\windows\system32\hidparse.sys

After that, you can type exit as a command and let Windows 10 restart. After that, the system should work again. However, administrators who need to fix a larger number of clients will need a different approach that performs this copy operation during system startup. Microsoft does not want to fix the problem until one of the next updates. However, preview updates will not be available in December 2022 because of the Christmas holidays.

Similar articles:
Windows 10 20H2-22H2 Preview Update KB5020030 (Nov. 15, 2022)
Microsoft Security Update Summary (December 13, 2022)
Patchday: Windows 10-Updates (December 13, 2022)
Patchday: Windows 11/Server 2022-Updates (December 13, 2022)
Windows 7/Server 2008 R2; Windows 8.1/Server 2012 R2: Updates (December 13, 2022)
Patchday: Microsoft Office Updates (December 13, 2022)
Windows 11 22H2: Secure Boot DBX Update KB5012170 (Dez. 2022)
Confirmed: Secure Boot DBX Update KB5012170 causes installation trouble (Error 0x800F0922)
Windows Server 2019/2022: December 2022 security updates cause Hyper-V issues

Cookies helps to fund this blog: Cookie settings
Advertising

This entry was posted in issue, Update, Windows and tagged , , , , . Bookmark the permalink.

One Response to Windows 10 20H2-22H2: Update KB5021233 from 13. Dec. 2022 causes BlueScreen

  1. Zap Brannigan says:
    2022-12-20 at 10:10

    running sfc /scannnow with admin rights under safe mode cmd has fixed it for me

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *