Sophos antivirus tools. Working Windows box. Latest Patch Tuesday fixes. Pick two: ‘Puters knackered by bad combo
Unlucky Sophos antivirus users face a dilemma: either uninstall the software, or install April’s Windows security fixes. That’s because having both in place at the same time will bork their machines.
On April 9, Microsoft rolled out its usual Patch Tuesday vulnerability patches for the month. Unfortunately, Sophos customers who tried to install them on systems running Windows 7, Windows 8.1, Windows Server 2008, Server 2008 R2, Server 2012, or Server 2012 R2, with an affected antivirus present, found that when they rebooted after updating, the computers would hang and do their best impressions of unwieldy paperweights.
The issue remains, to this day, unfixed. Specifically, “Sophos Windows endpoint or server product except Sophos Central Intercept X” is affected, according to the AV vendor.
“Microsoft has temporarily blocked devices from receiving this update if the Sophos Endpoint is installed until a solution is available,” Sophos said in an advisory last week.
“If you have not yet performed the update we recommend not doing so. If you have performed the update but not yet rebooted we recommend removing the update prior to rebooting.”
It’s raining patches, Hallelujah! Microsoft and Adobe put out their latest major fixes
That means we’re now nearly two weeks after the breakdowns were first encountered. A Sophos spokesperson told The Register that the problem is still persisting. We’ve asked Microsoft for an explanation, and it says it is looking into it.
Sophos has created some workarounds that deal with the headache temporarily. Its Enterprise Console customers should have an update by now that blocks the update from borking systems, and there’s a similar fix for UTM Managed and Standalone Endpoints but these have to be updated manually.
If this article comes too late, and your PC is fscked, then there is also a recovery plan that Sophos has suggested. You’ll need to boot in safe mode, disable the Sophos code, uninstall the Windows patches, and then reboot and activate the security code again.
But that still leaves the problem of remaining unpatched. While the perils of Exploit Wednesday are somewhat overstated these days, hackers have grown adept at reverse engineering Windows patches and leaving machines unpatched is a very bad idea. ®
Sponsored: Top 5 Threat Hunting Myths
READ MORE HERE