Microsoft ups the ante with fix-fixing patch that leaves some Windows Server 2008 machines unable to boot
She applied the fix to fix the fix... I don't know why she did the apply. Perhaps it'll die
Updated Like a needy ex-partner that just won't let go, Microsoft's legacy OSes continue to cling to the Windows behemoth's ankles. Windows Server 2008 and Windows 7 have once again been bashed with the borkage bat.
The fix-fixing fix (KB4539602) was unleashed at the end of last week, and some administrators have kicked off a deployment.
It has not gone well.
While Microsoft's support article for KB4539602 insists the company is "currently not aware of any issues that affect this update" it does suggest that users check out the prerequisites before going ahead with it.
In a nutshell, users must have the 23 September 2019 (or later) SHA-2 update installed as well as the servicing stack update from 12 March 2019 or later, before they unleash the fix. And naturally you'll need to reboot after these updates. Because, hey, everyone loves rebooting a server, right?
We asked Microsoft why the update process allowed the patch to be installed without automatically checking the documented prerequisites, but have yet to receive a response. We've also asked if a further fix will be issued or formal workaround published.
We'll update this article should the company respond.
In the meantime, if you need to install this update then please take a careful look at the support documentation and make sure those prerequisites are in place before hitting the Go button.
And maybe, just maybe, it might be time to put those old beige boxes out to pasture once and for all. Free support ended last month and Microsoft clearly would like customers to move on. ®
Updated to add
It seems the rub is caused by administrators applying SHA-2-signed updates without SHA-2-signing support fully installed. Microsoft switched to SHA-2-only signatures starting April 2019, and now it's all flaring up with users. A spokesperson for the Windows giant told us:
We investigated and determined that some users encountered issues after attempting to deploy SHA-2 signed updates without fully deploying the latest SHA-2 enablement packages. For more information and step-by-step guidance, please refer to our support article.