Microsoft Pulls Bad Windows Update After Patch Tuesday Headaches

Microsoft released a new servicing stack update (KB5001078) after an older one caused problems for Windows users installing Patch Tuesday security updates.

Microsoft has removed a faulty servicing stack update, which was causing issues for Windows users when they tried to install last week’s Patch Tuesday security updates.

Microsoft’s servicing stack update provides fixes for the component that installs Windows updates. This particular defective update (KB4601392) applied to Windows 10 users (version 1607 for 32-bit and x64-based systems) and Windows Server 2016 users.

To address this issue, Microsoft has removed the faulty update and released a new one (KB5001078).

“There is a known issue that halts the installation progress of the February 9, 2021 security update,” said Microsoft on Friday.

Microsoft Faulty Update: A Windows Security Issue

Microsoft said that the erroneous servicing-stack update (KB4601392) froze installations for the “Cumulative Update” from the recent Windows Update. This resulted in the installation for the update halting at 24 percent.

Windows users – who reported issues – must install this new servicing stack update before installing the its recent February Patch Tuesday security update from last week.

“You must install the new servicing-stack update (SSU) KB5001078 before installing this cumulative update (LCU),” according to Microsoft. “SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes.”

How Windows Users Can Mitigate if They Already Installed KB4601392

Microsoft gave the follow mitigation advice for devices that have already installed KB4601392:

  • Users should restart their devices and then follow only steps 1, 2 and 4a from Reset Windows Update components manually.
  • They should then restart their devices again.
  • KB5001078 should now install from Windows Update when users select “check for updates” – or they can wait for it to install automatically.
  • Users should then be able to install the latest Cumulative Update from Windows Update.

For Windows users who haven’t applied the previous update, the new update “is available through Windows Update,” said Microsoft. “It will be downloaded and installed automatically.”

To get the stand-alone package for the update, users can also go to the Microsoft Update Catalog website said Microsoft.

Patch Tuesday Security Updates: Apply Now 

Microsoft’s February Patch Tuesday from last week addressed nine critical-severity cybersecurity bugs, plus an important-rated vulnerability that is being actively exploited in the wild.

The bug tracked as CVE-2021-1732, is being actively exploited, according to Microsoft’s advisory. This underscores the need for sysadmins to quickly apply the update. This is why the faulty servicing-stack update creating an obstacle for deploying Patch Tuesday updates is an issue for companies.

“The exploitation of this vulnerability would allow an attacker to execute code in the context of the kernel and gain SYSTEM privileges, essentially giving the attacker free rein to do whatever they wanted with the compromised machine,” said Chris Hass, director of Information Security and Research at Automox, in an email.

“Because this vulnerability is already being used by attackers, patching this vulnerability is as soon as possible is absolutely crucial,” said Hass.

Is your small- to medium-sized business an easy mark for attackers?

Threatpost WEBINAR:  Save your spot for 15 Cybersecurity Gaffes SMBs Make,” a  FREE Threatpost webinar on Feb. 24 at 2 p.m. ET. Cybercriminals count on you making these mistakes, but our experts will help you lock down your small- to mid-sized business like it was a Fortune 100. Register NOW for this LIVE webinar on Wed., Feb. 24.

Suggested articles


  • Robert Benjamin on

    To be blunt, this is confusing as Hell. What checklist steps should individual Windows 10 users take to:fix this?SPECIFICALLY, what steps should we take to a. Find out the current status of their systems, including already installed patches?. b. Determine whether to remove or leave alone the most recent patches? c. Download and install the replacement patch?
  • Anonymous on

    Microsoft is a monopoly and uses it's monopoly power to distribute and sell flawed Windows 10 software with impunity
  • J on

    Windows 10 is what happens when you get rid of your QA department. This is a lesson to us all, especially software teams trying to emulate what Microsoft has done...
  • Brett Tiernan on

    I have a Home Tower w/Win10, does this patch apply to me? I tried to run the standalone patch but it said "This patch does not apply to your computer"? Is that correct?
  • jim on

    This shouldn't affect normal home users as this is a really old version of Windows 10 that is only used for certain applications. There are a lot of Server 2016 installs in the world but no one will be running Windows Server at home unless they are a geek.
  • bob on

  • Anonymous on

    Access Denied, cant run anything as admin or install any program, or even run some
  • Marie on

    What should be done if a Lenovo Laptop does not turn on after these updates were installed? how to fix the laptop? i have a dead screen. that is too bad. I believe Windows has to pay for the repair. we tried all tools to make the laptop wake up , the ON key blinks for few second s but the laptopnever starts up.
  • Sandra on

    I installed new windows update, yesterday, Feb 25. Now when I click on power then sleeps, it takes forever for laptot to "sleep" screen immediately turns off but system goes on for 5mins or so. Like it tries to "sleep". Usually takes just seconds for my laptop to "sleep". What to do?
  • Microsoft-Betatester on

    This caused a lot of problems during our patchday via sccm. Shame, Shame, Shame > Microsoft. I thought they would integrated the servicing stack updates into the CU updates?
  • Brad Martin on

    Good recovery procedure, thank you for the thorough description. Worth mentioning: the rename of catroot2 has to be done as you are stopping the Crypto service because it opens files in that folder and it turns itself right back on even if you disable it. My process: I renamed the folders and manually installed the KB 5001078 (which I had previously downloaded) then undisabled the services, rebooted once more and started updates normally.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.