August Patch Tuesday updates introduced a major problem for some Windows 7 PCs. Microsoft confirmed that the Norton and Symantec antivirus products deleted the updates during the installation process. This situation resulted in startup issues for Windows Server 2008 R2 and Windows 7 systems.
It was a widespread problem that forced Microsoft to place an upgrade for affected devices. According to Microsoft, the SHA-2 migration was the main cause that triggered the issue. The Redmond giant made some changes to the way the company signed the updates. Starting this month’s Patch Tuesday updates, the company is using SHA-2 encryption method to sign the patches.
It was not a sudden change, Microsoft announced the plans back in November 2018. However, it seems like Symantec failed to comply with the deadline. The cybersecurity company announced that a patch will be released in the upcoming release.
Symantec has now confirmed that the problem has been resolved and no such issues would be reported in future updates.
Symantec has completed its evaluation of the impact of this update and future updates to Windows 7/Windows 2008 R2 and has determined that there is no increased risk of a false positive detection for all in-field versions of Symantec Endpoint Protection. Microsoft KB4512506/KB4512486 and future updates can be safely installed and the soft block was removed on August 27th, 2019.
Furthermore, Microsoft has also lifted the upgrade block for Windows 7 and Windows 2008 R2 devices on August 27th, 2019. You can now install the August Monthly Rollup (KB4512506), August Security-only update (KB4512486) and Preview of Monthly Rollup (KB4512514) on your systems. Microsoft has announced the news on the Release Information site.
The safeguard hold has been removed. Symantec has completed its evaluation of the impact of this update and future updates to Windows 7/Windows 2008 R2 and has determined that there is no increased risk of a false positive detection for all in-field versions of Symantec Endpoint Protection and Norton antivirus programs.
It is worth mentioning that the SHA-2 migration is still a work in progress. The migration process will be completed with the release of September Patch Tuesday updates. Antivirus developers need to keep in mind that Windows Server 2012, Windows Server 2012 R2 and Windows 8.1 will allow SHA-2 signed updates. They should take the necessary measures to avoid such issues again. You can check out Microsoft’s support bulletin to track the updates.