Security vendor releases fixes for botched updates

Apr 15, 2019 11:59 GMT  ·  By

The April 2019 Patch Tuesday rollout has been one adventurous rollercoaster ride for Windows 7 and 8.1 users, as the monthly rollups published by Microsoft rendered some systems completely unusable after the update.

Basically, according to a number of users and Microsoft (who has already acknowledged the problems), Windows 7 and 8.1 devices where the latest monthly rollups were installed might no longer boot or become unresponsive if they are running antivirus products from Sophos, Avira, and Avast.

Microsoft has already blocked these devices from getting the updates, but, needless to say, many users rushed to install them when they landed on Windows Update, only to later notice their devices were no longer able to boot.

Right now, the problem is said to be caused on Windows 7 and Windows 8.1 by the April 2019 monthly rollups and their associated security-only updates:  

KB4493472 Windows 7 April 2019 monthly rollup
KB4493448 Windows 7 April 2019 security-only update
KB4493467 Windows 8.1 April 2019 monthly rollup
KB4493446 Windows 8.1 April 2019 security-only update.
  Avast says it has already detected that the issues impacted Avast for Business, Avast CloudCare, and AVG Business Edition after users installed the updates mentioned above.

On April 12, Avast published micro-updates to resolve the issues for the following antivirus engine versions:  

19.3: completed
19.4: completed
18.8: completed
18.7: completed
This means that if you install the latest updates from Avast, everything should work correctly and the device should now boot normally as before the Windows updates.

However, how are you supposed to install these Avast updates if the device is no longer able to boot? Here’s what you are recommended to do.

First and foremost, you need to boot your machine and let it in standby for approximately 15 minutes. Even if it doesn’t boot, the Avast emergency updater should run in the background and receive the new micro-updates. In other words, you won’t see any progress on the update, but Avast says 15 minutes is enough for the process to come to an end successfully.

Because the update runs on system context and not on the user, you don’t have to log in to the device to begin the process, so everything performs on the device without any user input. This also helps deal with malware that boots at system startup, and as it turns out, it comes in handy when botched updates are being delivered.

More troublesome is a system configuration that relies on a proxy server configured in the antivirus. If the same proxy settings aren’t set up in Windows itself, but only in Avast, the aforementioned trick won’t work simply because the security software won’t be able to connect to the server and retrieve the update.

On the other hand, if the same proxy settings are used in both Windows and Avast, the updating task should run normally in the background.

If you’re using a proxy server in Avast and not in Windows, the workaround comes down to removing the botched update from Safe Mode. You can read more information about the recommended steps here.

You can also attempt the advanced troubleshooting steps that Windows provides, but no matter the solution, you still need to remove the latest monthly rollup from the device. When the device can boot again to the desktop, connect Avast to the Internet and let it download the most recent updates. At this point, it should retrieve the patch.

While Avast has already resolved the issue, Sophos and Avira are currently working on similar patches, and they are expected to be published in the coming days for Windows 7 and 8.1 users.