A bad antivirus update released by security company Symantec for its Endpoint Protection solution has caused havoc on Windows, causing fatal crashes and pushing devices into an infinite reboot loop.
The culprit appears to be an update shipped by Symantec on October 14, which according to users on reddit, and later acknowledged by Symantec itself, caused a Blue Screen of Death error on Windows devices.
By the looks of things, all Windows versions have been impacted, including here client and server systems. Windows 7, 8.1, and 10 have all been hit by BSODs after the bad definitions were deployed.
“After running LiveUpdate on Symantec Endpoint Protection (SEP), the computer crashes indicating IDSvix86.sys/IDSvia64.sys as the cause of the exception,” Symantec explains, adding that the problem occurs after the LiveUpdate module downloads the Intrusion Prevention signature sequence 2019/10/14 r61.
The error that users see in the BSOD is BAD_POOL_CALLER (c2) or KERNEL_MODE_HEAP_CORRUPTION (13A).
Fix already available for customers
Symantec recommends customers to install the latest definitions to resolve the bug, albeit in some cases, doing this is impossible as the systems crash before the update is installed. A manual update is recommended in this regard, but the bad definitions can also be removed from Safe Mode.
“Please run LiveUpdate to download latest Intrusion Prevention signature 2019/10/14 r62, or rollback to an earlier known good content revision to prevent the BSOD situation,” Symantec says.
While at this point it’s not yet known how many devices were hit by the problem, users reporting on reddit claim that many of the systems in their fleets ended up with the Blue Screen of Death after the update.
“At least 50 servers randomly rebooting every 20 min,” one reddit user explained. “We have this too. Over 10,000 affected systems. I’ll be pouring one out for our Tier 1/Tier 2 support teams,” another one added.
Devices running other versions of Symantec security software are not affected.