Microsoft Lifts Update Block On Windows 7 With Symantec AV


Microsoft has lifted the security to prevent antivirus customers from upgrading their Windows 7 and Windows Server 2008 R2 phones from Symantec or Norton.

The added update block on August 14 was triggered by the signing of Windows updates code with SHA-2 certificates during installation on Windows 7 SP1 and Windows Server 2008 R2 SP 1 systems, which enabled Symantec and Norton AVs to stop installing Windows.

“The software may not properly identify documents that are included as Microsoft code in the update, placing the machine at danger of delay or incomplete updates,” tells Microsoft in the description of the recognized issue.

For the following updates, this change applies:

  •  KB4512514 (August Preview of Monthly Rollup),
  • KB4512486 (August Security-only update),
  • KB4512506 (August Monthly Rollup).

Symantec has released its own advisory that states:

Symantec has completed its evaluation of the impact of this update and future updates to Windows 7/Windows 2008 R2 and has determined that there is no increased risk of a false positive detection for all in-field versions of Symantec Endpoint Protection.
Microsoft KB4512506/KB4512486 and future updates can be safely installed and the soft block was removed on August 27th, 2019.

Symantec also recommends customers to upgrade to “return the customer’s capacity to collect SHA-2 data from Microsoft’s signed records:”

  • Symantec Endpoint Protection 14.2 RU1 MP1 (14.2.4814.1101) via My Symantec.
  • Symantec Endpoint Protection 14.2 RU1 (14.2.3357.1000) via Symantec Technical Support.
  • Symantec Endpoint Protection 14.2 MP1 (14.2.1057.0103) via Symantec Technical Support.

The migration to SHA-2 software is not over, as Microsoft requires Windows Server 2012, Windows 8.1, Windows Server 2012 R2 to support only SHA-2 updates signed on during Patch Tuesday, September 2019.

In a associated news, Microsoft reports that after the cumulative update KB4505903 published on July 26th 2019, Bluetoother speakers will stop connecting to Windows 10, version 1903 phones.

Redmond warned Windows 10, Enterprise and Education version 1703 users of the latest versions of the Windows on August 24, 2019 as the earlier versions come to an end on October 9.

Microsoft also began testing this week its update delivery system with the Windows 10 19H2 Build 18363.327 release rolling out into the Release Preview Ring to a tiny subset of Windows Insiders.

Credit: Bleeping computers

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.