11/22 Update below. This post was originally published on November 20
Microsoft’s billions of Windows users have been placed on high alert after the company confirmed two serious new problems with its operating systems and fixes are not yet available.
Microsoft has issued new upgrade warnings to all Windows users
All Windows Versions – Broken Installer
First, Microsoft has confirmed that a recent update released across all supported Windows versions (Windows 7, Windows 8.1, Windows 10, Windows 11 and Windows Server 2008-2022) breaks the company’s ubiquitous Microsoft Installer (MSI).
“After installing KB5007215 or later updates, Microsoft Installer (MSI) might have issues repairing or updating apps,” Microsoft explained. “Affected apps might fail to open after an update or repair has been attempted.”
This is a big deal and Microsoft states it is working on a resolution and “will provide an update in an upcoming release.” In the meantime, watch out for KB5007215. It can be removed using the following steps:
11/22 Update: Microsoft has confirmed that it has released a new version of Windows 11 to combat the installer problem. This was an urgent fix and Microsoft has acted quickly. Windows 11 Build 22000.348 has been sent to beta and release preview channels. The company added the patch as an “additional fix” late into the new build.
“We fixed a known issue that might prevent apps, such as Kaspersky apps, from opening after you attempt to repair or update the apps using the Microsoft Installer (MSI),” states the Windows Insider Program Team.
Microsoft has also released a full list of the improvements in Windows 11 22000.348. There is currently no timeline on the fix being rolled out to the stable channel but, given the acceleration of the bug fix here, I would expect a relatively short wait. MSI installers are widely used on Windows and some of the affected apps include security programs (such as Kaspersky), so it will be a priority for Microsoft. As for Windows Insider program members, if you check for updates you should see the new build now.
11/24 Update: Just days after Microsoft rolled out a new Windows update to fix the problems with Microsoft Installer (MSI), a zero-day hack has now been revealed in Microsoft Windows Installer after it was publicly disclosed by security researcher Abdelhamid Naceri. Zero-day exploits are vulnerabilities which hackers have been able to attack before a fix is in place and are therefore the most critical kind of security flaw.
“Talos has already detected malware samples in the wild that are attempting to take advantage of this vulnerability,” confirmed Jaeson Schultz, Technical Leader of Cisco’s Talos Security Intelligence & Research Group.
The vulnerability bypasses a previous flaw (CVE-2021-41379), which Microsoft believed it had successfully patched last month, and enables a hacker to elevate privileges allowing them to takeover a computer and spread their attacks across the victim’s network. Moreover, the new hack applies to all the latest versions of Windows, including Windows 11, Windows 10 and Windows Server 2022.
Microsoft confirmed the new flaw telling BleepingComputer: “We are aware of the disclosure and will do what is necessary to keep our customers safe and protected.” Until then there’s little you can do with Naceri stating that “Any attempt to patch the binary directly will break Windows installer. So you better wait and see how Microsoft will screw the patch again.”
In short: sit tight, stay alert and keep your fingers crossed.
Windows 11 – Intel SST Causing Blue Screen Of Death
Publishing the data on its Windows 11 Known Issues blog (via Windows Latest), Microsoft also explains that major incompatibility issues with Intel’s ubiquitous Smart Sound Technology (SST) are causing full blown Blue Screen of Death (BSOD) errors for Windows 11 users.
“We recommend that you do not attempt to manually upgrade using the Update now button or the Media Creation Tool until this issue has been resolved,” Microsoft explained.
Breaking the issue down, Microsoft said that the flaw is particularly problematic with recent Intel SST drivers 10.29.0.5152 and 10.30.0.5152. To find if you are using the affected driver, open Device Manager > System Devices > ‘Intel® Smart Sound Technology (Intel® SST) Audio Controller’ and open the ‘Driver’ tab.
Intel SST is used by virtually all modern Intel-based PCs, so the problem has the potential to affect millions of computers around the world. Microsoft is working with Intel on a new driver to resolve the BSOD crashes but warned: “[if] an updated driver is not yet available, you will need to contact your device manufacturer (OEM) for more information.”
To Microsoft’s credit, Windows 11 has had a relatively smooth release and the company recently confirmed it plans to increase the rollout pace to Windows 10 computers. But you might just want to hold fire for now.
More On Forbes
All Windows Versions Impacted By New Zero-Day Hack, 0patch Buys Time
New Windows 10 ‘Patch Tuesday’ Update Fixes 117 Security Flaws