• (20+ Machines) Windows Fails to Boot after 19045.4353 (KB5036979)

    Home » Forums » AskWoody support » Windows » Windows 10 » Windows 10 version 22H2 » (20+ Machines) Windows Fails to Boot after 19045.4353 (KB5036979)

    Author
    Topic
    EvilWizard
    AskWoody Lounger
    April 26, 2024 at 11:42 am #2664251

    Hello, long time reader, first time poster.

    Our fleet of laptops and desktops here at the Hospital recently updated to KB5036979 and it is causing HAVOC.

    After updating, the affected machines Bluescreen and then boot into Windows Recovery Environment after a reboot. Safe Mode is not possible. Utilities find that the Windows Installation is not accessible. Dump logs provide no clues – it won’t even create a crash dump log.

    “Uninstall Updates” results in “ran into some problems trying to uninstall”.

    At this point we have 20+ machines with this issue and have halted all windows updates.

    Has anyone else had this issue and/or know a fix, other than reimaging the whole machine?

    1 user thanked author for this post.
    Rob Kay
    Reply | Quote
    Viewing 15 reply threads
    Author
    Replies
    • Susan Bradley
      Manager
      April 26, 2024 at 11:44 am #2664271

      KB5036979 is a preview update.  What in the world is a hospital doing releasing preview updates to production machines?

      Let me research as that just came out on the 23rd.  You may have to reimage.

      Susan Bradley Patch Lady/Prudent patcher

      5 users thanked author for this post.
      Terry.M, Kathy Stevens, PL1, Alex5723, Microfix
      Reply | Quote
    • Susan Bradley
      Manager
      April 26, 2024 at 12:39 pm #2664294

      I’m not seeing anything reported nor anything trending as the dead bodies haven’t washed up yet (congrats you are the first).  What brand are these?  Have they had their bios updated in light of the fact that these updates include secure boot fixes.  Did these machines have the April update of the 9th installed already?

      Do you have a support contract with Microsoft otherwise I would strongly recommend reporting this in the feedback app and I’ll post on the patch management forum to get more eyeballs.

      Susan Bradley Patch Lady/Prudent patcher

      2 users thanked author for this post.
      Kathy Stevens, EvilWizard
      Reply | Quote
      • EvilWizard
        AskWoody Lounger
        April 26, 2024 at 1:35 pm #2664311

        The affected machines are Dell Latitude laptops mostly, some Lenovo Thinkpads too.

        Am checking now to see if the BlackLotus fix was implemented.

        We are hooking in Microsoft contacts to inquire about the issue.

        Thank you for your responses thus far!

        Reply | Quote
        • Ken Collins
          Guest
          May 2, 2024 at 3:20 pm #2666762

          I have a Toshiba laptop (purchased 2016) that also downloaded it and tried to install it.
          2024-04 Cumulative Update Preview for Windows 10 Version 22H2 for x64-based Systems (KB5036979)
          “Optional Quality Update”
          “We couldn’t install this update, but you can try again. (0x80070057)
          Edition Windows 10 Home
          Version 22H2
          Installed on ‎3/‎16/‎2024 (Fresh reinstall after format)
          OS build 19045.4291
          Experience Windows Feature Experience Pack 1000.19056.1000.0

          Device name DESKTOP-MB0841G
          Processor Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz 2.59 GHz
          Installed RAM 8.00 GB (7.82 GB usable)
          Device ID Removed
          Product ID Removed
          System type 64-bit operating system, x64-based processor
          Pen and touch No pen or touch input is available for this display

          Reply | Quote
          • Paul T
            AskWoody MVP
            May 7, 2024 at 12:28 am #2668528

            Anything called a “preview” should not be installed.

            Your post is a bit of a thread hijack, even though it is the same KB. Please open a new thread if you need more help with this.

            cheers, Paul

            Reply | Quote
    • EvilWizard
      AskWoody Lounger
      April 26, 2024 at 2:06 pm #2664335

      One of the affected machines is giving a STOP/bugfix/kernel panic/guru meditation of 0xc0000098 indicating a BCD problem.

      Reply | Quote
      • Susan Bradley
        Manager
        April 26, 2024 at 2:22 pm #2664338

        That’s pointing to a corrupted BCD file.  Short fix is to reimage and start over.  Longer fix is to investigate/ask of these devices were part of some other boot edit/recovery partition patching program that would triggered this side effect?

        https://www.winhelponline.com/blog/bcd-0xc0000098-error-boot/

        I can test on my home Win10’s tonight.

        Susan Bradley Patch Lady/Prudent patcher

        2 users thanked author for this post.
        windbg, PL1
        Reply | Quote
        • Susan Bradley
          Manager
          April 28, 2024 at 11:00 pm #2665210

          Apologies – forgot to post back.  I installed this on my Home Windows 10 with no issues.

          Susan Bradley Patch Lady/Prudent patcher

          Reply | Quote
    • OldGuyForum
      AskWoody Lounger
      April 26, 2024 at 7:05 pm #2664389

      Try the following…on ONE affected computer.

      Use a working computer and create bootable Windows 10 installation media on a USB flash drive.

      Create Bootable USB Flash Drive to Install Windows 10

      Boot the computer from the installation media.

      Click Next on the first screen.

      On the second (Install) screen, select Repair your computer at the bottom left.

      Select Troubleshoot.

      Select Uninstall Updates.

      Select Uninstall latest quality update and follow the instructions.

       

      2 users thanked author for this post.
      windbg, Kathy Stevens
      Reply | Quote
      • EvilWizard
        AskWoody Lounger
        April 29, 2024 at 8:17 am #2665360

        Back at it today. Over the weekend the 2nd Team had no luck and began reimaging computers.

        Root cause still unknown.

        When attempting to Uninstall Updates, we receive an error saying “Unable to complete operation.”

        System restore also not working.

        Truly baffled by this issue. We have begun reimaging the fleet. Strangely, some computers that received the update had no issues. Of the 24 machines that received the update, 21 went into this unrecoverable state, but 3 have no issues. Some of the ones with no issues are the same model as the ones with issues.

        Reply | Quote
        • Alex5723
          AskWoody Plus
          April 29, 2024 at 12:35 pm #2665420
          EvilWizard wrote:

          Back at it today. Over the weekend the 2nd Team had no luck and began reimaging computers

          Send a bill for wasted men hours to Microsoft.

          Reply | Quote
        • Susan Bradley
          Manager
          April 29, 2024 at 1:02 pm #2665428

          That’s always very frustrating.  Clearly SOMETHING is different but there’s no obvious log files/evidence as to what the root cause is.

          Susan Bradley Patch Lady/Prudent patcher

          Reply | Quote
    • Zig
      AskWoody Plus
      April 29, 2024 at 12:37 pm #2665422

      Sexist — just ask Susan.

      Zig

      Reply | Quote
    • MountMassive
      AskWoody Lounger
      May 1, 2024 at 11:40 am #2666168

      All,

      We found this while searching for this issue on the web.

      We now have 100+ computers in our company dead just like this. We do not allow quality updates to come through our asset management tool so it’s very mysterious how these updates came through.

      We still have not found proof that this update is causing it. Of course, the dead computers don’t show the list of updates anymore.

      However, we were able to replicate this issue by deleting the HKLM/BCD00000000 folder in the registry editor.

      Sorry if I typed a lot of random pieces of info here, but we are still bleeding. More computers are going down and we have no idea how to stop this.

      Reply | Quote
      • Susan Bradley
        Manager
        May 1, 2024 at 11:49 am #2666211

        Were you doing any other routine regarding (https://support.microsoft.com/en-us/topic/kb5025885-how-to-manage-the-windows-boot-manager-revocations-for-secure-boot-changes-associated-with-cve-2023-24932-41a975df-beb2-40c1-99a3-b3ff139f832d) .  Do you know if any other script or process was being done recently regarding that?

        This update does include :

        “This update includes quarterly changes to the Windows Kernel Vulnerable Driver Blocklist file, DriverSiPolicy.p7b. It adds to the list of drivers that are at risk for Bring Your Own Vulnerable Driver (BYOVD) attacks.

         

        Susan Bradley Patch Lady/Prudent patcher

        1 user thanked author for this post.
        windbg
        Reply | Quote
        • MountMassive
          AskWoody Lounger
          May 1, 2024 at 2:48 pm #2666247

          Thanks for your reply, Susan.

          We were not doing routine patching that could have involved the KB you mentioned.

          We looked for the KBKB5036979, and some of our devices seem to show that. However, these are the devices that were newly built and were out of network when being built. The Group Policy to stop auto updates only comes after they are domain-joined.

          The machines that went down were never removed from the GP or domain, so we can’t comprehend how they could have gotten the patch in question here.

          More devices continue to die. Most of the ones that are going down are on 19045.4170
          and 19045.4291. We have one outlier, which is a Windows 11 machine.

          Is there any way to reach out to MS about this? Can this be a zero-day they don’t yet know about? The fact that two companies are experiencing the same exact problem tells me that there may be more out there.

           

          Reply | Quote
          • Susan Bradley
            Manager
            May 1, 2024 at 3:02 pm #2666250

            Here is what they always tell me:

            1. Post feedback in the Windows feedback app
            2. Open a support case

            Here is what I will do is post on the “social” locations.

            If you have a reddit account, post there, I will post over on patchmanagement.org and a few other locations to see if we can get some traction.

            My spidey sense feels that it’s not a patch.  If feels like there’s some bios/firmware taking these out.

            Let’s get more info:

            1. What brand of computer?
            2. Specs?
            3. Bios level (if known)
            4. Are you controlling the bios updates or is there a OEM software that can/may push out a bios update?

            Susan Bradley Patch Lady/Prudent patcher

            Reply | Quote
            • Susan Bradley
              Manager
              May 1, 2024 at 3:06 pm #2666251

              The build numbers of the computers are both March updates and April updates.  Is there any other “date” forensics you can do on the files to see when they were touched and what last changed?  Anyone on your team dabble with forensics?  If you had the time/energy and extra resources I would pull a drive, stick it in an external enclosure/mount and poke around the date files and see if you can see a pattern?

              Susan Bradley Patch Lady/Prudent patcher

              Reply | Quote
          • Susan Bradley
            Manager
            May 1, 2024 at 3:32 pm #2666277

            Do you have cyber insurance?  They cover “bricking” loss.  You may want to reach out to them to see if they have resources as well?

            Susan Bradley Patch Lady/Prudent patcher

            Reply | Quote
    • OldGuyForum
      AskWoody Lounger
      May 1, 2024 at 3:45 pm #2666280
      MountMassive wrote:

      The fact that two companies are experiencing the same exact problem tells me that there may be more out there.

      However, one company (the hospital) installed the KB, while yours did not.

      Has there been any unusual activity in the logs?

       

       

       

      Reply | Quote
    • Andy
      Guest
      May 2, 2024 at 12:41 am #2666366

      Try running this command from the recovery CMD it worked for me:

      BCDBoot C:\windows

      [Moderator edit] removed html

      Reply | Quote
    • OldGuyForum
      AskWoody Lounger
      May 2, 2024 at 3:01 am #2666530
      Andy wrote:

      Try running this command from the recovery CMD it worked for me: BCDBoot C:\windows

      Note that the drive letter may not be C: in the recovery/repair environment.

      You would need to run diskpart then list vol to find the correct letter.

      BCDBoot Command-Line Options

       

      Reply | Quote
    • EvilWizard
      AskWoody Lounger
      May 6, 2024 at 9:30 am #2668185

      Update: The current theory we are working with after successfully replicating the issue is that the Windows Update is interacting with a proprietary software update from ManageEngine.

      We were able to mitigate the issue by disabling ManageEngine on a reimaged machine. The issue did not recur.

      We are working with ManageEngine to figure out how to work around the issue. It appears to be a ManageEngine update that, when applied alongside 19045.4353 causes a change in the BCD registry key that then causes the OS to fail to load.

      Recommend others facing this issue try disabling ManageEngine and/or looking into possible third party software that may be interacting with the patch in bad ways.

      Root Issue does not appear to be Microsoft’s fault.

      3 users thanked author for this post.
      Susan Bradley, lmacri, windbg
      Reply | Quote
      • Brad
        Guest
        May 8, 2024 at 10:31 am #2669471

        @EvilWizard, thank you for the update! Can you be more specific about ManageEngine? Which product do you have installed that you disabled? They have a lot of products.

        Reply | Quote
    • MountMassive
      AskWoody Lounger
      May 13, 2024 at 5:43 pm #2671118

      @EvilWizard, can you please tell us which ManageEngibne product you use? Is it the AD Self-Service Portal? Or is it Endpoint Central?

      I am sure you have reached out to ManageEngine about it. Have they replied to you? Have they given you any solutions yet?

      I hope your issue is resolved since you have not replied to this thread.

      Our issue continues. We see a few computers die every day. There is no rhyme or reason for this issue.

      We would greatly appreciate it if you could share anything about this issue.

      Reply | Quote
    • WilcoFarmers
      Guest
      May 14, 2024 at 12:52 pm #2671426

      Wanted to confirm we are experiencing this on Windows 11 Dell Latitude Laptops and Desktops. Definitely a BCD issue. Have not been able to resurrect one yet. Started about 3 weeks ago and luckily only 5 workstations affected out of 700. We use ManageEngine Vulnerability Manager Plus for patch management.

      Reply | Quote
    • PL1
      AskWoody Lounger
      May 15, 2024 at 12:35 am #2671635

      I just wanted to chime in here. I too have a machine that goes into “Preparing Automatic Repair” when I try to update with KB5036979 (or todays updates). Then it goes to the blue troubleshooting screen.

      I did a lot of troubleshooting and the one thing that is different on this install vs my other install (dual-booting in the same machine) is that this one is an upgrade from WIN7 to WIN10. The clean install of WIN10 on the same computer has upgraded with no problems.

      Fortunately I have a good backup, so some of the things I have tried include using a different drive, manual installing KB5036979, trying a BCDBoot repair with Macrium Reflect and running an over-the-top repair installation with a Windows Recovery USB Drive (which freezes at 68% every time). Once the update wants to reboot, it only gets to 15% and then boots to the automatic repair screen.

      Everything I have tried has failed at this point, so I have paused all updates.

      My machine is a homemade I7-6700K 6th gen with a GIGABYTE GA-B250M-DS3H LGA1151 Motherboard and an SSD drive.

      prepare

      Choose

      Reply | Quote
    • PL1
      AskWoody Lounger
      May 15, 2024 at 9:21 am #2671788
      Paul T wrote:

      Have you tried an “install over the top“?

      cheers, Paul

      It still hangs at 68%, same result as when I used the USB upgrade method.

      Reply | Quote
    • PL1
      AskWoody Lounger
      May 15, 2024 at 1:18 pm #2671832
      Susan Bradley wrote:

      That’s pointing to a corrupted BCD file.  Short fix is to reimage and start over.  Longer fix is to investigate/ask of these devices were part of some other boot edit/recovery partition patching program that would triggered this side effect?

      Susan Bradley wrote:

      Have you done the usual sfc /scannow and dism repair commands?  It sounds more like corruption on the disk.

      Yes, plus I used another SSD disk as a test. I actually think this is the BCD thing you mentioned above, but this OS has given me problems in the past (like some apps not loading), which is why I previously clean installed WIN10. I was only keeping this Win7-to-Win10 upgrade available for some applications that have licenses I can’t transfer. But at this point, I’m just going to leave it as is.

      Reply | Quote
    • Mandy
      Guest
      May 25, 2024 at 3:50 pm #2675070

      This KB5036979 crap has messed up our Win 10. There s/b an easy way to just hit Uninstall # so and so instead of making us go into areas of win we are not skilled in.
      Idiots!

      1 user thanked author for this post.
      PL1
      Reply | Quote
    Viewing 15 reply threads
    Reply To: (20+ Machines) Windows Fails to Boot after 19045.4353 (KB5036979)

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information:




DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    March 2025
    S M T W T F S
     1
    2345678
    9101112131415
    16171819202122
    23242526272829
    3031  

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.