December 21 Update below. This post was originally published on December 20th
In November, Microsoft’s monthly Patch Tuesday security update included fixes for four Windows zero-day vulnerabilities. In December, two such zero days were part of the scheduled security update. As with all these security updates, rather than feature-modifying ones, the recommendation is to patch them as soon as possible. The US Cybersecurity and Infrastructure Agency (CISA) often requires federal agencies to update within 21 days and advises others to do so as soon as possible. However, as some Windows 10 users are discovering, the process doesn’t always go as smoothly as it should. Indeed, several users have complained that Windows 10 crashes on startup with a blue screen of death after installing the Tuesday December patch update, prompting Microsoft to issue a Windows 10 “known health issues” notification. ».
What causes Windows 10 to crash after the Patch Tuesday update?
The issue affecting some Windows 10 users involves the Human Interface Device Parsing library, hidparse.sys, which is part of the Windows operating system. It appears, Microsoft states, that for some users, with Windows installed on the C: drive, there is a mismatch between the versions of files in the system32 and systme32/drivers directories. This can cause signature validation to fail and lead to a blue screen of death crash. The affected versions of Windows appear to be limited to Windows 10 22H2, 21H2, 21H1 and 20H2.
Most users, most of the time, will never experience any problems applying the Windows Patch Tuesday security update each month. Indeed, I’ve personally had no issues and have been applying the updates since they first hit the security scene, which should give you cold comfort if you can’t boot your machine right now. You’ve probably used your phone and Google to try to find a solution, but Microsoft warns that this could be a bad idea. Marking it as important, Microsoft states: “it is not recommended to follow any other solution” than the official one given. It goes on to say that, specifically, hidparse.sys should not be deleted from the Windows\System32 folder.
Follow mitigation advice if affected, otherwise paste
Update December 21:
Ed Williams, the director (EMEA) of SpiderLabs, a group of security researchers, ethical hackers and forensics, at Trustwave offered the following advice to Windows 10 users who may be considering not patching at all as a result of this news.
“I hope the recent news about specific issues with patching does not detract from the overall message about the importance of a strong patching strategy. As a security professional with more years of experience than I care to count, I would say that patching and patching quickly is still the number one preventative measure an organization can take to ensure it remains resilient against cyber attacks. cyber and malicious threat actors. Basically, don’t throw the baby out with the bathwater.
I am not advocating that patches should be installed blindly. On the contrary, a good vulnerability management program will guide these corner cases, but they are corner cases and should be treated as such.
We have a wealth of data that supports the importance of fixing and fixing quickly. my advice, follow the instructions if you are affected. Otherwise, patch.”
What is the official mitigation advice from Microsoft?
While Microsoft says it’s working on providing a further update that will fix the problem, in the meantime, there’s a fairly monotonous mitigation path you can follow. This involves first invoking the Windows Recovery Environment (WinRE) gods. It may be that when it crashes, your computer will boot into WinRE anyway, but if not, then you’ll need to be able to hold shift while restarting Windows to get there. If that fails, see Microsoft’s guide to getting into WinRE for more advice.
From here, you’ll need to select “Troubleshoot” followed by “Start Recovery” and “Advanced Options” and then “Command Prompt”. Yeah, you really have to dig into a command line for that, sorry. Once the command prompt windows opens and it may ask you to login with your password before it appears, you need to run the following command, assuming Windows is installed in C:\windows:
xcopy C:\windows\system32\drivers\hidparse.sys C:\windows\system32\hidparse.sys
Wait until you get the command prompt back, then type: exit
Select Continue and Windows should now start normally.
Of course, we should also remember that there are many other issues that can cause a Windows 10 system to crash with a blue screen of death, apart from the current hidparse.sys issue. If your PC problem started right after the latest Patch Tuesday security update, follow the mitigation tips above, as this is almost certainly to blame. However, if blue screens appear unrelated, there is a helpful guide to various causes and how to fix them on the TechCult website.