How to prevent Windows 10 from crashing after the latest security update

December 21st update below. This post was originally published on December 20th

In November, the monthly Microsoft Patch Tuesday security update included fixes for four Windows zero-day vulnerabilities. In December, two such zero days were part of the planned security update. As with all such security updates, it is recommended that they be patched as soon as possible rather than tweaked. The US Cybersecurity and Infrastructure Agency (CISA) often requires federal agencies to update within 21 days and advises others to do so as soon as possible. However, as some Windows 10 users find, the process doesn’t always go as smoothly as it should. In fact, enough users have complained about Windows 10 crashing on startup with a blue screen of death after installing the December Patchday Update to prompt Microsoft to issue a notification about known Windows 10 health issues.

MORE FROM FORBESSecurity Expert Warns: “Update Google Chrome Now” as CISA 0Day Deadline Announced

What causes Windows 10 to crash after Patch Tuesday update?

The issue affecting some Windows 10 users affects the Human Interface Device Parsing Library, hidparse.sys, which is part of the Windows operating system. It seems, according to Microsoft, that when Windows is installed on the C: drive, some users experience a discrepancy between the file versions in the system32 and systme32/drivers directories. This can result in a signature validation failure and a blue screen of death crash. Affected Windows versions appear to be limited to Windows 10 22H2, 21H2, 21H1 and 20H2.

Most users will mostly never face any problems if they apply the Windows Patch Tuesday security update every month. In fact, I personally haven’t encountered any issues, and I’ve been applying the updates since they first arrived on the security scene, which will be cold comfort if you can’t start your computer at the moment. You’ve probably used your phone and Google to find a solution, but Microsoft warns it might be a bad idea. Microsoft marks this as important, stating “It is not recommended to follow any workaround” other than the one officially stated. It further states that hidparse.sys in particular should not be deleted from your Windows\System32 folder.

Follow mitigation recommendations if affected, otherwise patch

December 21 update:

Ed Williams, the director (EMEA) of SpiderLabs, a team of security researchers, ethical hackers and forensic investigators, at Trustwave gave the following advice for Windows 10 users who may be considering not patching at all as a result of this message.

“I hope that recent news about specific patching issues doesn’t detract from the overall message about the importance of a robust patching strategy. As a security professional with more years of experience than I care to count, I would say that patching and patching quickly is still the number one proactive deterrent an organization can take to ensure it remains resilient to cyberattacks and malicious threat actors. Essentially, don’t throw the baby out with the bath water.

I’m not advocating that patches should be installed blindly; on the contrary, a good robust vulnerability management program will circumvent these corner cases, but they are corner cases and should be treated as such.

We have a wealth of data supporting the importance of patching and quick patching; My advice, follow the guide if you are concerned. Otherwise patch it.”

What is Microsoft’s official risk mitigation recommendation?

In the meantime, while Microsoft says it’s working to provide another update that will fix the problem, there’s a pretty tedious damage control path you can take. To do this, the gods of the Windows Recovery Environment (WinRE) must first be summoned. Your computer might still boot to WinRE after a crash, but if it doesn’t, you should be able to hold down the Shift key while restarting Windows to get there. If that fails, see Microsoft’s guide to getting started with WinRE for more advice.

From here you need to select “Troubleshoot” followed by “Start Recovery” and “Advanced Options” and then “Command Prompt”. Yes, you really need to delve into a command prompt, sorry. Once the Command Prompt window opens and you may be prompted to sign in with your password before it appears, you need to run the following command, assuming Windows is installed to C:\windows:

xcopy C:\windows\system32\drivers\hidparse.sys C:\windows\system32\hidparse.sys

Wait for the command prompt to reappear, then type: exit

Select Next and Windows should now start as usual.

Of course, it should also be remembered that besides the current hidparse.sys problem, there are many other issues that can cause a Windows 10 system to crash with a blue screen of death. If the problem with your computer started immediately after the latest patchday security update, follow the mitigation recommendations above as this is almost certainly the culprit. However, if the blue screens seem incoherent, TechCult website has a helpful guide on various causes and how to fix them.

Leave a Reply

Your email address will not be published. Required fields are marked *