Windows update KB3004394 issues

Windows update KB3004394  causes the following issues on my Windows 7 x64 Ultimate system:

All MMC functions (Event Viewer, etc.) now require Administrator action, although in an Administrator account.

Windows Defender service will not start

The Windows Defender Service Terminated with the following error

%%-2147023113

Removing it  returns the system to normal.

Anyone else experience this?

 

Discussion Info


Last updated June 29, 2019 Views 76,463 Applies to:

* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.

We were having problems using published applications (via RemoteApp). Clients were complaining about RDP.

You could connect to the server, run the application from there, but you could not run the application that has been published by RemoteApp.

Once I removed KB3004394 it worked.

There's a bug report on Oracle's VirtualBox ticket system that seems to be caused by KB3004394. For some, uninstalling the update resolves the VirtualBox failures.

VirtualBox Ticket 13677

Had a look at the VirtualBox breakage.

The problem seems to be that the update does not install any catalog file C:\Windows\System32\CatRoot and it's therefore impossible to verify the new crypto32.dll file that the it installs.  (Compare "sigcheck -i C:\Windows\System32\crypto32.dll" output before and after installing the update. Sigcheck says it's signed before and unsigned after.)

The Windows 8.1 version of the update works, i.e. installs C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1_for_KB3004394~31bf3856ad364e35~amd64~~6.3.1.0.cat that we (and sigcheck.exe from microsoft/sysinternals) can successfully validate the DLL.  (I've only tried 64-bit Windows 8.1 and Windows 7, so I cannot tell exactly which updates are broken.)

The only way to make VirtualBox work again is reverting/removing the update, unless Microsoft fixes the missing .cat file issue.  I sincerely hope that Microsoft will update the update with a working cat file eventually...

-bird

PS. Would be really swell if files like crypto32.dll and wintrust.dll had embedded signatures instead of only external ones. It would not only do away with these kind of issues but also make it a lot easier to verify that the files haven't been tampered with.

WMC PROBLEMS: I have two networked X64 windows 7 home premium computers running hd homerun cable card access. Cable tv content wouldn't play on either one. (Got following message: "Display driver error The video playback device does not support playback of protected content.")

Restored to 12/6/14, then found forum on "The Green Button" isolating the culprit as KB3004394

http://www.thegreenbutton.tv/forums/viewtopic.php?f=5&t=8212

Reinstalled updates leaving that one out. Everything works again.

All of this is so frikikin crazy. I'm having these update issues as well- and I'm so tired of having to hunt and search for these answers- often times never finding any. Users should NOT have to go through this kind of hell.

It's all so reminiscent of the ancient DLL HELL we used to have to go through. Windows Updates should be SEAMLESS to the user.

I tried to remove update but stuck on preparing to configure Windows for hour!

Help can I get out of this?

This update has broken a lot of things in my Law Firm. As an administrator, UAC prompts comes up every time I load Active Directory or Event Viewer. Remote assistant does not work either (msra.exe). Any MMC snippet prompts for UAC. It never use to prompt when loading AD or any MMC snippets directly such as DNS etc. My UAC settings are set to default settings which has always been like that.

It also broke my Virtual machines which are running on VirtualBox.

As soon as I uninstalled this update, everything is back to normal.

Corporate company running Windows 7 Enterprise 32 bit. Home PC running on Windows 7 Ultimate 64 bit.

There's a bug report on Oracle's VirtualBox ticket system that seems to be caused by KB3004394. For some, uninstalling the update resolves the VirtualBox failures.

VirtualBox Ticket 13677

Had a look at the VirtualBox breakage.

The problem seems to be that the update does not install any catalog file C:\Windows\System32\CatRoot and it's therefore impossible to verify the new crypto32.dll file that the it installs.  (Compare "sigcheck -i C:\Windows\System32\crypto32.dll" output before and after installing the update. Sigcheck says it's signed before and unsigned after.)

The Windows 8.1 version of the update works, i.e. installs C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1_for_KB3004394~31bf3856ad364e35~amd64~~6.3.1.0.cat that we (and sigcheck.exe from microsoft/sysinternals) can successfully validate the DLL.  (I've only tried 64-bit Windows 8.1 and Windows 7, so I cannot tell exactly which updates are broken.)

The only way to make VirtualBox work again is reverting/removing the update, unless Microsoft fixes the missing .cat file issue.  I sincerely hope that Microsoft will update the update with a working cat file eventually...

-bird

PS. Would be really swell if files like crypto32.dll and wintrust.dll had embedded signatures instead of only external ones. It would not only do away with these kind of issues but also make it a lot easier to verify that the files haven't been tampered with.

Files containing "3004394" in c:\windows\system32\catroot on my Windows 7 x64 system with KB3004394 installed an no issues so far:

Mode                LastWriteTime     Length Name
----                -------------     ------ ----
-a--s        10/31/2014   2:45 PM      23488 Package_111_for_KB3004394~31bf3856ad364e35~amd64~~6.1.1.0.cat
-a--s        10/31/2014   2:45 PM      27136 Package_112_for_KB3004394~31bf3856ad364e35~amd64~~6.1.1.0.cat
-a--s        10/31/2014   2:45 PM       7475 Package_113_for_KB3004394~31bf3856ad364e35~amd64~~6.1.1.0.cat
-a--s        10/31/2014   2:45 PM       7475 Package_114_for_KB3004394~31bf3856ad364e35~amd64~~6.1.1.0.cat
-a--s        10/31/2014   2:45 PM       9231 Package_39_for_KB3004394~31bf3856ad364e35~amd64~~6.1.1.0.cat
-a--s        10/31/2014   2:45 PM      11567 Package_40_for_KB3004394~31bf3856ad364e35~amd64~~6.1.1.0.cat
-a--s        10/31/2014   2:45 PM      12727 Package_75_for_KB3004394~31bf3856ad364e35~amd64~~6.1.1.0.cat
-a--s        10/31/2014   2:45 PM       9231 Package_76_for_KB3004394~31bf3856ad364e35~amd64~~6.1.1.0.cat
-a--s        10/31/2014   2:45 PM       7475 Package_for_KB3004394_SP1~31bf3856ad364e35~amd64~~6.1.1.0.cat
-a--s        10/31/2014   2:45 PM       7475 Package_for_KB3004394~31bf3856ad364e35~amd64~~6.1.1.0.cat

Output of sigcheck:

C:\SysinternalsSuite>sigcheck.exe c:\Windows\System32\crypt32.dll

Sigcheck v1.71 - File version and signature viewer
Copyright (C) 2004-2010 Mark Russinovich
Sysinternals - www.sysinternals.com

c:\windows\system32\crypt32.dll:
        Verified:       Signed
        Signing date:   1:45 PM 10/31/2014
        Publisher:      Microsoft Corporation
        Description:    Crypto API32
        Product:        Microsoft« Windows« Operating System
        Version:        6.1.7601.18526
        File version:   6.1.7601.18526 (win7sp1_gdr.140706-1506)

I'm also not seeing any issues with Windows 7 32-bit or Windows Server 2008 R2.

If there are any things that I can assess in my environment to look for differences, let me know and I'll post a reply.

Right on for troubleshooting error!

For what it is worth, I installed KB3004394 on another Windows 7 x64 Ultimate system and have found no issues so far.

I do not know what the difference is between the two computers as yet.

Microsoft Community Contributor (MCC) 2011
****!  I've been struggling with this issue for 3 days!!!  Thank you for solving it.  Argh MS!
test2

* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.