Sunday, February 5, 2023
HomeTechnologyHow To Stop Windows 10 Crashing After Latest Security Update

How To Stop Windows 10 Crashing After Latest Security Update

December 21 Update below. This post was originally published on December 20

In November, the monthly Microsoft Patch Tuesday security update included fixes for four Windows zero-day vulnerabilities. In December, two such zero-days were part of the scheduled security update. As with all such security updates, rather than feature-tweaking ones, the recommendation is to patch them as soon as possible. The U.S. Cybersecurity & Infrastructure Agency (CISA) often requires Federal agencies to update within 21 days and advises others to do so as soon as possible. However, as some Windows 10 users are discovering, the process doesn’t always go as smoothly as it should. Indeed, enough users have complained about Windows 10 crashing upon start up with a blue screen of death after installing the December Patch Tuesday update to prompt Microsoft to issue a Windows 10 ‘known health issues’ notification.

MORE FROM FORBESSecurity Expert Warns ‘Update Google Chrome Now’ As CISA 0Day Deadline Revealed

What is causing Windows 10 to crash after the Patch Tuesday update?

The issue that is impacting some Windows 10 users concerns the human interface device parsing library, hidparse.sys, which is part of the Windows operating system. It appears, Microsoft states, that for some users, with Windows installed to the C: drive, a mismatch between file versions within the system32 and systme32/drivers directories. This might cause a signature validation failure and lead to a blue screen of death crash. Impacted Windows versions seem to be limited to Windows 10 22H2, 21H2, 21H1, and 20H2.

Most users, most of the time, will never experience any issues when applying the Windows Patch Tuesday security update each month. Indeed, I’ve not run into any issues personally, and I’ve been applying the updates since they first arrived on the security scene, which will come as cold comfort if you can’t start your machine at the moment. You’ve likely used your phone and Google to try and find a solution, but Microsoft is warning that this could be a bad idea. Flagging it as important, Microsoft states: “it is not recommended to follow any other workaround” than the official one given. It goes on to say that, specifically, hidparse.sys should not be deleted from your Windows\System32 folder.

Follow the mitigation advice if impacted, otherwise patch

December 21 update:

Ed Williams, the director (EMEA) of SpiderLabs, a team of security researchers, ethical hackers, and forensic investigators, at Trustwave offered the following advice for users of Windows 10 who might be thinking about not patching at all as a result of this news.

“I do hope the recent news on specific issues with patching doesn’t detract from the overall message around the importance of a robust patching strategy. As a security professional with more years of experience than I care to count, I would say that patching and patching quickly is still the number one proactive deterrent an organization can take to ensure they remain resilient against cyber-attacks and malicious threat actors. In essence, don’t throw the baby out with the bathwater.

I’m not advocating that patches should be installed blindly; quite the opposite, a good robust vulnerability management program will guide around these corner cases, but they are corner cases and should be treated as such.

We have a wealth of data that backups up the importance of patching and patching quickly; my advice, follow the guidance if you’re impacted. Otherwise, patch.”

What is the official mitigation advice from Microsoft?

While Microsoft says it is working on providing a further update that will resolve the issue, in the meantime, there is a fairly monotonous mitigation route you can take. This involves first summoning the Windows Recovery Environment (WinRE) gods. It could be that upon crashing, your computer will start up with WinRE anyway, but if not, then you should be able to hold the shift key while restarting Windows to get there. If this fails, see the Microsoft guide to getting into WinRE for more advice.

From here, you will need to select ‘Troubleshoot’ followed by ‘Start Recovery’ and ‘Advanced Options’ then ‘Command Prompt.’ Yes, you really do need to delve into a command prompt for this one, sorry. Once the command prompt windows is up, and it may ask you to login with your password before appearing, you need to run the following command, assuming Windows is installed to C:\windows:

xcopy C:\windows\system32\drivers\hidparse.sys C:\windows\system32\hidparse.sys

Wait to get the command prompt back, and then type: exit

Select Continue, and Windows should now start as normal.

Of course, it should also be remembered that there are plenty of other issues that can cause a Windows 10 system to crash with a blue screen of death, other than the current hidparse.sys issue. If the issue with your computer started immediately following the latest Patch Tuesday security update, then follow the mitigation advice above as this is almost certainly to blame. However, if the blue screens appear unrelated, there’s a helpful guide to various causes and how to fix them on the TechCult site.

Abdullah Anaman
Abdullah Anaman
I am a highly competent IT professional with a proven track record in designing websites, building apps etc. I have strong technical skills as well as excellent interpersonal skills, enabling me to interact with a wide range of clients.


Please enter your comment!
Please enter your name here
Captcha verification failed!
CAPTCHA user score failed. Please contact us!

Most Popular

Recent Comments