On Tuesday, Microsoft pushed out its Patch Tuesday cumulative updates for Windows builds. However, the company has been forced to block and pause the security rollups for Windows 7 and Windows 8.1.

The block comes after users of the Sophos antivirus software reported their machines would not boot after the updates were installed.

It seems Microsoft’s patches are causing the worst possible scenario for users running Sophos Endpoint Security and Control and Sophos Central Endpoint on Windows 7 and 8.1. It is worth noting the problem also affects the corresponding server versions of those Windows builds, namely Windows Server 2008 R2 and Windows Server 2012.

The security-only updates that have triggered this issue and have since been blocked are KB4493467, KB4493446, KB4493448, KB4493472, KB4493450 and KB4493451.

“Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to freeze or hang upon restart after installing this update,” Microsoft confirms.

Sophos Warning

Sophos has also reacted by actively warning users to avoid updating to these patches. For users who have already installed, the company advises booting into safe mode and disabling Sophos software on the machine. The PC should then allow boot in normal mode for the Windows updates to be removed.

“Microsoft has temporarily blocked devices from receiving this update if the Sophos Endpoint is installed until a solution is available.  Further information can be found in the Microsoft Articles listed above.

If you have not yet performed the update we recommend not doing so. If you have performed the update but not yet rebooted we recommend removing the update prior to rebooting.”