KB4480970 may break SMBv2 shares, here’s a workaround

Beware Windows 7 users, KB4480970 may break SMBv2, limiting your access to network shares. Here is what to do.

Cloud Network Banner

The Server Message Block (SMB) Protocol is the network file sharing protocol of Microsoft Windows. The set of message packets defining a particular version of the protocol is called a dialect. The Common Internet File System (CIFS) is a dialect of SMB. Both SMB and CIFS are also available on VMS. It is worth mentioning that both SMB and CIFS are also available on other operating systems like Linux and Android via alternate implementations from third parties. For reference, see the following MSDN article.

Microsoft's implementation of the SMB protocol comes with the following additions:

Tip: You can use this tool to repair Windows problems and improve performance of the OS.

Starting in Windows Vista, Microsoft implemented a new version of SMB, known as SMB2.

KB4480970 (Monthly Rollup)

The patch KB4480970  is a Monthly Rollup update for Windows 7. It addresses a number of issues in PowerShell, fixes a vulnerability known as Speculative Store Bypass (CVE-2018-3639) for AMD-based computers, and includes Security updates to Windows Kernel, Windows Storage and Filesystems, Windows Wireless Networking, and the Microsoft JET Database Engine.

Unfortunately, the update causes issues with networking. After installing KB4480970 on a Windows 7 PC that has shared folders, the shares can not be connected to anymore.

Here is a workaround.

Workaround

Option #1. Uninstall the KB4480970 update

  1. Open a new command prompt as Administrator.
  2. Type the following command:
    wusa /uninstall /kb:4480970
  3. The update is now uninstalled.

Wusa.exe is the Windows Update Standalone Installer. The Wusa.exe file is in the %windir%\System32 folder. The Windows Update Standalone Installer uses the Windows Update Agent API to install and remove update packages.

Option #2. Apply a Registry fix

If you cannot uninstall the update package, or you need to keep it installed due to security fixes it provides, you can apply the following Registry tweak.

Before proceeding, ensure that your user account has administrative privileges. Now, follow the instructions below.

  1. Open the Registry Editor app.
  2. Go to the following Registry key.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system

    See how to go to a Registry key with one click.

  3. If you don't have such a key, create it manually.
  4. On the right, modify or create a new 32-Bit DWORD value LocalAccountTokenFilterPolicy.
    Note: Even if you are running 64-bit Windows you must still create a 32-bit DWORD value.
    Set its value to 1 in decimal.
  5. Restart Windows 10.

This should resolve the issue.

Caution: The LocalAccountTokenFilterPolicy entry disables User Account Control (UAC) remote restrictions for all users of all affected computers. Consider the implications of this setting carefully before changing the policy.

Source: deskmodder.de.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.