KB4480970 may break SMBv2 shares, here’s a workaround

Shared Folder Network Icon

Beware Windows 7 users, KB4480970 may break SMBv2, limiting your access to network shares. Here is what to do.

The Server Message Block (SMB) Protocol is the network file sharing protocol of Microsoft Windows. The set of message packets defining a particular version of the protocol is called a dialect. The Common Internet File System (CIFS) is a dialect of SMB. Both SMB and CIFS are also available on VMS. It is worth mentioning that both SMB and CIFS are also available on other operating systems like Linux and Android via alternate implementations from third parties. For reference, see the following MSDN article.

Microsoft's implementation of the SMB protocol comes with the following additions:

Starting in Windows Vista, Microsoft implemented a new version of SMB, known as SMB2.

KB4480970 (Monthly Rollup)

The patch KB4480970  is a Monthly Rollup update for Windows 7. It addresses a number of issues in PowerShell, fixes a vulnerability known as Speculative Store Bypass (CVE-2018-3639) for AMD-based computers, and includes Security updates to Windows Kernel, Windows Storage and Filesystems, Windows Wireless Networking, and the Microsoft JET Database Engine.

Unfortunately, the update causes issues with networking. After installing KB4480970 on a Windows 7 PC that has shared folders, the shares can not be connected to anymore.

Here is a workaround.

Workaround

Option #1. Uninstall the KB4480970 update

  1. Open a new command prompt as Administrator.
  2. Type the following command:
    wusa /uninstall /kb:4480970
  3. The update is now uninstalled.

Wusa.exe is the Windows Update Standalone Installer. The Wusa.exe file is in the %windir%\System32 folder. The Windows Update Standalone Installer uses the Windows Update Agent API to install and remove update packages.

Option #2. Apply a Registry fix

If you cannot uninstall the update package, or you need to keep it installed due to security fixes it provides, you can apply the following Registry tweak.

Before proceeding, ensure that your user account has administrative privileges. Now, follow the instructions below.

  1. Open the Registry Editor app.
  2. Go to the following Registry key.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system

    See how to go to a Registry key with one click.

  3. If you don't have such a key, create it manually.
  4. On the right, modify or create a new 32-Bit DWORD value LocalAccountTokenFilterPolicy.
    Note: Even if you are running 64-bit Windows you must still create a 32-bit DWORD value.
    Set its value to 1 in decimal.
  5. Restart Windows 10.

This should resolve the issue.

Caution: The LocalAccountTokenFilterPolicy entry disables User Account Control (UAC) remote restrictions for all users of all affected computers. Consider the implications of this setting carefully before changing the policy.

Source: deskmodder.de.

Support us

Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options:

If you like this article, please share it using the buttons below. It won't take a lot from you, but it will help us grow. Thanks for your support!

Author: Sergey Tkachenko

Sergey Tkachenko is a software developer who started Winaero back in 2011. On this blog, Sergey is writing about everything connected to Microsoft, Windows and popular software. Follow him on Telegram, Twitter, and YouTube.

Leave a Reply

Your email address will not be published.

Exit mobile version
Using Telegram? Subscribe to the blog channel!
Hello. Add your message here.