Windows security updates KB4056890 through KB4056899 may cause 64-bit Windows systems to hang when starting LinkManager release 7.3 and older.
Secomea has prepared a new LinkManager installer that will detect the state of your computer and offer choices to automatically patch your computer with either workaround 2 or 3 described below.
Description of the problem:
Possibly affected Windows versions and related patch:
January 3, 2018—KB4056897 (Security-only update)
January 9, 2018—KB4056894 (Monthly Rollup)
January 3, 2018—KB4056888 (OS Build 10586.1356)
January 3, 2018—KB4056892 (OS Build 16299.192)
January 3, 2018—KB4056891 (OS Build 15063.850)
January 3, 2018—KB4056890 (OS Build 14393.2007)
January 3, 2018—KB4056898 (Security-only update)
January 3, 2018—KB4056893 (OS Build 10240.17735)
January 9, 2018—KB4056895 (Monthly Rollup)
The primary purpose of these updates were to mitigate the Meltdown and Spectre vulnerabilities discovered recently.
Unfortunately, these patches significantly alter the handling of virtual memory in a way that is both incompatible with certain AMD CPUs, as well as certain applications, hereunder LinkManager. Starting LinkManager on 64 bit Windows 8.x and 10 may freeze or crash Windows and require a manual restart of your computer.
It is expected that Microsoft will provide a resolution in a future patch update, and has paused the patch roll out for AMD-based computers but not for Intel-based computers. Due to the nature of the problem, it is expected that a solution for the AMD CPU will also solve the problem with LinkManager.
More info on the problems caused by the update can be found in various online articles, e.g.
- Uninstall the security update, and prevent it from auto-installing (see http://windowsreport.com/block-kb4056892/ )
- Disable the security patch in Windows registry
- Configure LinkManager to use hardware virtualization instead of software based virtualization (Requires that virtualization is enabled in the computer BIOS)
- Wait for Microsoft to release a fix
- Wait for the new LinkManager 8 version, which has been completely re-architected and optimized, and is not relying on specific virtual memory management.
Technical details about the workaround choices in LinkManager build 18025 installer:
Selecting the first workaround choice in the LinkManager installer, performs the following registry changes that will disable the Spectre and Meltdown security mitigations:
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 3 /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
If answering No to the above workaround, the LinkManager installer will offer using hardware virtualization, by setting the value <HardwareVirtEx enabled="true"/> in the LinkManager.xml file located in \\Program Files\Secomea\LinkManager\Machines\LinkManager
At any time in the installer, you can press Cancel and no changes are made.
Note: that once having selected the first choice (registry changes), you cannot undo this by running the LinkManager installer again. If having selected the second choice (hardware virtualization), running the installer again will again offer the first choice (registry changes) and disable use of hardware virtualization in the LinkManager. There is no option for applying both workarounds concurrently.