Warning: Windows 7 Update Crashing NVRs

By: Brian Rhodes, Published on Aug 26, 2019

Windows 7 updates are causing VMS servers to fail to boot.

After running the update, impacted systems do not boot as normal, instead display this warning screen:

Windows 7 Update Crashing NVRs

In this note, we examine:

  • Which systems are impacted
  • What is causing the issue?
  • Vendor recommendations to fix
  • Dahua and Hikvision not impacted
  • End-of-Life Win 7 is coming
  • Is this a win for VSaaS?

The Problem

IPVM has received multiple reports of Windows 7 and Windows Server 2008R2 systems that will no longer boot after installing Microsoft 8/2019 Security update 'KB4512506 Security Monthly Quality Rollup'.

The problem occurs because this update uses now required SHA-2 signing, but mistakenly assumes the embedded OS servers and NVRs have been upgraded from SHA-1, which is not the case for many systems.

One site gave this explanation:

It looks like Microsoft forgot to make this update available for Windows 7 Embedded OS which installs the ability to use SHA-2 code signing.

As soon as the Aug 2019 security rollup update is installed, " KB4512506 " upon reboot, the OS indicates "Windows cannot verify the digital signature for this file " which of course is caused by the lack of the SHA-2 code sign support. I've had two NVR's go down due to this issue.

Below, we cover the impacted security vendors and how to fix the issue.

******* * ******* *** causing *** ******* ** fail ** ****.

***** ******* *** ******, impacted ******* ** *** boot ** ******, ******* display **** ******* ******:

Windows 7 Update Crashing NVRs

** **** ****, ** examine:

  • ***** ******* *** ********
  • **** ** ******* *** issue?
  • ****** *************** ** ***
  • ***** *** ********* *** impacted
  • ***-**-**** *** * ** coming
  • ** **** * *** for *****?

The *******

**** *** ******** ******** reports ** ******* * and ******* ****** ****** systems **** **** ** longer **** ***** ********** Microsoft */**** ******** ****** '********* ******** ******* ******* Rollup'.

*** ******* ****** ******* this ****** **** *** required ***-* *******, *** mistakenly ******* *** ******** OS ******* *** **** have **** ******** **** SHA-1, ***** ** *** the **** *** **** systems.

*** **** **** **** explanation:

** ***** **** ********* forgot ** **** **** update ********* *** ******* 7 ******** ** ***** installs *** ******* ** use ***-* **** *******.

** **** ** *** Aug **** ******** ****** update ** *********, " KB4512506 " **** ******, the ** ********* "******* cannot ****** *** ******* signature *** **** **** " ***** ** ****** is ****** ** *** lack ** *** ***-* code **** *******. *'** had *** ***'* ** down *** ** **** issue.

*****, ** ***** *** impacted ******** ******* *** how ** *** *** issue.

[***************]

Impacted ******* ****

**** *** **** ** attempted ******* **** * number ** ******* ** this *****. ******* ****** appears *****, **** **** experiencing **** ******* ** calls *** ** *** update, ***** ****** *** reporting ****:

  • ********:[******] ******** *** ********* that **** **** *** some ****** ** *** field **** ***** *******, but ** * ******* basis, *** **********. **** machines *** ** ****** running ******** ******** ** Windows.
  • ******* ********: [******]** *** ********* **** a **** ************** *** ***** ** how ** ******* ** on *** * ********* Series *********.***** **** ******* **** specifically ********* **** ** support ** ***** ** the *******, *** ******* has *** ********* ** IPVM. ** **** ****** when **** **.
  • *****:** ***** ** **** discussion, ***** *** ****** a ****** ** *** top ** ***** **** and ************** ****** ************.
  • *********: ** ********* *********, who **** ** **** have *** **** ******** of *** ******** ******* in *** **. ********* HQ ******* *** *** yet *********.
  • *******: *** ******* ****** official ****** *** ***** support ****** *** ******** dealers ** **** *** automatic ******* '***** ******* notice'.
  • ***: *** ****** ****** reported *** ***** ** a **** ****** ***** warning **** *****,****** **! *********.*** ******* 5 *** **** ****** ********.

*******, ***** ***** *** NVRs ***** ** ********, as ****. ** **** update **** **** ** other ******** ******* *** known.

Not ***** *** *********, *****, *** ***** ***** ****/*******

*************, *** ***** ** this ***** **** ******* older ******* ** ******** and ****.

********** ******** ******* ********* from ***** *** *********, who ******* ******* ***** an ******** ******* ** Linux.

Fix: ******* *** * ** ******** ********

** **** *****, ******** vendors *** ************ ******* repair *** ***** ** reimaging *** *** * OS ** * ******** version.

*** ****** ******* ****** based ** *** ****** build/motherboard ****, *** *** process ********* ******** ******* to ******** * '******** version' *** **** ** a *** *****, **** travelling ** **** ******** NVR ** *** ***** and ******** *** ***.

Security ****** ********

******* ******** ******* **** released ******** ******* *** warnings ***** *** *****.

*** *******, ***** *** placed ******** ****** ** *** top ** ***** ****:

******* **** ****** ******** notice *** ***** ******* portal:

** ******** ** *** official ******, ******* **** clarified ** ****:

"** ***** ** ********** for **, **** ** affecting **-*** **/**/** ****. SV-PRO **/** *** ********** EOL, *** ** *** some ***** **** **** and ****** *** ******** regardless."

[******] ******* ******** ************ **** * **** instruction*** *** ***** ** how ** ******* ** on *** * ********* Series *********.

Undiscovered ********

**********, **** ******** ******* may **** ********** ******. Since **** ************ ******* (especially ******* ******* ***** impacted **** *** ********) are *** ******** *********, many ******* *** *** viewed ***** ******** ******* is ******.

***** ******** ****** ******* out, **** ** ****** to ****** ** ************ issues:

* ***** ** ******* to *** **** **** systems *** ***** **** be **** *** ****, weeks *** ***** **** months ****** ****** *******. Many ***** ******** *** homeowners **** ***** ***** cameras **** *****'* * problem. **** ******* ** there's * *********** ***** and **** **** *** the ****** *** **** down *** **** ** months?

Corrective ******: "**** *** ********* *******"

** ******* ****** ********, vendors *** ******* ********** to ******* ****** ********* Win * *******.

*******, **** ********** **** leaves *** ******* ********** to ******* * ******** threats *** ****** **** unpatched ******* ***** *****.

Win * ***-**-*****, ******* ****** **** ****

*** ******* ** *********** by *** ******** *** of ******* ********** * ** ******* 2020.

**** ** ******* ******* date ** ****, ******* will *** ******* ******* security ******* ***** ******* 13th, **** *** '******* Embedded ******** *'. *** company ****** ** ************ * ********* *****:

********* **** * ********** to ******* ** ***** of ******* ******* *** Windows * **** ** was ******** ** ******* 22, ****. **** **** 10-year ****** ****, ********* will *********** ******* * support ** **** ** can ***** *** ********** on ********** ***** ************ and ***** *** ***********.

** **** **** **** looming, ******** **** *** servers ******* *** ******** OS **** ********** **** to ******* ********* *******, or ** ********, ****** the **** **** **** risking *********** *********.

Impact ** *******

************* *** ******** *******, recourse ******* *******.

**** ****** ******** ******* from '** ********' ******** ******* ****** ************, ******* *** ********* placing ************** ** *** the ******* ** **********.

******* ******* ** **** spoken **** **** *** they *** '******* ****** on *** *** ****' and **** '** *** eating ***** ** **** manhours' ********* ******* ******.

*** ******** ****** ********* a*********** ****** ** ***** repairing ******** ********:

* **** ***** **** of *** ******* ********* affected ****. *** ******* based ** ****** ****** were *** ******* ** repair. * ****** ******* typed ** ****** ****** you ** * ****** to **** **** *** updates. *** ******* * embedded ***** *****'* ** easy. **** ********* *** to ** ******** ** out ** *** *** condition ****** **** ***** operate. **** ***** *********** all **** ******* (***** the **** **** ******* the *******) *** ********* them ** ***** ******.

***** *** ********* *** date *** ******** ** machines, ** ** *** expect ******* ** ****** significant ********** ********* ** the *****.

A *** *** *****?

****** ***** ******* *** going ** ***** **** is * **** ************* for ***** **** *** not ****** ** ***** about **** **** ** crisis.

*******, *** **** ****** who **** ******* * for ** **** *** also ****** *** ***** to ** ***** ** pay ******* **** *** upgrade ***** ** **** may ********* ** ******* systems.

******* **** ******* ******* tout ***** * *********** recording ****** ** *** is '* ****** ***** ** failure', *** ** ****** issues **** **** ******** similar *********.

Comments (7)

**** **** ******** ** me (*** *** ****** time ** *** **** year) ******* **** ****** Station ** * ******* 7 ******* (**** ***** NVR). * ** *** run ********* ******* *** do ******** ******* ******* from **** ** ****. Unfortunately, *** **** *** is ****** **-******* *** machine **** ***** **** Axis **** *******.

** **** ** ******** Win7 ***** ** **** Win7?

************** ****** ******* **** versions.

**** ****, ** ********* is *** ******** ******* that ** **** *** affected.

[******]DW ********

******* ******** ************ **** * **** instruction*** *** ***** ** how ** ******* ** on *** * ********* Series *********.

**** ***** *******, ** also ********* ******* *** automatic ******* ** ******* similar ******:

** *** ********* ***, Windows ******* **** *** configure ** ******** *** install ************* **** *** factory *** ** *** unforeseen *** ********** ****** the ******* ******* *** cause ** *** *********** of *** ****** *** DW ********.

** *** **** ****** last **** *** ******* Radius (*** ****, ***** uses *****) *** ***** Digital ****** (****** ******).

******: ******** *** ********* that **** **** *** some ****** ** *** field **** ***** *******, but ** * ******* basis, *** **********. **** machines *** ** ****** running ******** ******** ** Windows.

***** **** ** *** conspiracy ******** ** ** or *’** ****** *** cynical *** * ***** Microsoft *** **** ** purpose ** ***** **** to ******* ** ******* 10 ** ****** ****. If ** *** **** this ***** ** ***** NOT **-******* ******* *; we ***** ******* ******* 10 ** ****** ****.

Read this IPVM report for free.

This article is part of IPVM's 6,367 reports, 855 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now

Related Reports

Verkada Notification Outage on Dec 12, 2019
Verkada is suffering an event notification outage and analytic search failures. Inside, we examine what the issues are, what Verkada told IPVM...
CheckMySystems Company Profile on Aug 14, 2019
CheckMySystems says that too many users respond, "I get an email when something is wrong" when talking about their video system maintenance plan,...
Unfixed Critical Vulnerability In Millions of XiongMai Devices Disclosed on Oct 10, 2018
XiongMai, one of the biggest OEMs alongside Dahua and Hikvision, has suffered a critical vulnerability impacting millions of their devices. This...
Google Found Software House Vulnerability Allows Inside Attacker To Open Doors on Sep 04, 2018
A vulnerability in Software House IP-ACM modules allows an attacker to potentially unlock doors, or perform other actions, on affected systems....
Hikvision DeepInMind Tested Terribly on Feb 15, 2018
While Hikvision is heavily marketing deep learning and 'AI' as their next big thing, new IPVM test results of their DeepInMind NVR shows their deep...
Intel Flaw Impact on VMS / NVRs Examined on Jan 05, 2018
A flaw has been found in Intel processors that exposes protected memory to unauthorized access. The flaw requires fundamental changes to operating...
Hikvision Upgrade Breaks ONVIF VMS Integration on Oct 31, 2017
Hikvision IP cameras using ONVIF for VMS integration will break when upgrading to Hikvision new 5.5 firmware, IPVM testing has verified. This...
Dahua Removes Auto Rebooting on Oct 17, 2017
For years, Dahua has automatically programmed its IP cameras to reboot weekly, a highly atypical and questionable practice. Following IPVM...
Rebooting IP Camera Statistics And Practices on Aug 10, 2017
Dahua cameras automatically reboot weekly, by default. Is this an innovation by the Chinese mega-manufacturer or a sign of a problems? 125...
Hanwha Recorder Vulnerability Analyzed on May 18, 2017
ICS-CERT has released a vulnerability notice for Hanwha SRN-4000 recorders.  Hanwha provided additional information to IPVM about this issue,...

Most Recent Industry Reports

Verkada: "IPVM Should Never Be Your Source of News" on Jul 02, 2020
Verkada was unhappy with IPVM's recent coverage declaring that reading IPVM is 'not a good look' and that 'IPVM should never be your source of...
Vintra Presents FulcrumAI Face Recognition on Jul 02, 2020
Vintra presented its FulcrumAI face recognition and mask detection offering at the May 2020 IPVM Startups show. Inside this report: A...
Uniview Wrist Temperature Reader Tested on Jul 02, 2020
Uniview is promoting measuring wrist temperatures whereas most others are just offering forehead or inner canthus measurements. But how well does...
Dahua USA Admits Thermal Solutions "Qualify As Medical Devices" on Jul 02, 2020
Dahua USA has issued a press release admitting a controversial point in the industry but an obvious one to the US FDA, that the thermal temperature...
Access Control Online Show - July 2020 - With 40+ Manufacturers - Register Now on Jul 01, 2020
IPVM is excited to announce our July 2020 Access Control Show. With 40+ companies presenting across 4 days, this is a unique opportunity to hear...
Hanwha Face Mask Detection Tested on Jul 01, 2020
Face mask detection or, more specifically lack-of-face-mask detection, is an expanding offering in the midst of coronavirus. Hanwha in partnership...
UK Government Says Fever Cameras "Unsuitable" on Jul 01, 2020
The UK government's medical device regulator, MHRA, told IPVM that fever-seeking thermal cameras are "unsuitable for this purpose" and recommends...
Camera Course Summer 2020 on Jun 30, 2020
This is the only independent surveillance camera course, based on in-depth product and technology testing. Lots of manufacturer training...
Worst Over But Integrators Still Dealing With Coronavirus Problems (June Statistics) on Jun 30, 2020
While numbers of integrators very impacted by Coronavirus continue to drop, most are still moderately dealing with the pandemic's problems, June...