Warning: Windows 7 Update Crashing NVRs

By Brian Rhodes, Published Aug 26, 2019, 01:42pm EDT

Windows 7 updates are causing VMS servers to fail to boot.

After running the update, impacted systems do not boot as normal, instead display this warning screen:

Windows 7 Update Crashing NVRs

In this note, we examine:

  • Which systems are impacted
  • What is causing the issue?
  • Vendor recommendations to fix
  • Dahua and Hikvision not impacted
  • End-of-Life Win 7 is coming
  • Is this a win for VSaaS?

The Problem

IPVM has received multiple reports of Windows 7 and Windows Server 2008R2 systems that will no longer boot after installing Microsoft 8/2019 Security update 'KB4512506 Security Monthly Quality Rollup'.

The problem occurs because this update uses now required SHA-2 signing, but mistakenly assumes the embedded OS servers and NVRs have been upgraded from SHA-1, which is not the case for many systems.

One site gave this explanation:

It looks like Microsoft forgot to make this update available for Windows 7 Embedded OS which installs the ability to use SHA-2 code signing.

As soon as the Aug 2019 security rollup update is installed, " KB4512506 " upon reboot, the OS indicates "Windows cannot verify the digital signature for this file " which of course is caused by the lack of the SHA-2 code sign support. I've had two NVR's go down due to this issue.

Below, we cover the impacted security vendors and how to fix the issue.

Impacted ******* ****

**** *** **** ** attempted ******* **** * number ** ******* ** this *****. ******* ****** appears *****, **** **** experiencing **** ******* ** calls *** ** *** update, ***** ****** *** reporting ****:

  • ********:[******] ******** *** ********* that **** **** *** some ****** ** *** field **** ***** *******, but ** * ******* basis, *** **********. **** machines *** ** ****** running ******** ******** ** Windows.
  • ******* ********: [******]** *** ********* **** a **** ************** *** ***** ** how ** ******* ** on *** * ********* Series *********.***** **** ******* **** specifically ********* **** ** support ** ***** ** the *******, *** ******* has *** ********* ** IPVM. ** **** ****** when **** **.
  • *****:** ***** ** **** discussion, ***** *** ****** a ****** ** *** top ** ***** **** and ************** ****** ************.
  • *********: ** ********* *********, who **** ** **** have *** **** ******** of *** ******** ******* in *** **. ********* HQ ******* *** *** yet *********.
  • *******: *** ******* ****** official ****** *** ***** support ****** *** ******** dealers ** **** *** automatic ******* '***** ******* notice'.
  • ***: *** ****** ****** reported *** ***** ** a **** ****** ***** warning **** *****,****** **! *********.*** ******* 5 *** **** ****** ********.

*******, ***** ***** *** NVRs ***** ** ********, as ****. ** **** update **** **** ** other ******** ******* *** known.

Not ***** *** *********, *****, *** ***** ***** ****/*******

*************, *** ***** ** this ***** **** ******* older ******* ** ******** and ****.

********** ******** ******* ********* from ***** *** *********, who ******* ******* ***** an ******** ******* ** Linux.

Fix: ******* *** * ** ******** ********

** **** *****, ******** vendors *** ************ ******* repair *** ***** ** reimaging *** *** * OS ** * ******** version.

*** ****** ******* ****** based ** *** ****** build/motherboard ****, *** *** process ********* ******** ******* to ******** * '******** version' *** **** ** a *** *****, **** travelling ** **** ******** NVR ** *** ***** and ******** *** ***.

Security ****** ********

******* ******** ******* **** released ******** ******* *** warnings ***** *** *****.

*** *******, ***** *** placed ******** ****** ** *** top ** ***** ****:

******* **** ****** ******** notice *** ***** ******* portal:

** ******** ** *** official ******, ******* **** clarified ** ****:

"** ***** ** ********** for **, **** ** affecting **-*** **/**/** ****. SV-PRO **/** *** ********** EOL, *** ** *** some ***** **** **** and ****** *** ******** regardless."

[******] ******* ******** ************ **** * **** instruction*** *** ***** ** how ** ******* ** on *** * ********* Series *********.

Undiscovered ********

**********, **** ******** ******* may **** ********** ******. Since **** ************ ******* (especially ******* ******* ***** impacted **** *** ********) are *** ******** *********, many ******* *** *** viewed ***** ******** ******* is ******.

***** ******** ****** ******* out, **** ** ****** to ****** ** ************ issues:

* ***** ** ******* to *** **** **** systems *** ***** **** be **** *** ****, weeks *** ***** **** months ****** ****** *******. Many ***** ******** *** homeowners **** ***** ***** cameras **** *****'* * problem. **** ******* ** there's * *********** ***** and **** **** *** the ****** *** **** down *** **** ** months?

Corrective ******: "**** *** ********* *******"

** ******* ****** ********, vendors *** ******* ********** to ******* ****** ********* Win * *******.

*******, **** ********** **** leaves *** ******* ********** to ******* * ******** threats *** ****** **** unpatched ******* ***** *****.

Win * ***-**-*****, ******* ****** **** ****

*** ******* ** *********** by *** ******** *** of ******* ********** * ** ******* 2020.

**** ** ******* ******* date ** ****, ******* will *** ******* ******* security ******* ***** ******* 13th, **** *** '******* Embedded ******** *'. *** company ****** ** ************ * ********* *****:

********* **** * ********** to ******* ** ***** of ******* ******* *** Windows * **** ** was ******** ** ******* 22, ****. **** **** 10-year ****** ****, ********* will *********** ******* * support ** **** ** can ***** *** ********** on ********** ***** ************ and ***** *** ***********.

** **** **** **** looming, ******** **** *** servers ******* *** ******** OS **** ********** **** to ******* ********* *******, or ** ********, ****** the **** **** **** risking *********** *********.

Impact ** *******

************* *** ******** *******, recourse ******* *******.

**** ****** ******** ******* from '** ********' ******** ******* ****** ************, ******* *** ********* placing ************** ** *** the ******* ** **********.

******* ******* ** **** spoken **** **** *** they *** '******* ****** on *** *** ****' and **** '** *** eating ***** ** **** manhours' ********* ******* ******.

*** ******** ****** ********* a*********** ****** ** ***** repairing ******** ********:

* **** ***** **** of *** ******* ********* affected ****. *** ******* based ** ****** ****** were *** ******* ** repair. * ****** ******* typed ** ****** ****** you ** * ****** to **** **** *** updates. *** ******* * embedded ***** *****'* ** easy. **** ********* *** to ** ******** ** out ** *** *** condition ****** **** ***** operate. **** ***** *********** all **** ******* (***** the **** **** ******* the *******) *** ********* them ** ***** ******.

***** *** ********* *** date *** ******** ** machines, ** ** *** expect ******* ** ****** significant ********** ********* ** the *****.

A *** *** *****?

****** ***** ******* *** going ** ***** **** is * **** ************* for ***** **** *** not ****** ** ***** about **** **** ** crisis.

*******, *** **** ****** who **** ******* * for ** **** *** also ****** *** ***** to ** ***** ** pay ******* **** *** upgrade ***** ** **** may ********* ** ******* systems.

******* **** ******* ******* tout ***** * *********** recording ****** ** *** is '* ****** ***** ** failure', *** ** ****** issues **** **** ******** similar *********.

Comments (7)

**** **** ******** ** me (*** *** ****** time ** *** **** year) ******* **** ****** Station ** * ******* 7 ******* (**** ***** NVR). * ** *** run ********* ******* *** do ******** ******* ******* from **** ** ****. Unfortunately, *** **** *** is ****** **-******* *** machine **** ***** **** Axis **** *******.

** **** ** ******** Win7 ***** ** **** Win7?

************** ****** ******* **** versions.

**** ****, ** ********* is *** ******** ******* that ** **** *** affected.

[******]DW ********

******* ******** ************ **** * **** instruction*** *** ***** ** how ** ******* ** on *** * ********* Series *********.

**** ***** *******, ** also ********* ******* *** automatic ******* ** ******* similar ******:

** *** ********* ***, Windows ******* **** *** configure ** ******** *** install ************* **** *** factory *** ** *** unforeseen *** ********** ****** the ******* ******* *** cause ** *** *********** of *** ****** *** DW ********.

** *** **** ****** last **** *** ******* Radius (*** ****, ***** uses *****) *** ***** Digital ****** (****** ******).

******: ******** *** ********* that **** **** *** some ****** ** *** field **** ***** *******, but ** * ******* basis, *** **********. **** machines *** ** ****** running ******** ******** ** Windows.

***** **** ** *** conspiracy ******** ** ** or *’** ****** *** cynical *** * ***** Microsoft *** **** ** purpose ** ***** **** to ******* ** ******* 10 ** ****** ****. If ** *** **** this ***** ** ***** NOT **-******* ******* *; we ***** ******* ******* 10 ** ****** ****.

Read this IPVM report for free.

This article is part of IPVM's 6,653 reports, 896 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now
Loading Related Reports