Microsoft’s April Patch Tuesday Updates Are Hanging Windows PCs, Here’s How To Fix It

Another day, another update fiasco that Microsoft and its partners must battle through. Earlier this week, Microsoft issued another round of monthly “Patch Tuesday” updates, but things didn’t go so swiftly for those that have Sophos Endpoint Protection installed on their systems.

Sophos acknowledged the problem on its support website this morning, writing, “Sophos has received reports of computers failing to boot. Sophos is actively investigating this issue and will update this article when more information is available.”


According to Sophos, all versions of its Endpoint and server licenses are affected. In addition, the Patch Tuesday updates are causing widespread problems for users running Windows 7, Windows 8.1, Windows 2008, Windows 2008 R2, Windows 2012 and Windows 2012 R2. Interestingly, the often-problematic Windows 10 isn’t included in the list, which is somewhat of a relief.

For now, Sophos is recommending that its customers running the above software configurations should avoid installing the following updates: KB4493467, KB4493446, KB4493448, KB4493472, KB4493450 and KB4493451.

For customers that have already installed the above updates and have encountered booting issues, Sophos recommends taking the following actions:

  1. Boot into safe mode
  2. Disable the following Sophos services:
    • Sophos Anti-Virus service
    • Sophos AutoUpdate Service
  3. Boot into normal mode
  4. Uninstall the Windows KB
  5. Enable the following Sophos services:
    • Sophos Anti-Virus service
    • Sophos AutoUpdate Service

For its part, Microsoft has issued the following statement, “Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to freeze or hang upon restart after installing this update.”

Microsoft says that it is now actively blocking the Patch Tuesday updates from installing on machines running Endpoint until an official software patch can be applied.