Windows 11 Update Leaves Trend Micro Users Sitting Ducks To Ransomware

Ransomware with a duck head
Windows updates are typically supposed to patch security holes, add new features, improve performance, increase stability, or offer some combination of all those things. They're not supposed to leave your PC in worse shape then before they were installed, though that sometimes happens. That's the case right now for some Trend Micro users who are running Windows 11 and Windows Server 2022.

Microsoft recently began offering an optional update for Windows 11 (KB5014019) with a host of fixes and improvements in tow. For example, it fixes an annoying issue that was preventing the display brightness setting from sticking when changing the display mode, and stomps out a bug that was affecting certain GPUs and causing Direct3D 9 apps to close.

The list of fixes and improvements is much longer, but what's of concern is something that is not in the release notes—it breaks Trend Micro's ransomware protection on some PCs.

"Trend Micro is aware of a compatibility issue between the User Mode Hooking (UMH) component of several Trend Micro endpoint solutions and the latest Microsoft Windows 11 and Windows Server 2022 optional preview patches (KB5014019) released on May 24, 2022," Trend Micro stated in an advisory.

That particular component is employed by several Trend Micro endpoint and server protection products and is critical for some advanced features, including ransomware protection. According to Trend Micro, this component stops working for some odd reason when Windows 11 and Windows Server 2022 users install KB5014019 and reboot their PC, as is required when applying the preview patch.

Trend Micro says it is investigating the issue and working on a fix, which it hopes to have available "before the optional Windows patch becomes mandatory." In the meantime, if you're using a Trend Micro security product, your best bet is to avoid the optional Windows update for the time being. If it's too late for that, you can uninstall the patch, or "contact Trend Micro support for further assistance with a UMH debug module."