Important information regarding Microsoft Updates KB4056896, KB4056890, KB4056892, KB4056895, KB4056898 and KB4056899 – What you need to know

On April 4th 2023, AVEVA published Tech Alert 22133 (Microsoft Updates KB4056896, KB4056890, KB4056892, KB4056895, KB4056898 and KB4056899 have been tested on our product systems. We recommend not applying these KBs to systems running our products.) The Tech Alert covers Microsoft Updates including KB4056896, KB4056890, KB4056892, KB4056895, KB4056898 and KB4056899, which are security patches for Meltdown and Spectre vulnerabilities. These Updates have an issue which causes instability with Wonderware products, and we highly recommend these Updates not be applied to systems running AVEVA products.

However, we have successfully tested Microsoft’s recently-released KB4057401, KB4057402, KB4057142 and KB4073291, which resolve the known issue that leads to the instability reported in this Tech Alert. No issues have been found. We recommend subscribing to this alert to be notified via email with any additional information provided by AVEVA.

Registered customers can subscribe directly via the GCS support site:

Tech Alert 22133

For your convenience, you can view a transcription of the Tech Alert below:

Microsoft Updates KB4056896, KB4056890, KB4056892, KB4056895, KB4056898 and KB4056899 have been tested on our product systems. We recommend not applying these KBs to systems running our products.

Situation

After applying the Microsoft Update, Wonderware products may become unstable. Microsoft has confirmed that there is an issue with this Update, and has recently released KB4057401, KB4057402, KB4057142 and KB4073291 to resolve the problem.

Wonderware has tested all KBs noted in this Tech Alert to determine the issues and recommendations.

Symptoms

When Microsoft Updates KB4056896 (or KB4056890, KB4056892, KB4056895, KB4056898, KB4056899) are installed, Wonderware products may become unresponsive or instable:

  • Historian System Driver service will stop and Historian will become unresponsive.
  • For computers hosting DA/OI Servers, the DA/OI Servers may not be accessible through the SMC.
  • For Application Server, deploy may fail with the following messages in the Deploy Window:
    • Error: Failed to deploy <Platform Name>: Remote Node’s UserId/Password don’t match GR Node’s.
    • [WARNING] Deploy Completed: Deployed 0 object(s) out of a total x selected object(s) starting with <Platform Name> hosted by <Galaxy Name>.

Action

The root problem is a known issue in Microsoft’s Update KB4056896 (and KB4056890, KB4056892, KB4056895, KB4056898, KB4056899). Microsoft has confirmed that there is an issue with this Update and has recently released KB4057401, KB4057402, KB4057142 and KB4073291 to resolve the problem.

Wonderware has tested all KBs noted in this Tech Alert to determine the issues and resolutions.

Note: The new KBs (KB4057401, KB4057402, KB4057142 and KB4073291) can successfully be installed on systems where previously installed KBs (KB4056896, KB4056890, KB4056892, KB4056895, KB4056898 and KB4056899) and any of our workarounds including Hotfixes noted here without issue.

  • Wonderware advises customers not apply Microsoft update KB4056896 (and KB4056890, KB4056892, KB4056895, KB4056898, KB4056899). We recommend customers to apply KB4057401, KB4057402, KB4057142 and KB4073291 Updates (using normal pre-production test procedures). Please contact Technical Support for additional information and Hotfix availability.
  • If the Microsoft KBs with known issues have been installed, please uninstall or install the new KBs (KB4057401, KB4057402, KB4057142 and KB4073291).
  • If the Microsoft KBs with known issues cannot be uninstalled or updated from the Historian Server, please contact Wonderware Support for a Hotfix.
  • If the Microsoft KBs with known issues cannot be uninstalled or updated from a machine hosting DA/OI Servers, the workaround is as follows:
    • Customers running System Platform 2014 or 2014 R2, please upgrade to OI Core 2.1
    • Customers running System Platform 2012 R2, please upgrade to OI Core 2.1 and contact Technical Support for Hotfix L00147813

Additionally, the Intel and AMD firmware updates have NOT been tested due to reports of operational issues. We recommend customers analyze their risks to the chip vulnerabilities before applying Intel or AMD firmware updates. If customers determine they want to install the firmware updates, they should test them in a non-production environment first before applying them to a production system.

Wonderware Technical Support will continue to monitor the Intel and AMD firmware updates and advise if there any changes to the recommendations.