Microsoft has warned that some Windows 10 users may encounter the infamous ‘blue screen of death’ (BSOD) after installing its latest 'Patch Tuesday' security updates.
In an update on the Windows Health Dashboard, the company revealed that the blue screen issue could affect selected users who downloaded the KB5021233 update in this month’s recent raft of security fixes.
KB5021233 was initially intended to resolve an issue affecting the Camera app after users reported that the app stops responding when memory is low.
The issue has so far affected users operating several different versions of Windows 10, the firm revealed, including 22H2, 21H2, 21H1, and 20H2.
Impacted users have been met with the BSOD and error code 0xc000021a upon startup, and have been unable to access devices.
“After installing KB5021233, there might be a mismatch between the file versions of hidparse.sys in c:/windows/system32 and c:/windows/system32/drivers (assuming Windows is installed to your C: drive), which might cause signature validation to fail when cleanup occurs,” Microsoft confirmed in its update over the weekend.
How to fix the issue
Microsoft revealed it is currently “working on a resolution” for the issue and said it will provide an update in an upcoming release.
However, for users currently affected by the problem, the firm offered a temporary workaround using the Windows Recovery Environment (WinRE).
“To mitigate this issue on devices already experiencing it, you will need to use Windows Recovery Environment (WinRE),” Microsoft said.
The firm outlined the following steps for affected users:
- Enter Windows Recovery Environment. If your device has not automatically started up into WinRE, please see Entry points into WinRE.
- Select 'Troubleshoot'
- Select the 'Start recovery, troubleshooting, and diagnostic tools button
- Select 'Advanced Options'
- Select 'Command Prompt' and wait for your device to restart, if needed.
- Your device should restart to a Command Prompt window. You might need to sign into your device with your password before getting to the Command Prompt window
- Run the following command (Important: If Windows is not installed to C:\windows you will need to modify the command to your environment): xcopy C:\windows\system32\drivers\hidparse.sys C:\windows\\system32\hidparse.sys
- Once the previous command completes, type: exit
- Select 'Continue'
After following these steps, Microsoft said Windows should now startup “as expected” for users. The firm also warned users against finding alternative workarounds.
“It is not recommended to follow any other workaround than those recommended above. We do not recommend deleting the hidparse.sys from your Windows\System32 folder,” the company said.
This particular issue comes as a result of Microsoft’s recent Patch Tuesday update, issued on 13 December.
As part of the update, Microsoft patched a number of critical vulnerabilities along with fixes for two critical zero-day vulnerabilities.
49 vulnerabilities were disclosed in the bulletin last week. Six were rated as ‘critical’ while another was identified as having been actively exploited in the wild.
The exploited bug, tracked as CVE-2022-44698, was found to affect Windows SmartScreen and enabled threat actors to bypass Mark of the Web (MOTW) protocols.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2023.
Ross Kelly is ITPro's News & Analysis Editor, responsible for leading the brand's news output and in-depth reporting on the latest stories from across the business technology landscape. Ross was previously a Staff Writer, during which time he developed a keen interest in cyber security, business leadership, and emerging technologies.
He graduated from Edinburgh Napier University in 2016 with a BA (Hons) in Journalism, and joined ITPro in 2022 after four years working in technology conference research.