ssh causes system halt, BSOD after KB4489868

[raysuelzer]

I know it says not to post BSOD, but this issue is impacting multiple users. When using ssh with the -A flag, or for some people when using any key, it causes a blue screen of death.

Details in the reddit thread: https://www.reddit.com/r/bashonubuntuonwindows/comments/b0o6v6/after_update_ssh_to_remote_hosts_cause_blue_screen/

[chx]

I reported at https://github.com/Microsoft/WSL/issues/3915 I will close mine. I emailed minidumps to secure@microsoft.com got a canned reply "Thank you for contacting the Microsoft Security Response Center (MSRC). These types of support issues are not something that we can assist with directly. The appropriate page to contact support is available at:" blah blah blah.

[Brian-Perkins]

We were able to repro this internally and are working on a fix.

[xuan-w]

I have this problem too. I used ssh-agent and it lead to BSOD.

Good to know you are aware of the problem.

[jpaclcarneiro]

Also experiencing this problem when using ForwardAgent. Waiting for your fix!

[apendragon]

same issue on my side. It occurs only when I forward the agent (with -A option).

[zz9pzza]

As https://www.reddit.com/r/bashonubuntuonwindows/comments/b0o6v6/after_update_ssh_to_remote_hosts_cause_blue_screen/ says rolling back KB4489868 means I can continue to use my machine until there is another fix.

I really came to say thank you for making windows useable for developers and admins.

[achernyakevich-sc]

My experiments show that problem disappears when I have not used or turned off Agent Forwarding.

I had it turned on for all my SSH connections in the .ssh/config. So after commenting the following line in my config I have avoided BSOD:

ForwardAgent yes

Take into account that this setting could be defined for every host definition in your config so it could cause that some hosts are accessible and some will cause problem.

If you do not use config file then you still could reach to problem if you use Agent Forwarding by setting -A option for your ssh command. Just as temporary solution - you could avoid to use it.

Fortunately this and next week I don't need to work actively with hosts that need Agent Forwarding so I will just wait when guys will have fixed the root of the problem, prepare it as regular update and let us know in this thread that we can turn on Agent Forwarding again. :)

[tony1223]

This is a really annoying one.....the ssh is a core service.

[achernyakevich-sc]

@Brian-Perkins

We were able to repro this internally and are working on a fix.

8 days gone since you could reproduce the problem.

I would appreciate any news and estimation about when it could be fixed? Maybe you need any help?

[Brian-Perkins]

@achernyakevich-sc - as you are aware, shipping new bugs as part of updates is not ideal (where we find ourselves here), so there are a number of processes we have internally, designed to increase the quality of our update packages. We are navigating through those processes now. In this case, the issue is serious and the fix is fairly simple, so I am hopeful we can make the April release. We tend to avoid dates in these scenarios, as providing a date would imply more certainty than we actually have. I can say with certainty that everyone is aware that this needs fixed as quickly as possible.

[ggolda]

Is there any workaround that can help us to fix this issue? Agent forwarding is a part of my deployment process, sorry but we can not to wait until April, ssh is a core service.

May be its possible at least to build and install manually a beta prerelease version of this fix?

[jwverzijden]

I have no workaround, in fact I wish there was something to just disable or ignore this update... (I'm using windows home), every 2 days this updates gets installed again and I have to manually remove it... disabling the windows update service doesn't seem to do much as it re enables itself after a day or 2.

so I'll be removing this update until April I guess.

[tomforge]

Seems like you can pause updates in Settings > Windows Update > Advanced Settings

[ggolda]

@crostine hey, thanks for the suggestion. Can you pls explain or send a link how to revert this update? I think it will be useful for everyone!

[jwverzijden]

I have tried many things, believe me. in my windows home there is no such thing as pausing updates

I just tried this tool: https://support.microsoft.com/en-us/help/3073930/how-to-temporarily-prevent-a-driver-update-from-reinstalling-in-window It looked like it was working, until I restarted the computer, then the update got installed anyway and well it's not hidden anymore even after removing it.

so maybe I can fake my connection to be a metered connection and prevent windows from downloading that way, at the cost of all the problems metered connections have.

@ggolda to remove the update I go to windows update overview in settings then click "view update history" almost at the top then click "uninstall updates" at the top it then opens a new window with the title "Installed Updates" here you can uninstall the update by finding it in the list, selecting it and select uninstall. and do the restart after the uninstall.

[achernyakevich-sc]

Dear @Brian-Perkins

so I am hopeful we can make the April release.

I know how is it when you develop and maintain complicated software solutions and what kind processes could be behind of it. Thank you very much for providing information about April release. We will keep fingers crossed to get it fixed as you plan. :)

[ggolda]

@crostine thanks!

[Po-wei]

My Laptop does not get this update, even if I press check for updates several times. I think this update might be removed temporary.

[Po-wei]

@Brian-Perkins Hope April update will be better and more stable!

[kvietmeier]

Could this be related to: https://community.mcafee.com/t5/Endpoint-Security-ENS/blue-screen-mfeepmpk-wsl-git/td-p/616729

I can't even open WSL from ConEmu or MobaXterm without a BSOD due to a pagefault by mfeepmpk. I don't even get to run SSH.

[kvietmeier]

The driver mentioned from the bugcheck is the Exploit Prevention driver (mfeepmpk.sys). A possible work-around would be to disable Exploit Prevention.

This works but is not an option for many of us working in restrictive corporate environments. I'll see if I can remove the update mentioned here.

[McJoppy]

To remove the patch I'm running wusa /uninstall /kb:4489868 via admin console.

Will try the pause updates to stop the re-installation too!

[mr-deamon]

The driver mentioned from the bugcheck is the Exploit Prevention driver (mfeepmpk.sys). A possible work-around would be to disable Exploit Prevention.

Worked for me! Can't tell if it was the windows-update or McAfee...

[KaspervdHeijden]

Uninstalling kb4489868 is just a temp fix; Windows Update will just reinstall it. Disabling WU just because of this will miss out on other potential key fixes. Very much hoping on a swift fix here!

[draycasejr]

@achernyakevich-sc how are you doing this? I do not have a .ssh/config in any of my ubuntu directories so I can't see how this works.
I switched it off in /etc/ssh/ssh_config, but it didn't make a difference - it still blue screens when I try to ssh using Jsch via java. I couldn't find any way to turn off agent fowarding in Jsch.

My experiments show that problem disappears when I have not used or turned off Agent Forwarding.

I had it turned on for all my SSH connections in the .ssh/config. So after commenting the following line in my config I have avoided BSOD:

ForwardAgent yes

Take into account that this setting could be defined for every host definition in your config so it could cause that some hosts are accessible and some will cause problem.

If you do not use config file then you still could reach to problem if you use Agent Forwarding by setting -A option for your ssh command. Just as temporary solution - you could avoid to use it.

Fortunately this and next week I don't need to work actively with hosts that need Agent Forwarding so I will just wait when guys will have fixed the root of the problem, prepare it as regular update and let us know in this thread that we can turn on Agent Forwarding again. :)

[vasekboch]

I`ve upgraded to 1809 and the problem is gone.

[draycasejr]

Yes. 1809 fixes the BSOD, but now I can't ssh to a remote host. Regular Windows ssh works fine. Argh!!

WSL SCP works fine too. SMH

[chx]

I had SSH do that for me and a reboot fixed it. Go figure.

[McJoppy]

Just joined the club and installed 1809.

So far no issues.

[achernyakevich-sc]

Dear @draycasejr

@achernyakevich-sc how are you doing this? I do not have a .ssh/config in any of my ubuntu directories so I can't see how this works. I switched it off in /etc/ssh/ssh_config, but it didn't make a difference - it still blue screens when I try to ssh using Jsch via java. I couldn't find any way to turn off agent fowarding in Jsch.

SSH client config file usually is located at ~/.ssh/config, If you cant find it then you have no special config. But this is used only for ssh utility.

So in your case as you use Java solution this config file even if it exists will not be applied. You need to find a way how to disable AgentForwarding from inside of Java utility.

Though it looks as not actual anymore. I have just installed Features Update 1809 and problem is gone completely. So the simplest way for you could be just install latest updates.

Finally, @Brian-Perkins - it looks this issues could be marked as resolved and get closed.

Thanks to everybody who helped to get it fixed! :)

[maym2104]

The BSOD I got were from using rsync and scp on Ubuntu 18.04; update seemed to have fixed it as well.

[Brian-Perkins]

To address this on RS3 (version 1709, build 16299.*), apply KB4493441. If you are able to upgrade to a newer release, that is also a good solution as there are new WSL features in every release.

[Narimm]

So according to https://support.microsoft.com/en-us/help/4493464/windows-10-update-kb4493464 a patch was rolled out to address this and I can confirm on my system that it no longer blue screens when I enabled agent forwarding in the config....that being said its NOT actually agent forwarding at all..

To be sure prior to the update I tried to agent forward - and it blue screens I then updated and tried again nad we had no blue screen = however no I have no agent forward despite using -A to force it.

[Brian-Perkins]

@Narimm - now you are likely running into #3183 which unfortunately was not fixed until a couple of releases later RS5/1809. Prior to this fix we did not support closing one end of a unix socket and still getting credentials from the other, so it would only work when you got lucky racing with the close. That race window has narrowed with the latest RS3 packages, so the unfortunate side-effect is you are more apt to hit this issue.

[Narimm]

Yeah thanks I just installed RS5/1809 and confirm via the verbose ssh logs that forwarding now works as expected - I would suggest this issue be marked as resolved and closed I would say you could close #3183 based on my finding as well...

I can confirm forwarding was not working via verbose logs prior to [ RS5/1809.] (https://blogs.windows.com/windowsexperience/2018/10/02/how-to-get-the-windows-10-october-2018-update) However I cant find mention in any KB were a fix was applied in this update

However it has fixed all the forwarding issues. and blue screens

[ddukic]

Working after latest win update May 2019 version 1809.

[fhalloumi]

I replicated the problem with May 2019 Update. I don't think it is solved.

[OlegKlimenko]

I have pretty the same issue. After some discovering I found out this article. For me, the issue is that McAfee is blocking this action with Exploit Prevention mechanism.

Check this link: https://community.mcafee.com/t5/Endpoint-Security-ENS/blue-screen-mfeepmpk-wsl-git/td-p/616729

Maybe it will help you. Best regards

[asharamseervi]

BUMP. Almost 10 months since this issue was raised. I'm not using any 3rd party anti-virus or tool, just naked Windows Enterprise, Build 18362.19h1_release.190318-1202 which is latest build available, still I can reproduce this.

What is core objective to develop enterprise version, when we even can't use SSH and simple git fetch/git pull properly. Any ETA to fix this issue?

[JoshTumath]

I found that this crash is also caused by the Windows Security 'ransomware protection'. Turning off the 'controlled folder access' setting fixed the BSODs for me.

[JoshTumath]

I found that this crash is also caused by the Windows Security 'ransomware protection'. Turning off the 'controlled folder access' setting fixed the BSODs for me.

I take that back. I later tried running npm install in a project, which again caused the PAGE_FAULT_IN_NONPAGED_AREA error.

[DemiMarie]

@JoshTumath this might be a separate problem

[microsoft-github-policy-service[bot]]

This issue has been automatically closed since it has not had any activity for the past year. If you're still experiencing this issue please re-file this as a new issue or feature request.

Thank you!