We manage 4,000 servers, workstations and laptops at Community IT. That’s a lot of computers to monitor and patch! Over the past month we started seeing an increase in the number of systems that are not installing Windows Updates successfully. Based on that information our endpoint management team began to do some research into the underlying cause.
What are the technical details?
Microsoft just announced that the Windows Update issues are caused by a bug in the Windows Update Agent in Windows 7. Scanning for updates in Windows 7 causes the svchost.exe process hosting the Windows Update Engine to consume anywhere from 800 MB to well over 1 GB of memory. Both 32-bit and 64-bit versions of Windows experience high CPU and memory utilization, however on 32-bit installations of Windows 7 the computer will often experience an out of memory error that causes patch scan and subsequent installations to fail.
There are so many updates available when Windows Update scans the computer for what needs to be installed that it runs out of memory and crashes.
This bug affects any management process that leverages the Windows Update API and is a known issue affecting LabTech, Kasyea, and WSUS/SCCM.
Is there a fix?
LabTech, the remote monitoring and management tool used at Community IT, is looking for a possible fix. Ultimately, they may be dependent on a patch to the Windows Update Agent by Microsoft. LabTech does not have a workaround to recommend at this time.
Microsoft indicates in the TechNet discussion of this issue that a hotfix for this issue is in development and will be issued late this quarter.
At this point we are developing our own workaround, which is in beta testing now, and will be an effective stop gap measure until Microsoft issues the ultimate fix.