Anyone who has ever watched the cult British TV comedy The IT Crowd will be familiar with tech support worker Roy and his de facto response to any query for help. “Hello, IT. Have you tried turning it off and on again?” Now Windows 10 Pro and Enterprise users are being given the same advice, by Microsoft support, in a bizarre case of real-life mimicking fiction.
What’s gone wrong with Windows now?
The problem that some Windows 10 Pro and Enterprise users, of versions 1903, 1909 and 2004, are having is a security one. Which in my book, given the popularity of Windows 10 among threat actors, makes it about as far from comedy as you can get. Windows 10 Home users are fortunately not affected by this particular security faux pas.
In this case, it’s an error message when opening the Windows Defender Application Guard (WDAG) or Windows Sandbox. Or rather, when trying to open them as the “not found” error reveals, they fail to start, which is hugely problematic for anyone using WDAG to protect both Windows 10 and Microsoft Edge from attack.
Windows Sandbox provides a fully isolated virtual machine Windows 10 environment in which untrusted apps can be tested. Both are essential ingredients in the security mix for many business users.
The issue appears to be similar to one I reported on last year when a “file not found” error was thrown up as Sandbox refused to start following a Windows update. Back then, a patch was the resolution.
That remains the case now, with Microsoft saying it is “working on a resolution and will provide an update in an upcoming release.” I have reached out to Microsoft in an effort to find out exactly when that might be.
However, given that Patch Tuesday next falls on August 11, and there is no indication a fix will be ready by then, you’ll probably be looking for a workaround to deal with this now.
Which is where the try turning it off and on again IT Crowd suggestion comes in.
Try turning it off and on again
“To mitigate this issue,” after getting one of those error messages, the Microsoft support post recommends, “you will need to restart your device.”
Of course, turning it off and on again is a time-honored tradition in the world of tech support, hence why it works so well in the IT Crowd sitcom. Ian Thornton-Trump, CISO at threat intelligence specialists Cyjax, doesn’t see the funny side though. He says that quality assurance systems cannot cope with all the potential interactions that combining new and legacy features bring.
“I don’t think Microsoft is deliberately pushing flawed code,” Thornton-Trump says, “but there is a growing diversity of application interaction.”
So while he’s not surprised that seemingly ever more buggy code gets into production releases, Thornton-Trump concludes that it’s “a really hard tech problem to solve even using static code analysis tools, and clearly AI-driven bug hunting applications are in their infancy.”
And there’s nothing funny about that.