KB4520062 for Windows 10 1809 may break Microsoft Advanced Threat Protection
Microsoft released the second back of October 2019 updates for various supported Windows 10 versions on October 15, 2019. The cumulative updates, all non-security, fix various issues in Windows 10.
It is usually a good idea to postpone the installation of the second wave of updates of any given month unless systems are affected by issues fixed in those.
One of the main reasons for that, apart from reducing the burden on administrators, is that updates may introduce new known issues that affect devices that are upgraded.
Microsoft’s track record in the past year has not been the best in regards to update quality. While the company claimed that update quality is better than ever, user perception seems to suggest otherwise: from Windows 10 version 1809 which the company had to pull for six weeks after release because of stopper bugs to more recent updates that introduced a whole number of issues.
KB4520062, the most recent update for Windows 10 version 1809, released October 15, 2019, introduced a new bug that affects Microsoft Advanced Threat Protection.
Microsoft added the issue to the list of known issues on the support page of the update:
After installing this update, the Microsoft Defender Advanced Threat Protection (ATP) service might stop running and might fail to send reporting data. You might also receive a 0xc0000409 error in Event Viewer in MsSense.exe.
The company suggests that the update is not installed on devices which rely on Microsoft Defender Advanced Threat Protection functionality.
At this time, we suggest that devices in an affected environment do not install this update.
Microsoft hopes that it will have a solution for the issue ready in mid-November, likely in time for the November 2019 Patch Day on November 12, 2019. Microsoft releases security updates for all supported versions of Windows on the second Tuesday of any month.
The known issues page on the Microsoft Docs website for Windows 10 version 1809 lists the issue as well as an unresolved issue. It lists Windows 10 version 1809, Windows 10 Enterprise LTSC 2019 and Windows Server version 1809 / Windows Server 2019 as affected operating systems.
Microsoft did not add the issue to other versions of Windows 10 that it released cumulative updates for on October 15, 2019.