A recent Windows 11 24H2 cumulative update is reportedly causing compatibility issues, leading to crashes in the enterprise application SAP GUI. Microsoft is working with security vendors like CrowdStrike to investigate the root cause and develop a solution.
New York, NY – The latest Windows 11 24H2 cumulative update (KB5055523), released earlier this month, has triggered a wave of compatibility problems, most notably causing SAP GUI (version 800 32-bit) to crash during startup or when connecting to systems. The issue, initially reported by WindowsLatest, has been confirmed by SAP through internal technical notices and is being actively investigated by Microsoft and security firms.
The error, as detailed in reports, points to a fault within the ntdll.dll module, with the saplogon.exe application crashing due to an exception code of 0xc0000409. The affected module is located at C:\WINDOWS\SYSTEM32, and the faulting application path is
tdll.dllC:\Program Files (x86)\SAP\FrontEnd\SAPgui\saplogon.exe.
While Microsoft has yet to release an official statement, CrowdStrike has issued a support document suggesting a conflict between the KB5055523 update and their Falcon sensor. The document alleges that a bug within the update is causing a clash between Windows 11 and CrowdStrike Falcon, specifically when the AUMD (Additional User Mode Data) feature is enabled.
The Nitty-Gritty: What’s Causing the Crashes?
The core issue appears to stem from a conflict between the AUMD functionality of the CrowdStrike Falcon sensor and the recent Windows 11 update. While this conflict doesn’t cripple the operating system itself, it manifests in application-specific problems, most prominently the crashing or failure to launch of SAP GUI.
Here’s a breakdown:
- Trigger: Installation of the KB5055523 update with the AUMD feature of the CrowdStrike Falcon sensor enabled.
- Symptom: SAP GUI fails to launch or connect to systems.
- Technical Root Cause: Conflict between the AUMD functionality and the system update, leading to errors within the
ntdll.dllmodule.
Temporary Workarounds for Affected Users
Until a permanent fix is released, users experiencing these issues have a few temporary workarounds:
- System Rollback: Uninstall the KB5055523 update via Command Prompt or PowerShell. This will revert the system to its previous state before the problematic update.
- Feature Disablement: Disable the AUMD module within the Falcon Sensor. This requires administrator privileges and should be done with caution, understanding the potential security implications.
Looking Ahead: Collaboration for a Solution
CrowdStrike is actively collaborating with Microsoft and SAP to develop a permanent fix for this compatibility issue. This collaborative approach underscores the complexity of modern software ecosystems and the importance of coordinated responses to emerging problems.
The incident serves as a reminder of the potential for unforeseen consequences when updating complex software systems. While updates are crucial for security and performance improvements, thorough testing and collaboration between vendors are essential to minimize disruptions for end-users, particularly in enterprise environments where stability is paramount.
As the investigation continues, users are advised to monitor official channels from Microsoft, SAP, and CrowdStrike for updates and the eventual release of a patch.
References:
- IT之家 News Report: Win11 24H2 更新引发 SAP GUI 崩溃等兼容性问题,微软与安全厂商协同排查
- CrowdStrike Support Documentation (Potentially restricted access, consult CrowdStrike support).
Views: 0