September 22, 11:26am

Title: Users will see a frozen white screen when attempting to sign into the OneDrive for Business sync app
User impact: Users will see a frozen white screen when attempting to sign into the OneDrive for Business sync app.
Current status: We're investigating a potential issue and checking for impact to your organization. We'll provide an update within 30 minutes.

September 22, 11:42am

Current status: We're reviewing system logs to isolate the origin of this issue.
Scope of impact: Your organization is affected by this event, and any user may experience impact.
Next update by: Wednesday, September 22, 2021, at 6:00 PM UTC

September 22, 12:08pm

More info: As our investigation continues, we've confirmed with affected users that disabling Export Address Filtering (EAF) is a potential workaround to alleviate the impact. Admins who wish to do so can navigate to Windows Security > App & Browser Control > Exploit Protection Settings > Program Settings > OneDrive.exe > Turn off Export Address Filtering (EAF).
Current status: We're continuing our review of the available system logs to determine the underlaying cause of this issue.
Scope of impact: Your organization is affected by this event, and any user may experience impact.
Next update by: Wednesday, September 22, 2021, at 7:00 PM UTC

September 22, 2:26pm

More info: This issue might affect users who have the Microsoft Exploit Protection EAF (Export Address Filtering) feature enabled and have installed the September security updates.
Admins who wish to do so can navigate to Windows Security > App & Browser Control > Exploit Protection Settings > Program Settings > OneDrive.exe > Turn off Export Address Filtering (EAF) and mitigate the impact.
Alternatively, this issue can be mitigated using Known Issue Rollback (KIR): https://techcommunity.microsoft.com/t5/windows-it-pro-blog/known-issue-rollback-helping-you-keep-windows-devices-protected/ba-p/2176831.
For enterprise-managed devices that have installed an affected update and encountered this issue, it can be mitigated by installing and configuring a special Group Policy installed via an MSI file available for:
- Windows 10, version 1809 and Windows Server 2019: https://download.microsoft.com/download/7/f/1/7f194890-eea9-4cad-b19f-25ab67e41bbe/Windows%2010%20(1903%20&%201909)%20Known%20Issue%20Rollback%20091721%2001.msi
- Windows 10, version 1909: https://download.microsoft.com/download/7/f/1/7f194890-eea9-4cad-b19f-25ab67e41bbe/Windows%2010%20(1903%20&%201909)%20Known%20Issue%20Rollback%20091721%2001.msi
- Windows 10, version 2004, Windows 10, version 20H2 and Windows 10, version 21H1: https://download.microsoft.com/download/7/f/1/7f194890-eea9-4cad-b19f-25ab67e41bbe/Windows%2010%20(2004%20,%2020H2%20and%2021H1)%20Known%20Issue%20Rollback%20091721%2001.msi
- Windows Sever 2022: https://download.microsoft.com/download/7/f/1/7f194890-eea9-4cad-b19f-25ab67e41bbe/Windows%20Server%202022%20Known%20Issue%20Rollback%20091821%2001.msi
Note: Devices will need to be restarted after configuring the special Group Policy. For help, please see the following: https://docs.microsoft.com/en-us/troubleshoot/windows-client/group-policy/use-group-policy-to-deploy-known-issue-rollback
For general information on using Group Policies, see: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh831791(v=ws.11)
Please note that many Mobile Device Manager (MDM) customers can't deploy group policies. Customers unable to deploy group policy settings for the KIR should open support cases for further assistance.
Current status: We've confirmed that a recent Windows patch deployment inadvertently introduced an EAF issue that's contributing to the impact. We've successfully reproduced the issue locally to test potential long-term solutions to resolve this problem. As we focus on a permanent solution, we've confirmed with affected users that following the steps in the KIR provided or disabling EAF are both functioning as a successful workaround to mitigate the impact.
Scope of impact: Any user may be prevented from signing into the OneDrive for Business sync app.
Root cause: A recent Windows patch deployment inadvertently introduced an Export Address Filtering (EAF) issue that's contributing to the impact.
Next update by: Wednesday, September 22, 2021, at 9:00 PM UTC

September 22, 3:12pm

More info: This issue might affect users who have the Microsoft Exploit Protection EAF (Export Address Filtering) feature enabled and have installed the September security updates.

We've confirmed that users with Mobile Device Management (MDM) enabled devices can add the following reg key as a workaround: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\FeatureManagement\Overrides /v 2767781516 /t REG_DWORD /d 0 /f

We've also confirmed with affected users that disabling Export Address Filtering (EAF) is a potential workaround to alleviate the impact. Admins who wish to do so can navigate to Windows Security > App & Browser Control > Exploit Protection Settings > Program Settings > OneDrive.exe > Turn off Export Address Filtering (EAF) and mitigate the impact.

Alternatively, this issue can be mitigated using Known Issue Rollback (KIR):
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/known-issue-rollback-helping-you-keep-windows-devices-protected/ba-p/2176831.

For enterprise-managed devices that have installed an affected update and encountered this issue, it can be mitigated by installing and configuring a special Group Policy installed via an MSI file available for:

- Windows 10, version 1809 and Windows Server 2019: https://download.microsoft.com/download/7/f/1/7f194890-eea9-4cad-b19f-25ab67e41bbe/Windows%2010%20(1903%20&%201909)%20Known%20Issue%20Rollback%20091721%2001.msi

- Windows 10, version 1909: https://download.microsoft.com/download/7/f/1/7f194890-eea9-4cad-b19f-25ab67e41bbe/Windows%2010%20(1903%20&%201909)%20Known%20Issue%20Rollback%20091721%2001.msi

- Windows 10, version 2004, Windows 10, version 20H2 and Windows 10, version 21H1: https://download.microsoft.com/download/7/f/1/7f194890-eea9-4cad-b19f-25ab67e41bbe/Windows%2010%20(2004%20,%2020H2%20and%2021H1)%20Known%20Issue%20Rollback%20091721%2001.msi

- Windows Sever 2022: https://download.microsoft.com/download/7/f/1/7f194890-eea9-4cad-b19f-25ab67e41bbe/Windows%20Server%202022%20Known%20Issue%20Rollback%20091821%2001.msi

Note: Devices will need to be restarted after configuring the special Group Policy. For help, please see the following:
https://docs.microsoft.com/en-us/troubleshoot/windows-client/group-policy/use-group-policy-to-deploy-known-issue-rollback

For general information on using Group Policies, see:
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh831791(v=ws.11)

Please note that many Mobile Device Management (MDM) customers can't deploy group policies. Customers unable to deploy group policy settings for the KIR should open support cases for further assistance.
Current status: While focused on expediting a permanent fix for this issue, we've confirmed another workaround for users with Mobile Device Management (MDM) enabled devices by adding a specific reg key provided in the "more info" section.
Scope of impact: Any user may be prevented from signing into the OneDrive for Business sync app.
Root cause: A recent Windows patch deployment inadvertently introduced an Export Address Filtering (EAF) issue that's contributing to the impact.
Next update by: Friday, September 24, 2021, at 11:00 PM UTC

September 24, 4:48pm

More info: This issue might affect users who have the Microsoft Exploit Protection EAF (Export Address Filtering) feature enabled and have installed the September security updates.
Users can mitigate impact by following the steps within the Known Issue Rollback (KIR) article: https://techcommunity.microsoft.com/t5/windows-it-pro-blog/known-issue-rollback-helping-you-keep-windows-devices-protected/ba-p/2176831.
For enterprise-managed devices that have installed an affected update and encountered this issue, it can be mitigated by installing and configuring a special Group Policy installed via an MSI file available for: - Windows 10, version 1809 and Windows Server 2019: https://download.microsoft.com/download/7/f/1/7f194890-eea9-4cad-b19f-25ab67e41bbe/Windows%2010%20(1903%20&%201909)%20Known%20Issue%20Rollback%20091721%2001.msi
- Windows 10, version 1909: https://download.microsoft.com/download/7/f/1/7f194890-eea9-4cad-b19f-25ab67e41bbe/Windows%2010%20(1903%20&%201909)%20Known%20Issue%20Rollback%20091721%2001.msi
- Windows 10, version 2004, Windows 10, version 20H2 and Windows 10, version 21H1: https://download.microsoft.com/download/7/f/1/7f194890-eea9-4cad-b19f-25ab67e41bbe/Windows%2010%20(2004%20,%2020H2%20and%2021H1)%20Known%20Issue%20Rollback%20091721%2001.msi
- Windows Server 2022: https://download.microsoft.com/download/7/f/1/7f194890-eea9-4cad-b19f-25ab67e41bbe/Windows%20Server%202022%20Known%20Issue%20Rollback%20091821%2001.msi
Note: Devices will need to be restarted after configuring the special Group Policy. For help, please see the following: https://docs.microsoft.com/en-us/troubleshoot/windows-client/group-policy/use-group-policy-to-deploy-known-issue-rollback
For general information on using Group Policies, see: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh831791(v=ws.11)
We've confirmed that users with Mobile Device Management (MDM) enabled devices can add reg keys as a workaround. The following below will need to be implemented, depending on your organization’s server version:
Windows Server 2022: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\FeatureManagement\Overrides /v 2801335948 /t REG_DWORD /d 0 /f
Windows 10, version 2004, Windows 10, version 20H2 and Windows 10, version 21H1: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\FeatureManagement\Overrides /v 2767781516 /t REG_DWORD /d 0 /f
Windows 10, version 1909: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\FeatureManagement\Overrides /v 928713355 /t REG_DWORD /d 0 /f
Windows 10, version 1809, Windows Server 2019: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\FeatureManagement\Overrides /v 2371422858 /t REG_DWORD /d 0 /f
Alternatively, we've also confirmed with affected users that disabling Export Address Filtering (EAF) is a potential workaround to alleviate the impact. Admins who wish to do so can navigate to Windows Security > App & Browser Control > Exploit Protection Settings > Program Settings > OneDrive.exe > Turn off Export Address Filtering (EAF) and mitigate the impact.
Please note that many Mobile Device Management (MDM) customers can't deploy group policies. Customers unable to deploy group policy settings for the KIR should open support cases for further assistance.
Current status: We've prepared a fix for this issue and are preparing it for deployment through our change management protocols. Due to the complexity and nature of our solution, we expect this process to take several weeks to complete. In the interim, users are encouraged to leverage the workarounds provided above.
Scope of impact: Any user may be prevented from signing into the OneDrive for Business sync app.
Preliminary root cause: A recent Windows patch deployment inadvertently introduced an Export Address Filtering (EAF) issue that's contributing to the impact.
Next update by: Monday, October 11, 2021, at 11:30 PM UTC

October 11, 5:17pm

More info: This issue might affect users who have the Microsoft Exploit Protection EAF (Export Address Filtering) feature enabled and have installed the September security updates.
We recommend implementing the Known Issue Rollback (KIR) or manually adding the registry keys if users need immediate relief. Details on how to implement these workarounds can be found through the following link: https://docs.microsoft.com/en-us/windows/release-health/status-windows-10-21h1#1696msgdesc
Alternatively, we've also confirmed with affected users that disabling Export Address Filtering (EAF) is a potential workaround to alleviate the impact. Admins who wish to do so can navigate to Windows Security > App & Browser Control > Exploit Protection Settings > Program Settings > OneDrive.exe > Turn off Export Address Filtering (EAF) and mitigate the impact.
Please note that many Mobile Device Management (MDM) customers can't deploy group policies. Customers unable to deploy group policy settings for the KIR should open support cases for further assistance.
Current status: We're working through final preparations to deploy the fix for the affected customers, and we’ll provide an updated ETA as soon as it becomes available. In the interim users are encouraged to leverage the workarounds provided above.
Scope of impact: Any user may be prevented from signing into the OneDrive for Business sync app.
Preliminary root cause: A recent Windows patch deployment inadvertently introduced an Export Address Filtering (EAF) issue that's contributing to the impact.
Next update by: Wednesday, October 20, 2021, at 11:30 PM UTC

October 19, 1:22pm

More info: This issue might affect users who have the Microsoft Exploit Protection EAF (Export Address Filtering) feature enabled and have installed the September security updates.
This issue might affect users who have the Microsoft Exploit Protection EAF (Export Address Filtering) feature enabled and have installed the September security updates.
We've confirmed that users with Mobile Device Management (MDM) enabled devices can add the following reg key as a workaround: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\FeatureManagement\Overrides /v 2767781516 /t REG_DWORD /d 0 /f
We've also confirmed with affected users that disabling Export Address Filtering (EAF) is a potential workaround to alleviate the impact. Admins who wish to do so can navigate to Windows Security > App & Browser Control > Exploit Protection Settings > Program Settings > OneDrive.exe > Turn off Export Address Filtering (EAF) and mitigate the impact.
Alternatively, this issue can be mitigated using Known Issue Rollback (KIR):
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/known-issue-rollback-helping-you-keep-windows-devices-protected/ba-p/2176831.
For enterprise-managed devices that have installed an affected update and encountered this issue, it can be mitigated by installing and configuring a special Group Policy installed via an MSI file available for:
- Windows 10, version 1809 and Windows Server 2019: https://download.microsoft.com/download/7/f/1/7f194890-eea9-4cad-b19f-25ab67e41bbe/Windows%2010%20(1903%20&%201909)%20Known%20Issue%20Rollback%20091721%2001.msi
- Windows 10, version 1909: https://download.microsoft.com/download/7/f/1/7f194890-eea9-4cad-b19f-25ab67e41bbe/Windows%2010%20(1903%20&%201909)%20Known%20Issue%20Rollback%20091721%2001.msi
- Windows 10, version 2004, Windows 10, version 20H2 and Windows 10, version 21H1: https://download.microsoft.com/download/7/f/1/7f194890-eea9-4cad-b19f-25ab67e41bbe/Windows%2010%20(2004%20,%2020H2%20and%2021H1)%20Known%20Issue%20Rollback%20091721%2001.msi
- Windows Sever 2022: https://download.microsoft.com/download/7/f/1/7f194890-eea9-4cad-b19f-25ab67e41bbe/Windows%20Server%202022%20Known%20Issue%20Rollback%20091821%2001.msi
Note: Devices will need to be restarted after configuring the special Group Policy. For help, please see the following:
https://docs.microsoft.com/en-us/troubleshoot/windows-client/group-policy/use-group-policy-to-deploy-known-issue-rollback
For general information on using Group Policies, see:
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh831791(v=ws.11)
Please note that many Mobile Device Management (MDM) customers can't deploy group policies. Customers unable to deploy group policy settings for the KIR should open support cases for further assistance.
Current status: The fix has been deployed and is contained within the October Windows update. Users will need to initiate the update on their device to remediate the issue.
Scope of impact: Any user may be prevented from signing into the OneDrive for Business sync app.
Preliminary root cause: root cause: A recent Windows patch deployment inadvertently introduced an Export Address Filtering (EAF) issue that's contributing to the impact.
Next update by: Friday, October 22, 2021, at 11:30 PM UTC