One of the highlights of the recent Windows 10 1903 update, at least for users who value their security, had to have been the introduction of the Windows Sandbox. What a shame that Microsoft just broke it…
What is the Windows Sandbox?
This virtualized desktop environment, which runs Windows 10 as a brand-new and clean installation every time, allows users to execute potentially harmful files without any impact to your system. It’s a really cool security feature for anyone who ever worries about running software that might maliciously, or even accidentally, cause problems to your computer and the data upon it. As Security researcher, and Open Web Application Security Project (OWASP) Scotland chapter leader, Sean Wright writes, “This sandbox is not typically like a VM (virtual machine.) It acts more like an application; you can even pin it to your taskbar!” What’s more, everything you need is included in Windows so there’s no requirement to install third-party VM software; it just works right out of the box. Unless you’ve installed a May 14 Windows update that is…
What’s the problem?
Microsoft has confirmed that users who have installed the KB4497936 update may find that the Windows Sandbox will fail to launch. A number of users on Twitter have complained that this is the case and posted screenshots of the “Windows Sandbox failed to start” error message.
Who does this impact?
Here’s the good, or bad, news depending upon what type of Windows 10 user you are. Firstly, it’s important to understand that the Windows Sandbox is only included with version 1903, the May update, for Windows Pro and Windows Enterprise only. Windows Home users never got the security feature in the first place so can relax as nothing has been broken for them. Ditto as far as ordinary Pro or Enterprise users are concerned; the KB4497936 is an update that’s just for those users on the Windows Insider program which allows ordinary folk to get pre-release builds of the operating system that previously only software developers could access. The Insider program has three “rings” that provide different levels of update frequency, and users of the fast, slow and preview rings are all impacted by this problem.
What does Microsoft say?
The official Microsoft confirmation of the problem states that: “Windows Sandbox may fail to start with “ERROR_FILE_NOT_FOUND (0x80070002)” on devices in which the operating system language is changed during the update process when installing Windows 10, version 1903.” It does not go into any more detail than that but does say Microsoft is “working on a resolution” with a fix expected to be released late next month.
What do I think?
I get frustrated when things go wrong with the Windows update process, which means I’m always feeling frustrated truth be told. However, in this case, that frustration is tempered by the fact that those who have been impacted by the borking of Windows Sandbox had signed up to get pre-release builds of the operating system. In those circumstances one should always be prepared for things not working as expected as you are testing something that’s not yet been approved for general release. That said, given the sheer number of problems that Windows updates cause, I hope that Microsoft can own the issues soon or I fear people will simply find ways to prevent updating at all. The trouble with that if it ain’t broke scenario being, of course, that systems will miss out on important security fixes and so be exposed to a very dynamic threatscape.