alert banner

ISSUE 19.52.1 • 2022-12-27

MS-DEFCON 3: Windows 10 22H2 may leave you blue


By Susan Bradley

I have a favorite Christmas song titled “We need a little Christmas,” from the Broadway musical “Mame.”

The uplifting tone of the song expresses the pleasure and happiness we experience during the holiday. We don’t usually associate “blue” feelings with the season (except Elvis).

Windows 10 could use a little of that holiday spirit. Unfortunately, two different patches for 22H2 appear to be throwing off blue screens of death for some — but not all — users. As much as I’d like to lower the MS-DEFCON level to the more serene level 4, so you can enjoy the holiday while applying updates, out of caution I am dropping it only one notch.

Bah, humbug!

Here is what we know about the two potential blue screen of death (BSOD) issues.

The easiest ghost to prevent is the patch KB5012170, which can trigger a failure to install (itself) and then throw off error Ox800f0922. It can also trigger a request for the BitLocker recovery key, which can be a bit of a shock if you don’t remember setting up BitLocker in the first place. The remedy for this lack of Christmas cheer is one of the BlockAPatch tools to block installation of KB5012170. Then you can finish up your New Year’s Eve party-planning without fear.

But the next ghost to visit isn’t quite so nice. KB5021233 not only causes disruption in our Christmas enjoyment this year, but it could also impact Christmases yet to come by triggering a booting failure of our computer systems. Although Microsoft states that the issue can be seen on Windows 10 21H1 and 21H2 as well, I’ve seen it reported only on 22H2 machines — just after I gave the all-clear to upgrade to that version. That’s my lump of coal for the year.

It does not appear to be widespread. I think it may be related to gaming hardware or software. This is where Microsoft could be a bit more helpful with its guidance. When it comes to Microsoft snooping on your machine for all sorts of things, I’d rather it snoop to understand what is causing the issues we see with updates. But with all of its telemetry — and I know Redmond does receive it — Microsoft is not sharing that information with the rest of us, at least not clearly and with poor pointers to side effects. Consider this technical note:

After installing this update, there might be a mismatch between the file versions of hidparse.sys in c:/windows/system32 and c:/windows/system32/drivers (assuming Windows is installed to your C: drive). This might cause signature validation to fail when cleanup occurs.

Clear as mud.

If you end up with this lovely KB5021233 Christmas gift from Microsoft, the only way around it is to boot into a command prompt mode called WinRE and then copy a backup of hidparse.sys back to the main location where the faulty copy is. (You can review the steps in this YouTube video.)

If Microsoft really wanted to be nice for Christmas, it would devise a self-healing process and not the cumbersome steps described in KB5021233 — hidden in the section titled “Click or tap to view the known issues.”

Microsoft indicates that it is investigating and working on a fix. In the meantime, AskWoody MVP Alejr has coded up a little batch file to check the status of the two potential hidparse.sys files on your system to see whether you might be at risk for this BSOD. He’s linked it in a forum post, which goes on to theorize that it’s triggered by some third-party application. I agree with his analysis. Unfortunately, we don’t know which app.

Consumer and home users

Given this bit of unclear information regarding cause and effect, ensure that you have a full backup of Windows 10 22H2, 22H1, or 21H1 and can thus restore your system before attempting to install the December updates. Alternatively, you can express your concern by deferring updates until after the January updates are released. However, if you’ve already installed the December updates, leave them installed. The problem occurs only while installing updates.

Windows 11 does not suffer from this same side effect and is not throwing off BSODs. I’m not seeing any problems, so you should be okay.

Business users

For those deploying patches to workstations, both Windows 10 and Windows 11 may be impacted by being unable to connect using ODBC connections through Microsoft ODBC SQL Server Driver (sqlsrv32.dll). You might receive an error in the app, or you might receive an error from SQL Server. Errors you might receive include the following messages:

  • The EMS System encountered a problem. Message: [Microsoft][ODBC SQL Server Driver] Protocol error in TDS Stream.
  • The EMS System encountered a problem. Message: [Microsoft][ODBC SQL Server Driver] Unknown token received from SQL Server.

Microsoft is working on a fix, but there is no ETA. A workaround seems to be installing a local SQL Server instance on the workstation.

Server admins are at least getting a Christmas present in the form of KB5022553 and KB5022554. These are both out-of-cycle updates being released for Server 2019 and Server 2022, respectively, to fix an issue that affects Hyper-V hosts using software-defined networking (SDN), The updates are managed by System Center Virtual Machine Manager (VMM).

Sadly, we’re not closing the year on a good note. Once again, it’s up to you to decide whether to patch. Updating is never without risk — there’s always a bit of Scrooge making the decision hard.



Talk Bubbles Join the conversation! Your questions, comments, and feedback
about this topic are always welcome in our forums!

Susan Bradley is the publisher of the AskWoody newsletters.

The AskWoody Newsletters are published by AskWoody Tech LLC, Fresno, CA USA.

Your subscription:

Microsoft and Windows are registered trademarks of Microsoft Corporation. AskWoody,, Windows Secrets Newsletter,, WinFind, Windows Gizmos, Security Baseline, Perimeter Scan, Wacky Web Week, the Windows Secrets Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of AskWoody Tech LLC. All other marks are the trademarks or service marks of their respective owners.

Copyright ©2022 AskWoody Tech LLC. All rights reserved.