kb4535996 for Windows 10 breaks signtool.exe RRS feed

  • Question

  • I just installer kb4535996 (released on 02.27.2020) on Windows 10 64-bit and it breaks signtool.exe

    After kb4535996 gets installed signtool.exe will not run.  It simply exits, 


    C:\>"C:\Program Files (x86)\Windows Kits\10\bin\x64\signtool.exe" /?

    C:\>echo %errorlevel%


    Once you uninstall kb4535996 is starts working again.


    "C:\Program Files (x86)\Windows Kits\10\bin\x64\signtool.exe" /?
    Usage: signtool <command> [options]

            Valid commands:
                    sign       --  Sign files using an embedded signature.
                    timestamp  --  Timestamp previously-signed files.
                    verify     --  Verify embedded or catalog signatures.
                    catdb      --  Modify a catalog database.
                    remove     --  Reduce the size of an embedded signed file.

    For help on a specific command, enter "signtool <command> /?"


    Is this known? When will it be fixed?

    I've testing this on both Windows 10 enterprise and Pro.  Same issue.

    Monday, March 2, 2020 8:43 PM

All replies

  • I see the same problem as you. Uninstalling KB4535996 also fixed it for me as well.
    • Proposed as answer by Hans Hasenack Tuesday, March 3, 2020 10:45 AM
    Monday, March 2, 2020 9:29 PM
  • I just installer kb4535996 (released on 02.27.2020) on Windows 10 64-bit and it breaks signtool.exe

    Hey Klafredo,

    Updates not released on patch Tuesday are usually in some kind of beta format.  If you installed it and it caused an error, then it could be that you were a test subject for MS.  I suggest you figure out a way to moderate your updates to only happen on the second Tuesday of the month.

    As for the fact that this broke something, this happens all the time and MS needs to know about it.  I suggest you report the bug to MS via their KB site.

    Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Monday, March 2, 2020 9:37 PM
  • I did contact Microsoft about this issue and they told me to post it to this forum.  They said it is how you submit a bug...

    Nowhere in the release notes does it state that this is a "beta"...

    I've never heard of Microsoft releasing beta updates to the general public...

    Monday, March 2, 2020 9:49 PM
  • same problem here
    Tuesday, March 3, 2020 5:36 AM
  • Hi,


    From the official site, there is no related known issues has been offered.


    Thank you for your feedback.

    Also, you can use the Feedback Hub app to share your problem and wait for the next update.


    If we have any updates or any thoughts about this issue, we will keep you posted as soon as possible.

    Your kind understanding is appreciated.

    Forum Migration is In Progress.

    Win10 Setup Forum will be locked on Mar. 30. See our new platform Microsoft Q&A (Preview) with more details on sticky post.

    "Windows 10 Installation, Setup, and Deployment" forum will be migrating to a new home on Microsoft Q&A (Preview)!
    We invite you to post new questions in the "Windows 10 Installation, Setup, and Deployment" forum’s new home on Microsoft Q&A (Preview)!
    For more information, please refer to the sticky post.

    Tuesday, March 3, 2020 5:48 AM
  • Hello klafredo,

    The problem is that there is an old/different copy of wintrust.dll in the same directory as signtool.exe. This version gets loaded first, but it is missing the export WTIsFirstConfigCiResultPreferred which is referenced later in the load process when urlmon.dll is loaded; because a version of wintrust.dll is already loaded, the version from %SystemRoot%\System32 is not loaded.

    One workaround would be to rename the wintrust.dll file in the signtool.exe directory and then copy the new wintrust.dll into the directory.

    I believe that the "old/different" wintrust.dll compensates for missing functionality in older versions of Windows.


    Tuesday, March 3, 2020 9:39 AM
  • same issue here; already reported through Miccrosoft Feedback hub and hopefully this will be acknowledged and fixed soon by Microsoft.

    Tuesday, March 3, 2020 9:40 AM
  • Same issue.

    Bug Report on Feedback Hub:

    Tuesday, March 3, 2020 12:20 PM
  • Nope, copying wintrust.dll from system32 does not work (for me at least).

    I needed to roll back the update to get signtool to work again.
    Tuesday, March 3, 2020 9:20 PM
  • If you are using x64 os you may need to copy wintrust.dll from syswow64. Depends if you are running the x64 or x86 version of signtool.

    I updated the x64 version from system32 and the x86 version from syswow64.

    • Edited by Andrew Briggs Wednesday, March 4, 2020 3:53 AM
    • Proposed as answer by Twoleeland Monday, March 9, 2020 6:51 PM
    Wednesday, March 4, 2020 3:49 AM
  • Thanks, works fine for me.
    Thursday, March 5, 2020 8:51 AM