Two different Svchost.exe Crashes
Multiple calls to ExecNotificationQuery at startup
If the ExecNotificationQuery function is called by more than one thread during OS startup, the svchost.exe process might crash. For example, call the WMI IWbemServices::ExecNotificationQuery function in 2 threads.
This may be the result of a race condition caused when one thread tries to free the heap while another thread tries to realloc (extend) the heap. This issue is in WMI code inherited from XP Pro SP3.
To avoid this condition, insert a sleep function between the ExecNotificationQuery calls- the crash should not occur if the sleep Tick Count is greater than 2min. You can also call multiple IWbemServices::ExecNotificationQuery functions in same thread, as that will not result in a race condition.
After installation of MS09-041, KB971657
Stopping wkssvc may cause an AV and svchost to crash on Embedded runtimes built with the MS09-041 security update applied. This can occur both in runtimes with the DQI runtime update installed, or on a runtime built from a component database with the database update containing MS09-041 applied. This issue is inherited from XP Pro.
This crash only occurs during workstation service shutdown. The crash happens toward the end of the service shutting down, and should have no adverse impact. The workstation service can be restarted without error.
To mitigate impact on other services using svchost, isolate the lanmanworkstation service into a separate instance of svchost.exe:
Sc config lanmanworkstation type=own
Another potential solution is to install the DQI runtime update on Embedded runtimes using the GDR branch rather than the default QFE branch of the update package. For information on how to extract the contents of the update package, in order to install from the GDR branch, see this KB article.
Technorati Tags: Embedded Standard