One of my clients reports he was prompted to run a Windows update when shutting down his W10Pro workstation last night Oct 20, 2021.
This morning they logged on and found that their system appeared to have rolled back to a point in the past, guessing about 6 months ago.
All credentials had been removed and I had to reconfigure his emails in Outlook.
Looking at the Windows update history, there was no evidence of any updates being run yesterday. The last update installed was 21H1 on Oct 14 which was successful.
The event logs show multiple identical Critical entries on Oct 20, between 05.15pm (the time the shutdown was requested and updates started) and 05.27pm.
0x3d55: package family microsoft.oneconnect_8wekyb3d8bbwe runtime information is corrupted
There were also multiple 'access history in hive - \C:\Users<theAccountInQuestion>\AppData\Local\Microsoft\Windows\???? was cleared updating ?? keys and creating ?? modified pages.' entries.
There is an active AV on the system and I've run a malware scan over the system which returned a clean result.
I'm not sure I'm chasing a rouge Windows update or something more sinister.
Thanks in advance for any help there is.