STOP error 0x8E on Windows Server 2003 and Endpoint Protection 12.1
Article ID: 164754
You experience a STOP error 0x8E (KERNEL_MODE_EXCEPTION_NOT_HANDLED) on a physical or virtualized server running a 32-bit version of Windows Server 2003 Service Pack 2 and Symantec Endpoint Protection (SEP) 12.1.
The address that the exception occurred at (which usually pinpoints the driver/function that caused the problem) points to win32k.sys (Microsoft's Multi-User Win32 driver).
Its call to the xxxDestroyThreadInfo function in the context of process csrss.exe (Microsoft's Client/Server Runtime subsystem) led to the crash.
When the crash occurs, there is also a locked thread involving a screensaver process (e.g. "vfinalv1.scr").
While SYMEVENT is present in the stack, it is in pass-thru mode and only capturing the process termination event as a result of win32k.sys' function call (the next call in the stack is actually shown to be Nt!TerminateProcess).
Win32k.sys is dated June 24, 2015. As this version was released on the day Windows Server 2003 reached End-of-Life (EOL) status, Microsoft will not be issuing any further hotfixes.
The issue is very similar (but not identical) to the ones described below: