Microsoft pulls Patch Tuesday security fix

[ShyWriter]

.

Microsoft pulls Patch Tuesday security fix

Summary: Microsoft is recommending an update released on Patch Tuesday be uninstalled.

By Charlie Osborne for Zero Day April 12, 2013 -- 10:41 GMT (03:41 PDT)

Tech giant Microsoft has recommended that an update released in the latest Patch Tuesday be removed, after users reported incidents of the "blue screen of death" after installation.

Microsoft released two critical security updates and others rated as "important" for Windows and Internet Explorer as part of its latest round of Patch Tuesday updates.

However, a number of Windows 7 users have reported issues with security update 2823324, which is part of security bulletin MS13-036.

MS13-036 was meant to fix three privately disclosed flaws and one publicly disclosed flaw in an NTFS kernel-mode driver related to the elevation of privileges when a user is logged in. However, once installed, security update 2823324 -- part of the bulletin -- may produce a "STOP: c000021a {Fatal System Error}" problem for users. The error occurs early in the startup process, and no Memory.dmp file is created. (More...)

More about M$'s screw-up at: http://www.zdnet.com/microsoft-pulls-patch-tuesday-security-fix-7000013942/

Steve

[daledoc1]

UGH!

No BSOD on any of my 3 Win7 rigs with KB 2823324 (and they have been rebooted several times since Patch Tuesday).

(There is at least one thread over at sevenforums.com about it, but no downright flood, to be sure.)

I hate to poke a skunk and I generally subscribe to the "If it ain't broke, don't fix it" school.

But, if Redmond says to uninstall, then I guess we need to do that.

I might wait a day or so for the dust to settle.

I've started a post over at sevenforums.com, to see what NoelDP and the other Win Update gurus there have to say.

Curious what our resident MS MVPs here advise, too.

Thanks for the info!

daledoc1

[ShyWriter]

@DD

The problem appears to be connected with Update 2823324 in Microsoft Security Bulletin MS13-036, a security update for the Windows file system kernel-mode driver (ntfs.sys).

In a blog post on the Microsoft Security Response Center, the company blamed the problem on conflicts with third-party software:

We are aware that some of our customers may be experiencing difficulties after applying security update 2823324, which we provided in security bulletin MS13-036 on Tuesday, April 9. We’ve determined that the update, when paired with certain third-party software, can cause system errors. As a precaution, we stopped pushing 2823324 as an update when we began investigating the error reports, and have since removed it from the download center.

Contrary to some reports, the system errors do not result in any data loss nor affect all Windows customers. However, all customers should follow the guidance that we have provided in

KB2839011

to uninstall security update 2823324 if it is already installed.

According to media reports, computers in Brazil have been particularly badly hit - with machines continually rebooting.

Microsoft's knowledgebase article on this issue, explains that one symptom of the bug can be that Kaspersky Anti-Virus for Windows may display a message claiming its license is invalid, and that as a consquence it may no longer provide anti-malware protection.

Microsoft has already acknowledged the issue and said that it’s working on a fix. Yes, that's right. Some people had problems with the Patch Tuesday update, so there will be an update. But in the meantime, don't update the bit that's broken.

Users are recommended to block the 2823324 security update or uninstall it if its already present. More information on how to do this is detailed in this Microsoft knowledgebase article.

Steve

[LDTate]

That's great to uninstall IF the pc will boot.

I've had 3 so far that on rebooot just try running the updates for an hour without success.

No choice other than a manual power off and back on.(never a good idea.

SR prior to the update...

[mountaintree16]

I wonder if this is only affecting W7. I wonder if I should uninstall it from two work machines that have W7. No issues so far... plus the machines are rarely rebooted, I do that once in a while

[DarkSnakeKobra]

I'm not having any problems. Since it's not broke I'm not fixing. Knowing my luck I'll probably make things worse.

[ShyWriter]

I wonder if this is only affecting W7. I wonder if I should uninstall it from two work machines that have W7. No issues so far... plus the machines are rarely rebooted, I do that once in a while

It's a Win7-only problem WITH certain 3rd party applications.. See M$ SRT Blog warning:

http://forums.malwarebytes.org/index.php?showtopic=125022&view=findpost&p=668010

Steve

[mountaintree16]

ohhh okay, thanks!

[daledoc1]

I just uninstalled it successfully from the laptop (requires a reboot, of course).

However, within minutes I was offered it again as an "Important" update by Windows Update.

So, like others over at sevenforums.com, I am hiding it for now on that rig.

(Other than that, uninstalling seems to have been uneventful for most folks.)

It appears that -- despite MS's claim earlier today to having pulled the patch -- not all of the update servers "got the memo" yet.

As I am not having any problems with the patch -- never did -- I think I will wait a day or so before uninstalling on the 2 desktops.

HTH,

daledoc1

[LDTate]

A recent Win update can have a bad effect and result in some computers failing to boot into Win 7.... there is a repair procedure including a bootable CD (.iso) available from Microsoft to address this specific problem, that has been reported, especially ( but not limited to) 32 bit and some foreign language versions.

https://support.microsoft.com/kb/2839011

http://www.infoworld.com/t/microsoft-windo...24-patch-216786

[Caxap]

I be lucky, im installed pach and my pc be good after that pach and after another pach what fix preveus

[LDTate]

I have a laptop at work that has been running this fix for 2 hrs now and it's only 75% completed...