Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Windows 7 'security' patch knocks out PCs

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Open Discussions

This thread has been marked as locked.
mogs Windows 7 'security' patch knocks out PCs
Expert Contributor 12th Apr, 2013 21:01
Ranking: 2265
Posts: 6,266
User Since: 22nd Apr, 2009
System Score: 100%
Location: UK
Windows 7 'security' patch knocks out PCs, knackers antivirus tools

Job done, lads. Now no one's getting infected
By John Leyden
Posted in Security, 12th April 2013 14:09 GMT
Windows 7 users should uninstall a security patch Microsoft issued on Tuesday because some PCs failed to restart after applying the update.

The software giant advised users of Win 7 and Windows Server 2008 R2* to roll-back a patch within MS13-036, a security update that closed two vulnerabilities in the Windows file system kernel-mode driver. Exactly how one nukes the wobbly patch is explained here.

The advice follows complaints that after applying the update computers would either fail to restart or applications would not load. Users who experienced problems were sometimes confronted by "fatal system error" warnings on start up, as illustrated by Sophos here.

In a post on Microsoft's Security Response blog, Redmond blamed the glitch on conflicts with third-party software:

We are aware that some of our customers may be experiencing difficulties after applying security update 2823324, which we provided in security bulletin MS13-036 on Tuesday, April 9. We’ve determined that the update, when paired with certain third-party software, can cause system errors. As a precaution, we stopped pushing 2823324 as an update when we began investigating the error reports, and have since removed it from the download centre.
Contrary to some reports, the system errors do not result in any data loss nor affect all Windows customers. However, all customers should follow the guidance that we have provided in KB2839011 to uninstall security update 2823324 if it is already installed.

The buggy patch causes, among other headaches, Kaspersky Anti-Virus for Windows to display a message claiming its user licence is invalid, implying that the PC is unprotected from malware nasties. Other reports suggest that some machines have been thrown into a continuous reboot cycle: Win 7 PCs in Samba-loving Brazil are apparently hardest hit.

Problems of this type of rare but not unprecedented. Redmond has withdrawn patches before. Microsoft's security gnomes also deserve credit for quickly determining there was a problem before the vast majority of corporates rolled out the problematic patch.

The dodgy fix, numbered 2823324, addresses a "moderate" privilege elevation flaw. Redmond has removed it from the MS13-036 update, which just leaves security update 2778344, also a privilege elevation fix that is rated as important. ®

* Both OSes are related, code-wise.

http://www.theregister.co.uk/2013/04/12/ms_buggy_f...

--

mogs RE: Windows 7 'security' patch knocks out PCs
Expert Contributor 13th Apr, 2013 16:15
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
April 13th, 2013, 08:05 GMT · By Bogdan Popa
Kaspersky Releases Fix for Buggy Microsoft KB2823324 Update

Kaspersky has released its own patch for the bug
The buggy KB2823324 update released by Microsoft on Patch Tuesday wreaks havoc on a number of Windows 7 computers due to a compatibility issue with some third-party software solutions, including Kaspersky Anti-virus products.

Kaspersky was one of the first companies to take notice of the problem, so its developers have been hard at work to release a patch that would fix this issue on Windows 7 computers running its security apps.

The security vendor has released a patch for Kaspersky Anti-Virus for Windows Workstations and Server versions 6.0.4.1424 and 6.0.4.1611 and for Kaspersky Endpoint Security for Windows version 8.1.0.831 that should fix the bug in just a couple of minutes.

Users are required to download and apply this patch, restart the computer and let the chkdsk utility complete the disk scanning process. Afterwards, Kaspersky users need to re-introduce the license, as anti-virus protection was most likely disabled on all affected computers.

In addition, Microsoft has recommended all users to disable the faulty update until a workaround is released. More information on this is available here.

http://news.softpedia.com/news/Kaspersky-Releases-...

--
Was this reply relevant?
+1
-0
mogs RE: Windows 7 'security' patch knocks out PCs
Expert Contributor 15th Apr, 2013 00:20
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
April 13th, 2013, 14:45 GMT · By Bogdan Popa
Microsoft KB2823324 Update Havoc Caused by Online Banking Plugin Microsoft's faulty KB2823324 update that's causing a Blue Screen of Death on lots of Windows 7 computers out there is apparently incompatible with a number of third-party solutions installed on users' machines, including an online banking security plugin.

The issue was first reported by Brazilian media, as thousands of local computers were pushed into a continuous reboot loop that couldn't be stopped without a manual removal of the update.

According to security researcher Wolfgang Kandek of Qualys, the issue is caused by an incompatibility with banking security plugin G-Buster that's currently installed on lots of Brazilian computers.

“Some of the major banks require their customers to install it to secure Internet banking. The plug-in which provides a virtualized and hardened operating environment for safer banking and one of its security measures is interfering with the Windows kernel patch contained in MS13-036,” Kandek explained.

While tech giant Microsoft is still working on a fix, users have no other option than to manually remove the update and wait for an official workaround from the company.

http://news.softpedia.com/news/Microsoft-KB2823324...

--
Was this reply relevant?
+1
-0
mogs RE: Windows 7 'security' patch knocks out PCs
Expert Contributor 15th Apr, 2013 11:37
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
April 15th, 2013, 08:54 GMT · By Bogdan Popa
Microsoft Still Working on KB2823324 Fix as More Windows 7 Users Get the BSOD As we told you not long ago, one of the updates released last week as part of Microsoft’s monthly Patch Tuesday wreaked havoc on Windows 7 computers, pushing all machines in a continuous reboot loop that couldn’t be fixed without a manual removal of the bulletin.

Microsoft has since removed the update from the Download Center as it’s currently working on a patch to address the issue, telling everyone to uninstall KB2823324 as soon as possible.

More users, on the other hand, confirm the problem and, while Microsoft said that the issue is mostly caused by a compatibility problem with third-party software, it appears that Brazilian users who installed an online banking plugin are among those affected.

In addition, Kaspersky and Trend Micro security products don’t seem to get along very well with the new update, so these applications are automatically disabled on Windows 7 computers after deploying the buggy patch.

Microsoft will most likely release a fix in the coming days so, until then, make sure you remove KB2823324 and block it from getting re-installed on your machine.

http://news.softpedia.com/news/Microsoft-Still-Wor...

--
Was this reply relevant?
+1
-0
mogs RE: Windows 7 'security' patch knocks out PCs
Expert Contributor 19th Apr, 2013 11:26
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
April 19th, 2013, 08:42 GMT · By Bogdan Popa
Microsoft KB2823324 Update Fix Officially Released

Microsoft delivered the faulty update on Patch Tuesday

Microsoft broke down lots of Windows 7 computers earlier this month with a buggy Patch Tuesday update that pushed all machines into a continuous reboot loop that, in many cases, ended up with the infamous Blue Screen of Death.

While the company provided detailed instructions on how to remove the update and even deleted it from the official Download Center, some users reported issues that prevented them from booting to desktop or getting into Safe Mode to perform the removal.

Microsoft has rolled out a new fix, this time in the form of an ISO image that can be easily burned onto a blank disk and then used to repair your computer.

Available from Microsoft’s Download Center, the repair disk is supposed to address issues causes by KB2823324 and KB2782476 (KB2840165) on 32-bit Windows 7 computers. The patch can be used on old hardware (pre 2004) which does not support NX and isn’t compatible with Bitlocker devices.

“Customers who cannot successfully restart their systems after applying the 2823324 update can download this image to create a bootable DVD or USB drive with which they can boot their systems, uninstall security update 2823324, and return their systems to a normal operating state. Microsoft recommends using this ISO image only if customers cannot successfully restart their systems,” Microsoft says in the advisory.

Basically, users are only required to download the provided ISO file, burn it to a CD or DVD, restart the computer and configure BIOS to boot from the disk. Simply follow the on-screen instructions and then reboot the machine once again.

At this point, the repair disk is available in only two languages, English and Portuguese, as the bugs have reportedly affected computers in the United States and in Brazil running specific anti-malware security products, such an online banking plugin.

http://news.softpedia.com/news/Microsoft-KB2823324...


--
Was this reply relevant?
+1
-0
Maurice Joyce RE: Windows 7 'security' patch knocks out PCs
Handling Contributor 19th Apr, 2013 11:47
Score: 11545
Posts: 8,881
User Since: 4th Jan 2009
System Score: N/A
Location: UK
How to do & the Microsoft links are here:

https://secunia.com/community/forum/thread/show/14...

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+3
-0
ddmarshall RE: Windows 7 'security' patch knocks out PCs
Dedicated Contributor 19th Apr, 2013 13:44
Score: 1198
Posts: 953
User Since: 8th Nov 2008
System Score: 98%
Location: UK
There's a mistake in the Softpedia article where it says the ISO can be used on pre NX systems. There's a NOT missing.
The Microsoft download page says:
Known Issues:
1) This will not run on old hardware (pre 2004) that does not support NX.
2) This will only run on Windows 7 32 bit installations.
3) It will not work if Bitlocker is enabled.

Microsoft seem to be suggesting that all the problems go away once the update has been applied but there are some people on forums reporting persistent problems even when the update has been removed. These include chkdsk not running to clear the dirty bit.

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+3
-0
mogs RE: Windows 7 'security' patch knocks out PCs
Expert Contributor 23rd Apr, 2013 21:33
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Microsoft re-releases 'Blue Screen of Death' patch
All is well, the company says; the once-flawed fix is now safe

By Gregg Keizer
April 23, 2013 03:07 PM ET

Computerworld - Microsoft today re-released a security update that had crashed customers' PCs and crippled the machines with endless reboots, saying that the revised patch is now safe to install.

The revamped MS13-036 update -- first issued April 9, but pulled three days later from distribution -- "resolves issues some customers experienced," said Microsoft spokesman Dustin Childs in an email Tuesday.

"The new update, KB2840149, still addresses the Moderate security issue described in MS13-036, and should not cause these [rebooting] issues," Childs added in a post to the Microsoft Security Response Center blog.

Two weeks ago, Microsoft yanked one of the two patches comprising MS13-036 from the Windows Update service as reports spread that the fix was generating the notorious "Blue Screen of Death" (BSOD) error message and paralyzing PCs with repeated reboots.

Microsoft never clearly described the causes of the BSODs and endless reboots, saying at the time, "We've determined that the update, when paired with certain third-party software, can cause system errors." Childs today also declined to get into specifics, instead saying only that "some customers were having issues."

Customers and experts, however, pinned blame on combinations of the security update and "G-Buster," a browser security plug-in widely used in Brazil for online banking; and on the Microsoft patch and Kaspersky Lab security software.

In a support document, Microsoft had posted several error messages that were symptoms of the patch failure, and recommended that Windows 7 users uninstall the update.

The revised MS13-036 update has been restored to the Windows Update service, and will be downloaded and installed by machines with Automatic Updates enabled. Microsoft urged those who manually download patches to deploy the re-release at their earliest convenience.

Customers who prefer to retrieve updates manually can obtain the patch appropriate for their system -- Windows Vista, Windows 7, Windows Server 2008 or Windows Server 2008 R2 -- at Microsoft's Download Center by searching for " KB2840149" to filter the results.

http://www.computerworld.com/s/article/9238628/Mic...

--
Was this reply relevant?
+1
-0
mogs RE: Windows 7 'security' patch knocks out PCs
Expert Contributor 25th Apr, 2013 11:33
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
InfoWorld Tech Watch
APRIL 24, 2013
Microsoft re-releases botched patch as KB 2840149, but problems remain
The saga of botched patch MS13-036 takes new twists and turns -- including a problem with Multiple Master fonts
By Woody Leonhard | InfoWorldFollow @woodyleonhard

Microsoft re-releases botched patch as KB 2840149, but problems remain
The latest incarnation of Microsoft's MS13-016 patch to ntfs.sys on Vista, Windows 7, Windows Server 2008, and Server 2008 R2 machines appears to work -- or at least it doesn't induce the same bizarre behavior as the earlier patch -- but there are still known problems with the MS13-036 patch to win32k.sys.

Here's how events with this botched patch have gone down: This month's Black Tuesday crop of automatic Windows patches included a buggy patch, MS13-036/KB 2823324. Two days after that patch went out the Automatic Update chute, the Microsoft Answers Forum was flooded with problem reports and Microsoft finally pulled the patch.

The company published a list of problems with the patch in KB 2839011 and over the past 10 days has kept adding items -- KB article 2839011 is now up to version 6.1. The list of known problems now includes repeated automatic runs of chkdsk that failed to find any issues; Blue screen Stop 0xc000021a; Windows fails to start with a 0xc000000e error; and Kaspersky antivirus complains that your license isn't valid, when it is, and falls over.

In an obscure Microsoft Security Response Center post on Thursday, Microsoft recommended that "all customers who have installed security update 2823324 should follow the guidance that we have provided in KB2839011 to uninstall it." Just about every Vista and Win7 customer who had Windows Automatic Update turned on got the patch, but I'd guess that only about one in 100,000 customers saw the notice to uninstall the patch -- and of those, maybe one in 10 actually did it.

A week later some Vista and Windows 7 customers were still staring at endless reboot cycles and useless computers, so Microsoft released an emergency repair disk that would uninstall the botched patch without requiring an (impossible) boot into Windows.

Yesterday, two weeks after the original bad patch was automatically installed on untold numbers of machines, Microsoft released a better version of the MS13-036 patch, now numbered KB 2840149. If you have Automatic Update turned on for your Vista or Win7 machine (hope springs eternal I guess), you probably have it installed. Although it's too early to tell for sure if the patch will go in with few hassles, I don't yet see any screams of pain over this new, improved version.

But wait, that's only part of the story. MS13-036 had two different patches. This botched patch fixed the system file ntfs.sys ... eventually. The other patch -- known as KB 2808735 -- replaced the file win32k.sys on all versions of Windows and Server since Windows XP, up to and including Windows 8, Windows RT, and Windows Server 2012. (There's a full list at the end of Security Bulletin MS13-036.) The KB article says that "[a]fter you install this security update, certain Multiple Master fonts cannot be installed." Unfortunately, Microsoft doesn't mention which Multiple Master fonts can't be installed, whether installed MM fonts would get zapped, or if there are modified versions of the MM fonts that might work. The KB article also doesn't say why the MM fonts can't be installed, so it begs the question of whether this is a highly isolated incident, or if symptoms might manifest with other installers or other fonts.

Another one of those "little" patching problems that are little so long as you don't use Multiple Master fonts, eh?

If MS13-036 -- Microsoft's second major botched patch so far this year -- doesn't convince you to turn off Windows Automatic Update, I don't know what will.

http://www.infoworld.com/t/microsoft-windows/micro...

--
Was this reply relevant?
+1
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability