Windows Update Patch Causes Some Computers To Fail To Restart

windows-patch

by Graham Cluley on April 12, 2013 – Naked Security.

Microsoft has advised all users of Windows 7 (and the server version, Windows Server 2008) who installed a security update on Tuesday to uninstall it, after some customers found their computers would not restart or applications would not load.

Users who experienced problems described how they saw fatal system errors like the following:

fatal-system-error-small

STOP: c000021a {Fatal System Error}
The Session Manager Initialization system process terminated unexpectedly with a status of 0xC000003a (0x00000000 0x00000000).
The system has shutdown.

The problem appears to be connected with Update 2823324 in Microsoft Security Bulletin MS13-036, a security update for the Windows file system kernel-mode driver (ntfs.sys).

In a blog post on the Microsoft Security Response Center, the company blamed the problem on conflicts with third-party software:

We are aware that some of our customers may be experiencing difficulties after applying security update 2823324, which we provided in security bulletin MS13-036 on Tuesday, April 9. We’ve determined that the update, when paired with certain third-party software, can cause system errors. As a precaution, we stopped pushing 2823324 as an update when we began investigating the error reports, and have since removed it from the download center.

Contrary to some reports, the system errors do not result in any data loss nor affect all Windows customers. However, all customers should follow the guidance that we have provided in KB2839011 to uninstall security update 2823324 if it is already installed.

According to media reports, computers in Brazil have been particularly badly hit – with machines continually rebooting.

Microsoft’s knowledge base article on this issue, explains that one symptom of the bug can be that Kaspersky Anti-Virus for Windows may display a message claiming its license is invalid, and that as a consequence it may no longer provide anti-malware protection.

Microsoft has already acknowledged the issue and said that it’s working on a fix. Yes, that’s right. Some people had problems with the Patch Tuesday update, so there will be an update. But in the meantime, don’t update the bit that’s broken.

Users are recommended to block the 2823324 security update or uninstall it if its already present. More information on how to do this is detailed in this Microsoft knowledge base article.