Forgot your password?
typodupeerror
Microsoft Bug Windows

Microsoft Telling Users To Uninstall Bad Patch 154

Posted by Soulskill
from the but-thanks-for-testing-it dept.
msm1267 writes "Microsoft announced last night that it has stopped pushing a security update originally released on Patch Tuesday because the fix is causing some PCs to blue-screen. Microsoft recommends users uninstall the patch, which is also causing compatibility issues with some endpoint security software. MS13-036 was part of this week's Patch Tuesday update. It addressed three vulnerabilities in the Windows Kernel-Mode Driver, which if exploited could allow an attacker to elevate their privileges on a compromised machine. Users began reporting issues earlier this week with some systems failing to recover from restarts, or applications failing to load, after the patch was installed."
This discussion has been archived. No new comments can be posted.

Microsoft Telling Users To Uninstall Bad Patch

Comments Filter:
  • by americamatrix (658742) on Friday April 12, 2013 @11:44AM (#43432769) Homepage
    Just incase your having the problem, here is the easiest way to uninstall the update.

    Open an elevated Command Prompt and type "wusa.exe /uninstall /kb:2823324 /quiet /norestart" without the quotes.

    You should be good to go now :)


    -americamatrix
    • by Anonymous Coward on Friday April 12, 2013 @11:59AM (#43432909)

      I thought it was:

      • 0) unlock secure boot
      • 1) reboot to FreeDOS
      • 2) format C: /q
      • 3) install another OS

      Windows 8 itself is the "patch" no?

      • by Anonymous Coward

        That's definitely not the easiest, that's what you do when you're too fucking stupid to fix the problem by uninstalling the patch.

      • It's actually easier to take a leaf out of the book of the majority and forgo updating at all; indefinitely.

        • It's actually easier to take a leaf out of the book of the majority and forgo updating at all;

          That's what I've done in the past, disabling auto updating, I'd go and get the ones
          that were really needed. Never using IE skip those and firewall the one installed.
          It's also what I advised others to do, Usenet.

          Before an update could take down your system, it's been so long since an update
          caused any problems; that just recently I've started downloading them, figuring
          they'd finally got their act together.

          As fate may have it I passed on the one mentioned here.

          Indefinitely.

          Yes indeed.

        • That's what I do. I have auto update disabled and only manually update to the latest patches after they've been out for a while.
      • I got through step 2, but when it came to step 3 the computer wouldn't boot. I need to access my data on the computer, what do I do now?
    • by Anonymous Coward on Friday April 12, 2013 @12:00PM (#43432921)

      How is that easier than navigating through four dozen menus and dialogs of advanced options? I really don't understand you command-line people.

    • by Toreo asesino (951231) on Friday April 12, 2013 @12:24PM (#43433143) Journal

      Kudos for providing some actual useful info for an MS product on Slashdot. Unfortunately it's a rarity around these parts.

      • by hairyfeet (841228)

        What is useful? Another posted his CLI doesn't work, and for another neither he nor MSFT said WHAT HARDWARE CAUSES THE FAULT which frankly without THAT knowledge is worth fuck and all because I've applied the patch to a couple dozen bog standard desktops and laptops and? I got nothing. Its gotta either be a funky driver or a piece of funky hardware that is causing this because if its anything bog standard I usually run into it but so far AMD, Intel and Nvidia graphics, Realtek and Sigmatel sound, AMD and In

        • Well, they may not be able to single out exact hardware, just some examples which fail. This patch was to win32k.sys which, among other things, provides the hardware abstraction layer to the NT/Win32 API. It could have made assumptions that turned out not true on corner-case hardware, could have been a problem with actual buggy hardware that didn't follow published specs (not uncommon), or any number of crazy things.
        • by Tharkkun (2605613)

          What is useful? Another posted his CLI doesn't work, and for another neither he nor MSFT said WHAT HARDWARE CAUSES THE FAULT which frankly without THAT knowledge is worth fuck and all because I've applied the patch to a couple dozen bog standard desktops and laptops and? I got nothing. Its gotta either be a funky driver or a piece of funky hardware that is causing this because if its anything bog standard I usually run into it but so far AMD, Intel and Nvidia graphics, Realtek and Sigmatel sound, AMD and Intel chipsets (don't have any Nvidia chipsets on hand ATM) and I haven't seen squat, just been another patch Tues round here.

          Oh I did have to reboot my old nettop a couple of times but considering the fact the hard drive already has some bad sectors and the entire system is older than dirt and I'm just waiting on the hardware to finally die because i REALLY don't want to deal with one of my own machines on top of all the other machines I got to deal with? I honestly can't say it was the patch, might have just tried to write to a failing sector. Its an old XP box and XP never was great at dealing with failing sectors...meh its working fine now, left it on for 3 days and its still going when I came in so who cares.

          So if anybody knows what actual hardware or software actually causes the thing it would be nice to know, then I'd at least know if any of these systems are at risk, because right now they seem to be running fine and the 2 that got picked up I haven't heard squat from the owners so I'm guessing they are running fine as well.

          The article says it's conflicting with certain endpoint security software. That would be antivirus or encryption and I know from using McAfee EPE modifying a kernel driver can cause your machine to blue screen. So it makes perfect sense. Then again if you have an Endpoint Encryption suite running and you aren't testing your Windows updates prior to pushing them you should be asking yourself if you're qualified to do your job.

          • According to MS KB2829011, the security updates breaks Kaspersky anti-virus in that the license is not valid. Kaspersky also has an endpoint product as well. I have a feeling that MS is purposefully hiding the fact that using Kaspersky is what's itching the bug in ntfs.sys.

            • by hairyfeet (841228)
              Well that makes sense, I don't have any customers using that software, they are all using Comodo AV which hasn't had a problem with this. I uninstalled anyway, just in case, but none of the systems showed any kind of issues so I figured it was a corner case thing.
              • Same here. I just performed server maintenance this week on about 12 units. They're a mix of Server 2008 and 2008 R2. We use Trend Micro WFB and VIPRE Business. No problems yet *knock on wood*.

                • by hairyfeet (841228)

                  This is why I never understood how anybody could bitch about MSFT patches. I mean do you have ANY idea how many times I updated my laptop or desktop when I was running Linux and had an update break something? More than I could possibly count, wireless and sound the worse though, I don't think I ever had sound AND wireless come through completely unscathed once, one or the other would ALWAYS get broken. And this was bog standard hardware too, nothing exotic.

                  Considering the amount of hardware that Windows r

    • by Anonymous Coward on Friday April 12, 2013 @12:40PM (#43433297)

      The command in americamatrix’s post is intended for use after you’ve install the windows update(s), but before you’ve rebooted your system to fully apply them. It may also work after rebooting if the update doesn’t prevent a successful reboot, but does cause other problems (e.g. causing Kapersky to lose its license). It’s basically the same thing as using the Programs Control Panel “View Install Updates” feature to uninstall it.

      Also, I’d recommend leaving off the “/quiet” flag so that you get some comforting feedback that it has actually worked. So: “wusa /uninstall /kb:2823324 /norestart” (no need for “.exe” either, of course).

      If you’ve already rebooted your system and now cannot get into it because of the update (symptoms may include a false indication of file system corruption on a hard drive [Event ID 55], STOP: c000021a {Fatal System Error} status 0xC000003a, or “Windows failed to start Status: 0xc000000e”), there are other ways to remove it, involving either using System Restore or Boot to Command Prompt and issuing a command.

      Full details at: http://support.microsoft.com/kb/2839011 [microsoft.com]

      Note that this update is apparently only applied to systems running Windows 7 pre-SP1 or SP1, Windows Server 2008 R2 pre-SP1 or SP1, or Windows Server 2008 non-R2 SP2 (any edition of any of these). If you’re running Windows XP, Vista, or 8, presumably this won’t be an issue as the update would never even have been offered via Windows Update.

      • by Thornburg (264444)

        Note that this update is apparently only applied to systems running Windows 7 pre-SP1 or SP1, Windows Server 2008 R2 pre-SP1 or SP1, or Windows Server 2008 non-R2 SP2 (any edition of any of these). If you’re running Windows XP, Vista, or 8, presumably this won’t be an issue as the update would never even have been offered via Windows Update.

        If that's the case, then why does the linked bulletin list every version of Windows under the sun (including RT and Server 2012!) as affected?

    • by toph2223 (887611)
      Nice work man.. Really appreciate that :D
    • Most helpful comment on Slashdot ever!
    • Why would you want to uninstall this Blue Screen of Defense security patch? Nothing is more secure than a non-functioning system.
    • by RockDoctor (15477)

      Just incase your having the problem, here is the easiest way to uninstall the update. Open an elevated Command Prompt and type "apt-get install Linux" without the quotes.

      FTFY

  • One driver eh? (Score:1, Redundant)

    by BitZtream (692029)

    It addressed three vulnerabilities in the Windows Kernel-Mode Driver

    The? When did their become ONE 'driver' for all of windows?

    Not that its the editor or submitters fault, its that way in the actual KB article.

    Apparently MS has hired the slashdot guys to edit/approve new knowledge base entires.

    • Re: (Score:3, Insightful)

      by BitZtream (692029)

      FAIL ... yes, I know, if you're going to edit troll it helps if you can post a properly written post yourself ... I failed :(

    • by Jaktar (975138)

      The original knowledge base article which is linked to the fix contains the kernel mode drivers. It makes sense in the context of the linked articles, so the fault with the confusion lies with threatpost.com for not providing all the relevant information.

      This link is the knowledge base article in question:
      https://support.microsoft.com/kb/2829996 [microsoft.com]

      The kernel mode drivers are: ntfs.sys and win32k.sys.

      I guess that's what happens when you use a summary of a bugfix to write an article.

  • by smooth wombat (796938) on Friday April 12, 2013 @11:48AM (#43432815) Homepage Journal

    Microsoft put out years ago which killed ones network connection.

    The solution? Go back to Microsoft's site to get the updated patch.

    Erm, yeah. Great idea. You kill my network connection then want me to go back to your site to fix the issue.

    So much for the vaunted "best and brightest" following standard project processes such as TESTING.

  • by Anonymous Coward on Friday April 12, 2013 @11:53AM (#43432847)

    I set Windows Update to notify and download updates, but never to auto-install them. I also usually hold updates a few days before installing. Use the same policy with my Linux boxes and have never run into problems.

    • by O('_')O_Bush (1162487) on Friday April 12, 2013 @11:57AM (#43432879)
      That is a good strategy, but, unfortunately, many of us using business computers (issued laptops, etc) don't have that kind of control over the update policy.
      • by Endo13 (1000782) on Friday April 12, 2013 @12:10PM (#43433021)

        And if your business is worth a shit, their own strategy is even more careful and rigorous than what the GP posted.

        • by TheLink (130905)
          Doesn't even have to be more careful or rigorous. Set the autoupdates to be on Monday then there'd be 6 days for others to notice the problem and for the update to be pulled. Can't remember the last time where Microsoft pulled a BSOD level Windows update more than 6 days after it was released.

          Of course it doesn't work if everyone starts doing that ;).

          The other problem with the "Download updates and let me choose when to install them" option is many versions of Windows have a nasty habit of changing the shut
          • by Endo13 (1000782)

            Or, ya know, have your IT team install it on a test box for a few days to see if anything breaks. That's how most businesses would do it. Well, the ones that care enough to set policies on downloading windows updates anyway.

      • by ultranova (717540)

        But then again, is a problem with an issued computer your problem? Surely you have your own computer and only use the business computer for business matters? Who knows what spyware it might have, after all.

      • That is a good strategy, but, unfortunately, many of us using business computers (issued laptops, etc) don't have that kind of control over the update policy.

        or better yet, windows update is disabled. We only get updated when out IT department deems it necessary.

    • by The Rizz (1319)

      I do the same. Unfortunately, Windows will attempt to install them by default whenever you shut down the computer - you have to choose a special "shut down without installing" option while there are any critical updates waiting for install.

      • Yeah, Windows 8 will straight sneak up and fuck you. On my laptop I've started it up to find that updates where applying-- half a fucking hour until I could use my laptop. What if If I was popping it open top start a [presentation? This has happened several times now without notification of any kind.

    • by Brucelet (1857158)
      Exactly! Wait for the first adopters, or "gamma testers", to demonstrate that something is actually safe to use.
  • ...affects Vista, 7, /Server? Shoot, perhaps we're already seeing the impact of failing to support XP! :)
  • by felipou (2748041) on Friday April 12, 2013 @12:06PM (#43432989)
    All versions of Windows since Windows XP are affected! How much code from Windows XP is still used in Windows 8??
    • by gewalker (57809) <Gary DOT Walker AT AstraDigital DOT com> on Friday April 12, 2013 @12:15PM (#43433069)

      I don't know that answer, but I would hope that the answer was "quite a lot of it". Old cold is not bad code, it is the code that has generally stood the test of time. Not that it is defect free, but that the defect rates are generally lower than the newly written code. Even such basic steps as recompiling for 64-bit, causes new breakage (old code was defective, but the problem was masked). This appears likely to be one of those old problems that became unmasked with the latest patch.

    • by Dins (2538550) on Friday April 12, 2013 @12:20PM (#43433113)

      How much code from Windows XP is still used in Windows 8??

      You know how chimpanzees share something like 98% of their DNA with humans? It's like that...

      • by Minwee (522556)

        You know how chimpanzees share something like 98% of their DNA with humans? It's like that...

        Has anyone told Prenda Law about this? Those chimpanzees may have to pay a bundle to avoid being sued for all that unauthorized sharing.

      • And 50% with a banana - you are what you eat as 'they' say..

      • And Windoze 95 is an ancestory of yours.
      • You know how chimpanzees share something like 98% of their DNA with humans?

        I'm always having to tell the chimpanzees to keep their DNA to themselves, thank you very much.

    • by Anonymous Coward

      It's a kernel mode driver change/error. It would be like God doing a bad update on hydrogen.

    • by mikazo (1028930)
      You'd be surprised to find that some old code from 16-bit Windows is still kicking around in Windows 8... things just get ported to the next OS so that they work. Code is only re-written or developed from scratch if it's for new features or the old code was so broken or impossible to port that it had to be re-written.
      • by Curate (783077)
        There's no 16-bit code in the 64-bit versions of Windows. 16-bit code requires the NTVDM (virtual DOS machine) to run, and NTVDM is not present in 64-bit Windows. Now 32-bit Windows still has NTVDM, and a handful of old 16-bit command line programs (command.com, edit.com, etc.) are thrown in as well, but none of these are essential to Windows. These are old DOS commands that have been dropped in Windows.
        • by mikazo (1028930)
          I meant as I wrote it, "old code from 16-bit Windows" that is compiled into 64-bit binaries (obviously with some modification to make it work). Some of the code has been around since the 16-bit days and just molded to make it keep working in 32-bit and 64-bit Windows.
    • by Ravaldy (2621787)

      I would think that whatever didn't need changing would use the same code. You wouldn't recode the calculator if it worked.

  • Good thing I saw this article, THEN looked at my pending updates... I had just set up my new computer with Win7 64bit yesterday... and of course had tons of updates to do... Wonder why it stayed in the list even after I refreshed if there's such an issue with it?
  • Windows update has fried at least two pieces of my hardware in the last year. First it torched my videocard immediately after restarting for a windows update. Next, the PCI express slot wouldn't register on my motherboard, good thing I had another one!
    • by Tharkkun (2605613)

      Windows update has fried at least two pieces of my hardware in the last year. First it torched my videocard immediately after restarting for a windows update. Next, the PCI express slot wouldn't register on my motherboard, good thing I had another one!

      That's very similar to my laptop which tries to kill me during the Winter months. I try very hard to sneak up on it by wearing socks on a soft carpet but it always seems to hear me coming and zaps me the moment I touch it.

      • by Quirkz (1206400)

        Once at the office I touched my laptop and the static shock was strong enough it made the computer reboot. That one was a little scary.

  • So they push out updates all the time to the point where I'm ready to throw my computer out the window, and now we get BSOD? God fucking damnit Microsoft!
    • It certainly seems to happen more often than one a week. The wife of a guy I work with leaves her Window laptop in sleep mode at night and it will wake up on its own at 3AM to update, flooding the bedroom with light from the screen. I suppose that feature is this one http://support.microsoft.com/kb/979878 [microsoft.com]. Fun with Windows.
  • A lightly-used XP machine blue-screened on me this week for the first time, and wouldn't boot without blue-screening. I put it through memory and hard drive checks which it passed just fine. I suspected it might have been a MS patch. Somehow it finally rebooted after 4 or 5 tries, but I haven't rebooted it since. Now I know what patch did it, I can uninstall it. Sheesh.

  • ... of North Korea's nuclear missile launch.

  • There is a bootable disk that MS has released to help users recover from this nightmare.

    Link: http://www.microsoft.com/en-us/download/details.aspx?id=38435 [microsoft.com]

    Repair Disk for KB2823324 and KB2782476 (KB2840165)
    To help customers who are experiencing difficulties restarting their systems after installation of security update 2823324, Microsoft is making available a bootable media ISO image through the Microsoft Download Center (DLC). Clicking Download means you agree to the MICROSOFT SOFTWARE LICENSE TERMS.

Fools ignore complexity. Pragmatists suffer it. Some can avoid it. Geniuses remove it. -- Perlis's Programming Proverb #58, SIGPLAN Notices, Sept. 1982

Working...