Microsoft Telling Users To Uninstall Bad Patch

← Back to Stories (view on slashdot.org)

Microsoft Telling Users To Uninstall Bad Patch

Posted by Soulskill on Friday April 12, 2013 @03:40AM from the but-thanks-for-testing-it dept.

msm1267 writes "Microsoft announced last night that it has stopped pushing a security update originally released on Patch Tuesday because the fix is causing some PCs to blue-screen. Microsoft recommends users uninstall the patch, which is also causing compatibility issues with some endpoint security software. MS13-036 was part of this week's Patch Tuesday update. It addressed three vulnerabilities in the Windows Kernel-Mode Driver, which if exploited could allow an attacker to elevate their privileges on a compromised machine. Users began reporting issues earlier this week with some systems failing to recover from restarts, or applications failing to load, after the patch was installed."

28 of 154 comments (clear)

Min score:

Reason:

Sort:

Here's how to uninstall it.. by americamatrix · 2013-04-12 03:44 · Score: 5, Informative

Just incase your having the problem, here is the easiest way to uninstall the update.

Open an elevated Command Prompt and type "wusa.exe /uninstall /kb:2823324 /quiet /norestart" without the quotes.

You should be good to go now :)

-americamatrix
1. Re:Here's how to uninstall it.. by Anonymous Coward · 2013-04-12 03:59 · Score: 5, Funny
  I thought it was:
  
  0) unlock secure boot
  1) reboot to FreeDOS
  2) format C: /q
  3) install another OS
  Windows 8 itself is the "patch" no?
2. Re:Here's how to uninstall it.. by Anonymous Coward · 2013-04-12 04:00 · Score: 5, Funny
  
  How is that easier than navigating through four dozen menus and dialogs of advanced options? I really don't understand you command-line people.
3. Re:Here's how to uninstall it.. by Anonymous Coward · 2013-04-12 04:18 · Score: 5, Funny
  
  You missed the whoosh step.
4. Re:Here's how to uninstall it.. by Toreo+asesino · 2013-04-12 04:24 · Score: 5, Insightful
  
  Kudos for providing some actual useful info for an MS product on Slashdot. Unfortunately it's a rarity around these parts.
  
  --
  throw new NoSignatureException();
5. Re:Here's how to uninstall it.. by Anonymous Coward · 2013-04-12 04:35 · Score: 5, Funny
  
  Have you tried turning it off and then on again?
6. Re:Here's how to uninstall it.. by Anonymous Coward · 2013-04-12 04:40 · Score: 5, Informative
  
  The command in americamatrix’s post is intended for use after you’ve install the windows update(s), but before you’ve rebooted your system to fully apply them. It may also work after rebooting if the update doesn’t prevent a successful reboot, but does cause other problems (e.g. causing Kapersky to lose its license). It’s basically the same thing as using the Programs Control Panel “View Install Updates” feature to uninstall it.
  Also, I’d recommend leaving off the “/quiet” flag so that you get some comforting feedback that it has actually worked. So: “wusa /uninstall /kb:2823324 /norestart” (no need for “.exe” either, of course).
  If you’ve already rebooted your system and now cannot get into it because of the update (symptoms may include a false indication of file system corruption on a hard drive [Event ID 55], STOP: c000021a {Fatal System Error} status 0xC000003a, or “Windows failed to start Status: 0xc000000e”), there are other ways to remove it, involving either using System Restore or Boot to Command Prompt and issuing a command.
  Full details at: http://support.microsoft.com/kb/2839011
  Note that this update is apparently only applied to systems running Windows 7 pre-SP1 or SP1, Windows Server 2008 R2 pre-SP1 or SP1, or Windows Server 2008 non-R2 SP2 (any edition of any of these). If you’re running Windows XP, Vista, or 8, presumably this won’t be an issue as the update would never even have been offered via Windows Update.
7. Re:Here's how to uninstall it.. by malakai · 2013-04-12 04:42 · Score: 2
  
  You're only human...
  http://www.telegraph.co.uk/science/science-news/9989623/Feeling-of-being-watched-hardwired-in-brain.html
  
  --
  -Malakai
  A Dragon Lives in my Garage
8. Re:Here's how to uninstall it.. by GigaBurglar · 2013-04-12 04:44 · Score: 2
  
  It's actually easier to take a leaf out of the book of the majority and forgo updating at all; indefinitely.
9. Re:Here's how to uninstall it.. by Molochi · 2013-04-12 04:52 · Score: 2
  
  Remember, you need to restart the machine three times.
  
  --
  "The Adobe Updater must update itself before it can check for updates. Would you like to update the Adobe Updater now?"
10. Re:Here's how to uninstall it.. by hairyfeet · 2013-04-12 05:07 · Score: 2
  
  What is useful? Another posted his CLI doesn't work, and for another neither he nor MSFT said WHAT HARDWARE CAUSES THE FAULT which frankly without THAT knowledge is worth fuck and all because I've applied the patch to a couple dozen bog standard desktops and laptops and? I got nothing. Its gotta either be a funky driver or a piece of funky hardware that is causing this because if its anything bog standard I usually run into it but so far AMD, Intel and Nvidia graphics, Realtek and Sigmatel sound, AMD and Intel chipsets (don't have any Nvidia chipsets on hand ATM) and I haven't seen squat, just been another patch Tues round here.
  Oh I did have to reboot my old nettop a couple of times but considering the fact the hard drive already has some bad sectors and the entire system is older than dirt and I'm just waiting on the hardware to finally die because i REALLY don't want to deal with one of my own machines on top of all the other machines I got to deal with? I honestly can't say it was the patch, might have just tried to write to a failing sector. Its an old XP box and XP never was great at dealing with failing sectors...meh its working fine now, left it on for 3 days and its still going when I came in so who cares.
  So if anybody knows what actual hardware or software actually causes the thing it would be nice to know, then I'd at least know if any of these systems are at risk, because right now they seem to be running fine and the 2 that got picked up I haven't heard squat from the owners so I'm guessing they are running fine as well.
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
11. Re:Here's how to uninstall it.. by TheRealMindChild · 2013-04-12 05:25 · Score: 2
  
  Well, they may not be able to single out exact hardware, just some examples which fail. This patch was to win32k.sys which, among other things, provides the hardware abstraction layer to the NT/Win32 API. It could have made assumptions that turned out not true on corner-case hardware, could have been a problem with actual buggy hardware that didn't follow published specs (not uncommon), or any number of crazy things.
  
  --
  
  "When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
12. Re:Here's how to uninstall it.. by DigiShaman · 2013-04-12 06:34 · Score: 2
  
  According to MS KB2829011, the security updates breaks Kaspersky anti-virus in that the license is not valid. Kaspersky also has an endpoint product as well. I have a feeling that MS is purposefully hiding the fact that using Kaspersky is what's itching the bug in ntfs.sys.
  
  --
  Life is not for the lazy.
Re:One driver eh? by BitZtream · 2013-04-12 03:46 · Score: 2, Insightful

FAIL ... yes, I know, if you're going to edit troll it helps if you can post a properly written post yourself ... I failed :(

--
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
Reminds me of another patch . . . by smooth+wombat · 2013-04-12 03:48 · Score: 4, Interesting

Microsoft put out years ago which killed ones network connection.
The solution? Go back to Microsoft's site to get the updated patch.
Erm, yeah. Great idea. You kill my network connection then want me to go back to your site to fix the issue.
So much for the vaunted "best and brightest" following standard project processes such as TESTING.

--
We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
1. Re:Reminds me of another patch . . . by Anonymous Coward · 2013-04-12 03:57 · Score: 5, Funny
  
  Hello. My name is Anonymous Coward. You killed my network connection. Prepare to die.
2. Re:Reminds me of another patch . . . by Endo13 · 2013-04-12 04:14 · Score: 3, Funny
  
  STOP SAYING THAT!
  
  --
  There is no -1 Disagree mod. Slashdot.org/faq defines mod options. USE IT.
3. Re:Reminds me of another patch . . . by interval1066 · 2013-04-12 06:25 · Score: 2
  
  I doan thin that word means wat you thin it means.
  
  --
  Python: 'And then suddenly you have a language which says "we're all stuck with whatever the whiniest coder wants".'
Why I never auto-install updates by Anonymous Coward · 2013-04-12 03:53 · Score: 5, Interesting

I set Windows Update to notify and download updates, but never to auto-install them. I also usually hold updates a few days before installing. Use the same policy with my Linux boxes and have never run into problems.
1. Re:Why I never auto-install updates by O('_')O_Bush · 2013-04-12 03:57 · Score: 3, Insightful
  
  That is a good strategy, but, unfortunately, many of us using business computers (issued laptops, etc) don't have that kind of control over the update policy.
  
  --
  while(1) attack(People.Sandy);
2. Re:Why I never auto-install updates by Endo13 · 2013-04-12 04:10 · Score: 4, Insightful
  
  And if your business is worth a shit, their own strategy is even more careful and rigorous than what the GP posted.
  
  --
  There is no -1 Disagree mod. Slashdot.org/faq defines mod options. USE IT.
3. Re:Why I never auto-install updates by Endo13 · 2013-04-12 14:24 · Score: 2
  
  Or, ya know, have your IT team install it on a test box for a few days to see if anything breaks. That's how most businesses would do it. Well, the ones that care enough to set policies on downloading windows updates anyway.
  
  --
  There is no -1 Disagree mod. Slashdot.org/faq defines mod options. USE IT.
Windows versions affected by felipou · 2013-04-12 04:06 · Score: 3, Interesting

All versions of Windows since Windows XP are affected! How much code from Windows XP is still used in Windows 8??
1. Re:Windows versions affected by gewalker · 2013-04-12 04:15 · Score: 5, Insightful
  
  I don't know that answer, but I would hope that the answer was "quite a lot of it". Old cold is not bad code, it is the code that has generally stood the test of time. Not that it is defect free, but that the defect rates are generally lower than the newly written code. Even such basic steps as recompiling for 64-bit, causes new breakage (old code was defective, but the problem was masked). This appears likely to be one of those old problems that became unmasked with the latest patch.
2. Re:Windows versions affected by Dins · 2013-04-12 04:20 · Score: 5, Funny
  
  How much code from Windows XP is still used in Windows 8??
  You know how chimpanzees share something like 98% of their DNA with humans? It's like that...
3. Re:Windows versions affected by Minwee · 2013-04-12 04:37 · Score: 2
  
  You know how chimpanzees share something like 98% of their DNA with humans? It's like that...
  Has anyone told Prenda Law about this? Those chimpanzees may have to pay a bundle to avoid being sued for all that unauthorized sharing.
Re:One driver eh? by __aaqvdr516 · 2013-04-12 04:56 · Score: 2

The original knowledge base article which is linked to the fix contains the kernel mode drivers. It makes sense in the context of the linked articles, so the fault with the confusion lies with threatpost.com for not providing all the relevant information.
This link is the knowledge base article in question:
https://support.microsoft.com/kb/2829996
The kernel mode drivers are: ntfs.sys and win32k.sys.
I guess that's what happens when you use a summary of a bugfix to write an article.
Re:Windows - Destroying hardware and helping sales by Tharkkun · 2013-04-12 05:53 · Score: 2

Windows update has fried at least two pieces of my hardware in the last year. First it torched my videocard immediately after restarting for a windows update. Next, the PCI express slot wouldn't register on my motherboard, good thing I had another one!
That's very similar to my laptop which tries to kill me during the Winter months. I try very hard to sneak up on it by wearing socks on a soft carpet but it always seems to hear me coming and zaps me the moment I touch it.