Microsoft urges Windows 7 users to uninstall 'Blue Screen of Death' patch

Yanks Tuesday fix after reports of endless reboots hit support forums

Microsoft today urged Windows 7 users to uninstall a patch shipped earlier this week that has crashed customer's PCs and crippled the machines with endless reboots.

The patch, which was originally issued Tuesday, has been pulled from Microsoft's Windows Update service.

But the company told users who had already installed it -- or had it installed for them by Windows' Automatic Updates -- to remove it as soon as possible. "Microsoft recommends that customers uninstall this update," the company said in a support document.

Microsoft yanked the patch in response to widespread reports that it was generating the notorious "Blue Screen of Death" (BSOD) error message and by rebooting repeatedly, making the PCs useless.

Early reports of problems originated from Brazilian customers running Windows 7, but others outside that country noted that they received error messages pointing to software from Russian antivirus vendor Kaspersky Lab as a contributing factor.

"The problems we have experienced were on machines with Kaspersky Endpoint Security 8 for Windows," said Jim Bulger of VirtualAdministration, an IT support vendor in the Washington, D.C. area, in a message to the PatchManagement.org mailing list Friday.

Greg Hoppes of the University of Colorado also reported that the patch caused PCs to demand a CHKDSK diagnosis of the hard drive each time the machine was booted.

In a support note of its own, Kaspersky tied the CHKDSK issue to Windows Vista or Windows 7 PCs, or Windows Server 2008 or Server 2008 R2 servers, that had its software installed and had received the flawed Microsoft patch.

Microsoft, however was vague about the causes of the BSODs and endless reboots, saying only that, "We've determined that the update, when paired with certain third-party software, can cause system errors."

In Brazil, affected PCs seemed to be limited to ones with the "G-Buster" plug-in -- a widely used browser security add-on that many of the country's banks require their customers to install, said Wolfgang Kandek in an email today.

MS13-036, the security update that included the guilty patch, addressed four different vulnerabilities in the Windows kernel-mode driver, and was part of a nine-bulletin Patch Tuesday on April 9.

Because the update had modified the kernel-mode driver, Kandek wasn't surprised that security software was involved.

"In order to provide the additional security functions, G-Buster has to interfere with low-level functions of Windows, similar to software such as anti-virus and host intrusion detection systems," Kandek said.

Microsoft published instructions on removing the patch. Users who have received the MS13-036 update should, if possible, not reboot the PC before uninstalling the faulty fix.

This was not the first Microsoft update to cripple customers' computers. In 2008, for example, an update that set the stage for the upcoming Windows Vista Service Pack 1 (SP1) sent some machines into a spiral of endless reboots. Two years later, large numbers of Windows XP systems crashed after receiving a security update.

In the latter case, Microsoft eventually blamed the Alureon rootkit, saying that only already infected PCs were incapacitated by recurring BSODs.

Microsoft continues to offer the MS13-036 update minus the troublesome patch through Windows Update.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is gkeizer@computerworld.com.

See more by Gregg Keizer on Computerworld.com.

From CIO: 8 Free Online Courses to Grow Your Tech Skills
Join the discussion
Be the first to comment on this article. Our Commenting Policies