Microsoft urges Windows 7 users to uninstall 'Blue Screen of Death' patch
Yanks Tuesday fix after reports of endless reboots hit support forums
Computerworld - Microsoft today urged Windows 7 users to uninstall a patch shipped earlier this week that has crashed customer's PCs and crippled the machines with endless reboots.
The patch, which was originally issued Tuesday, has been pulled from Microsoft's Windows Update service.
But the company told users who had already installed it -- or had it installed for them by Windows' Automatic Updates -- to remove it as soon as possible. "Microsoft recommends that customers uninstall this update," the company said in a support document.
Microsoft yanked the patch in response to widespread reports that it was generating the notorious "Blue Screen of Death" (BSOD) error message and by rebooting repeatedly, making the PCs useless.
Early reports of problems originated from Brazilian customers running Windows 7, but others outside that country noted that they received error messages pointing to software from Russian antivirus vendor Kaspersky Lab as a contributing factor.
"The problems we have experienced were on machines with Kaspersky Endpoint Security 8 for Windows," said Jim Bulger of VirtualAdministration, an IT support vendor in the Washington, D.C. area, in a message to the PatchManagement.org mailing list Friday.
Greg Hoppes of the University of Colorado also reported that the patch caused PCs to demand a CHKDSK diagnosis of the hard drive each time the machine was booted.
In a support note of its own, Kaspersky tied the CHKDSK issue to Windows Vista or Windows 7 PCs, or Windows Server 2008 or Server 2008 R2 servers, that had its software installed and had received the flawed Microsoft patch.
Microsoft, however was vague about the causes of the BSODs and endless reboots, saying only that, "We've determined that the update, when paired with certain third-party software, can cause system errors."
In Brazil, affected PCs seemed to be limited to ones with the "G-Buster" plug-in -- a widely used browser security add-on that many of the country's banks require their customers to install, said Wolfgang Kandek in an email today.
MS13-036, the security update that included the guilty patch, addressed four different vulnerabilities in the Windows kernel-mode driver, and was part of a nine-bulletin Patch Tuesday on April 9.
Because the update had modified the kernel-mode driver, Kandek wasn't surprised that security software was involved.
"In order to provide the additional security functions, G-Buster has to interfere with low-level functions of Windows, similar to software such as anti-virus and host intrusion detection systems," Kandek said.
Microsoft published instructions on removing the patch. Users who have received the MS13-036 update should, if possible, not reboot the PC before uninstalling the faulty fix.
This was not the first Microsoft update to cripple customers' computers. In 2008, for example, an update that set the stage for the upcoming Windows Vista Service Pack 1 (SP1) sent some machines into a spiral of endless reboots. Two years later, large numbers of Windows XP systems crashed after receiving a security update.
In the latter case, Microsoft eventually blamed the Alureon rootkit, saying that only already infected PCs were incapacitated by recurring BSODs.
Microsoft continues to offer the MS13-036 update minus the troublesome patch through Windows Update.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is email@example.com.
Read more about Malware and Vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The Threat Landscape Hardly a day goes by without the discovery of a new cyberthreat somewhere in the world! But how do you keep up with...
- Security for Virtualization In the rush to implement virtualization, security has become second. So while the business benefits are clear, the risks are less well documented...
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Malware and Vulnerabilities White Papers | Webcasts