Microsoft tells all Windows 7 users to uninstall security patch, after some PCs fail to restart

Microsoft has advised all users of Windows 7 (and the server version, Windows Server 2008) who installed a security update on Tuesday to uninstall it, after some customers found their computers would not restart or applications would not load.

Users who experienced problems described how they saw fatal system errors like the following:

Windows fatal system error

STOP: c000021a {Fatal System Error}
The Session Manager Initialization system process terminated unexpectedly with a status of 0xC000003a (0x00000000 0x00000000).
The system has shutdown.

Sign up to our free newsletter.
Security news, advice, and tips.

The problem appears to be connected with Update 2823324 in Microsoft Security Bulletin MS13-036, a security update for the Windows file system kernel-mode driver (ntfs.sys).

In a blog post on the Microsoft Security Response Center, the company blamed the problem on conflicts with third-party software:

We are aware that some of our customers may be experiencing difficulties after applying security update 2823324, which we provided in security bulletin MS13-036 on Tuesday, April 9. We’ve determined that the update, when paired with certain third-party software, can cause system errors. As a precaution, we stopped pushing 2823324 as an update when we began investigating the error reports, and have since removed it from the download center.

Contrary to some reports, the system errors do not result in any data loss nor affect all Windows customers. However, all customers should follow the guidance that we have provided in KB2839011 to uninstall security update 2823324 if it is already installed.

According to media reports, computers in Brazil have been particularly badly hit – with machines continually rebooting.

Windows 7 patchMicrosoft’s knowledgebase article on this issue, explains that one symptom of the bug can be that Kaspersky Anti-Virus for Windows may display a message claiming its license is invalid, and that as a consquence it may no longer provide anti-malware protection.

Microsoft has already acknowledged the issue and said that it’s working on a fix. Yes, that’s right. Some people had problems with the Patch Tuesday update, so there will be an update. But in the meantime, don’t update the bit that’s broken.

Users are recommended to block the 2823324 security update or uninstall it if its already present. More information on how to do this is detailed in this Microsoft knowledgebase article.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.