Microsoft amends security update after reports of system errors

Microsoft has amended a security update containing a patch that reportedly caused errors in some third-party software.

The update, number 2823324, was distributed on Tuesday as part of MS13-036, a batch of patches that fix three Windows vulnerabilities in a kernel-mode driver.

“We’ve determined that the update, when paired with certain third-party software, can cause system errors,” wrote Dustin Childs, a group manager in Microsoft’s Trustworthy Computing division, on a company blog. “As a precaution, we stopped pushing 2823324 as an update when we began investigating the error reports and have since removed it from the download center.”

Contrary to some reports, the system errors do not cause data to be lost and also do not necessarily affect all computers that applied the patch, Childs wrote. Microsoft published instructions for how to uninstall the security update.

Microsoft has removed the particular patch from MS13-036, which is still being pushed to its customers, Childs added.

The most severe of the three vulnerabilities that MS13-036 addresses could allow an attacker elevated privileges if the person runs a specially crafted application. But the attacker would need to have valid login credential and physical access to the computer.

Subscribe to the Security Watch Newsletter

Comments