Microsoft recommends to uninstall Windows 7 update 2823324

Martin Brinkmann
Apr 12, 2013
Windows, Windows Updates
|
38

Microsoft released a total of nine security bulletins last Tuesday fixing two critical security vulnerabilities and several lesser rated security vulnerabilities in the Windows operating system and several other Microsoft products.

It turns out that one of the updates related that day, update 2823323, is causing issues for some users of the Windows 7 operating system. The update, part of the bulletin MS13-036 is a security update for the Windows file system kernel-mode driver ntsf.sys. The vulnerability received a maximum severity rating of important, the second highest rating available to classify the severity of vulnerabilities.

The Microsoft Knowledgebase article acknowledges the issue and confirms that Microsoft is currently investigating reports of systems failing to boot into Windows 7 or applications after the security update has been installed on the computer system. Microsoft has removed the download link for the patch as a precaution and recommends that customers that have installed the update on their systems uninstall it.

Uninstalling the update

To uninstall the update do the following:

  • Click on the start button and select Control Panel when the menu opens up.
  • Click on uninstall a program on the Control Panel's home screen.
  • Select view installed updates on the left sidebar to display the installed Windows updates.
  • Increase the size of the window until you see the installed on column in the interface. Click on its header to sort by installation date.
  • Locate Security Update for Microsoft Windows (KB2823324) under Microsoft Windows.
  • Right-click on it and select uninstall.

You can alternatively run the following command from an elevated command prompt:

  • wusa.exe /uninstall /kb:2823324 /norestart

The removal script can also be run using PSEXEC:

  • Psexec -d -s \\remotemachine wusa.exe /uninstall /kb:2823324 /quiet /norestart

A prompt should come up asking you if you really want to uninstall the update from the computer. You can cancel here with a click on no, or go ahead and uninstall it with a click on yes.

Users affected by the issue may receive one or multiple of the following error messages:

Windows failed to start. A Recent hardware or software change might be the cause. To fix the problem, To do this, follow these steps:

1. Insert your windows installation disc and restart your computer.
2. Choose your language settings, and then click next.
3. Click "Repair your computer."

Status: 0xc000000e
Info: The boot selection failed because a required device is inaccessible.

---------------------------

STOP: c000021a {Fatal System Error}
The Session Manager Initialization system process terminated unexpectedly with a status of 0xC000003a (0x00000000 0x00000000).
The system has shutdown.

Microsoft notes that the error occurs early in the boot process so that no memory.dmp file gets created. Users of Kaspersky Anti-Virus for Windows Workstations or Windows Servers may receive a "Your license is not valid" error message after installing the update.

Systems that fail to start may use the recovery options (by pressing F8 after BIOS repeatedly) to use system restore to roll back the update.

Additional information about the issue are available under KB 2839011.

Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. Ivann said on April 23, 2013 at 7:16 pm
    Reply

    hi, microsoft released a new security update: kb2840149
    Is it best to leave that update until next month?? because the previous update: KB2823324 caused my eventviewer to fill up with ntsf errors – (5000+)
    It scared the shit out of me….. When I rebooted, black screen ntsf errors need to scan blahblah…. I honestly thought my ssd (ocz) died.

    Glad this alert was available to uninstall that previous update – it fixed it, no errors etc.

  2. SubgeniusD said on April 16, 2013 at 12:20 am
    Reply

    “incompatibility with banking security plugin G-Buster that’s currently installed on lots of Brazilian computers.”

    “Kaspersky and Trend Micro security products don’t seem to get along very well with the new update”

    Looks like a very restricted group of affected systems.

    Some updaters report restart issues after _uninstalling_ this update.

    Issues will appear immediately. If they don’t you aren’t at risk. If it ain’t broke don’t fix it. I’m leaving the update alone on my sytems.

  3. Julia said on April 15, 2013 at 7:03 pm
    Reply

    some days later…
    This “important security update” just vanished, or what? Oups, we (Microsoft) made a mistake, toooo bad that some people noticed. Let’s hope that everyone forgets and doesn’t mention it anymore…
    Huh?

  4. A&L said on April 13, 2013 at 1:38 pm
    Reply

    Thanks, no problem here win7 64 but will uninstall it
    typo in article: It turns out that one of the updates related that day, update 2823323
    but then it says: Locate Security Update for Microsoft Windows (KB2823324)

  5. Miguel said on April 13, 2013 at 1:28 pm
    Reply

    Thanks a lot for posting about this :)

    I was just going to install this month updates yesterday when I saw this article and decided to wait. I usually wait some more time before applying updates (at least two weeks since release, to avoid problems like this one), but somehow this month I was going to install them just yesterday… Thank you :)

  6. Mei said on April 13, 2013 at 1:19 pm
    Reply

    Win7 x64 SP1 Pro becomes unresponsive (00-01% CPU usage) after every bootup with standalone Threatfire 4.7 running. Uninstalled Threatfire (in Safe Mode) and everything is back to working perfectly normally.

    Should I still uninstall KB 2823324 patch?

    Right now, I have Microsoft Security Essentials 4.2, Kingsoft Antivirus 2012 SP5.6, Zemana AntiLogger 1.9.3, PrevX 3.0.5 all left running smoothly in the background without the slightest hint of impact in performance or otherwise.

    I’m debating, and may have to. I’m not too excited waiting for a BSOD as a consequence of but a future software conflict.

  7. Mei said on April 13, 2013 at 1:14 pm
    Reply

    Win7 x64 SP1 Pro becomes unresponsive (00-01% CPU) after bootup with standaloneThreatfire 4.7 running. Uninstalled Threatfire (in Safe Mode) and everything is back to working perfectly normally.

    Should I still uninstall KB 2823324 patch?

    Right now, I have Microsoft Security Essentials 4.2, Kingsoft Antivirus 2012 SP5.6, Zemana AntiLogger 1.9.3, PrevX 3.0.5 all running smoothly in the background without the slightest hint of impact in performance or otherwise.

    I’m debating, and may have to. I’m not too excited waiting for a BSOD as a consequence of but a future software conflict.

  8. Pierre said on April 13, 2013 at 10:42 am
    Reply

    It’s done in my two machines
    Anyway there will be a corresponding patch

  9. clas said on April 13, 2013 at 8:35 am
    Reply

    long ago i decided not to do updates right away. i wait a couple
    weeks, then check to see if there are any problems. has saved
    me many a problem and waiting has never caused me any con-
    cerns. just my take as i dont trust any updates until they are
    proven ok by many lemmings testing them.

  10. YB said on April 13, 2013 at 7:31 am
    Reply

    2 Windows 8 (x64 and x86), 2 Vista SP2 (x64 and x86) and no problems at all. It may be related either to hardware or some conflict with a specific piece of software.

    1. Anonymous said on April 13, 2013 at 8:17 am
      Reply

      You’d do well to actually READ the above article.It plainly says the issue relates to Win 7 ONLY,for crying out loud.

  11. Nerdebeu said on April 13, 2013 at 3:46 am
    Reply

    Sorry for the first line of my previous comentaire. It should read:

    Updated on two Windows 7 x64, no problem either since Wednesday.

  12. Nerdebeu said on April 13, 2013 at 3:44 am
    Reply

    Mise à jour sur deux Windows 7 x64, aucun problème non plus depuis mercredi.

    However, I would add that this is a real big problem. This news is highlighted everywhere today, but we are an informed public, “power users” or “geeks”. For the general public, if the problem occurs, it will turn into a disaster.

    1. YB said on April 13, 2013 at 7:32 am
      Reply

      @ Nerdebeu this would indeed be a nightmare for causal users

  13. Julia said on April 13, 2013 at 3:12 am
    Reply

    I uninstalled KB 2823324 yesterday although I didn’t experience any problems with it. Update notification offered it again. But – today it’s not offered anymore.
    So, I guess it’s better to have it not installed.
    What a confusing mess Microsoft is making out of this situation!

    1. ilev said on April 13, 2013 at 3:41 am
      Reply

      No, it’s not better to have it not installed as it puts your Windows OS in risk.

      1. Julia said on April 13, 2013 at 3:54 am
        Reply

        @ilev

        Since it’s not anymore offered with Windows Update, are you saying that I should try to download it manually (or do a system restore)?

  14. ilev said on April 13, 2013 at 3:39 am
    Reply

    @

    So were is the recommendation to uninstall KB 2823324 ? nowhere.

    This post is a short version of https://support.microsoft.com/kb/2839011

    1. Martin Brinkmann said on April 13, 2013 at 3:44 am
      Reply

      It is under Resolution right there: We recommend that customers uninstall update 2823324, which is provided in Microsoft Security bulletin MS13-036. This article provides multiple methods to uninstall the update.

      1. ilev said on April 13, 2013 at 10:50 am
        Reply

        Wow, I did I skip that :-).

  15. Paul(us) said on April 12, 2013 at 7:54 pm
    Reply

    Martin, You wrought that Microsoft pulled the update.
    But I have the same probelem as Ficho I also uninstalled the KB 2823324 update and also for me it is available again in Windows Updates.
    It is unchecked and notification says that 1 important update is available being KB 2823324.
    Should I hide the update?
    What to do?

    1. ilev said on April 13, 2013 at 12:42 am
      Reply

      I haven’t seen Microsoft recommendation to uninstall KB 2823324.
      If your Windows works fine with no BSOD/errors you can install the update which plugs a huge security risk in Windows XP, Vista, 7, 8 and RT and all servers.

      1. Eli said on April 13, 2013 at 8:33 am
        Reply

        I wouldn’t say a HUGE risk, ” Moderate-level vulnerability that requires an attacker to have physical computer access to exploit”

        I mean it plugs a hole sure but the attacker needs PHYSICAL access to your computer, at that point you are already screwed… Definitely uninstall this update in the mean time, its not worth the risk of booting your computer only to get into some BSOD loop because of some 3rd party program or hardware change you did. Even if you don’t have any issues now, something could trigger it that you don’t know.

    2. Eli said on April 12, 2013 at 11:57 pm
      Reply

      If after you uninstall the update and it still shows, press the “check for update” button at the top left and it will recheck and remove that update from showing up.

  16. imu said on April 12, 2013 at 4:31 pm
    Reply

    How lucky we are to have ghacks.net on patrol.

    Cheers

  17. Godwin said on April 12, 2013 at 3:20 pm
    Reply

    I noticed something was not right when the update took almost more than 3hrs to complete. I am in the process of removing it right now.

  18. ilev said on April 12, 2013 at 2:56 pm
    Reply

    “To uninstall the update do the following”…

    How can you uninstall when Windows 7 is in state of BSOD and can’t boot ?
    Microsoft recommends to repair Windows installation.

    http://support.microsoft.com/kb/2839011

    Windows failed to start. A Recent hardware or software change might be the cause. To fix the problem, To do this, follow these steps:

    1. Insert your windows installation disc and restart your computer.
    2. Choose your language settings, and then click next.
    3. Click “Repair your computer.”

    This is the second month in a row where Microsoft botched Windows 7 with its updates.

  19. Robert Palmar said on April 12, 2013 at 2:10 pm
    Reply

    I always wait a bit installing updates manually just
    for a situation such as this so I dodged this bullet.

  20. Ficho said on April 12, 2013 at 12:35 pm
    Reply

    I uninstalled update anyway,but it is available again in Windows Updates.
    It is unchecked and notification says that 1 important update is available.
    I guess we should wait for fix from Microsoft.

    1. sunny said on April 12, 2013 at 12:57 pm
      Reply

      You can press ‘Hide update’ of the ones you want

  21. Ficho said on April 12, 2013 at 12:09 pm
    Reply

    I don’t have any problems.Should I uninstall KB2823324?

    1. ilev said on April 12, 2013 at 3:00 pm
      Reply

      No. It only applies to Windows 7 BSOD machines.

      You receive an Event ID 55 or a 0xc000021a Stop error in Windows 7 after you install security update 2823324

      I have no problems with my Windows 7 64 bit.

    2. Martin Brinkmann said on April 12, 2013 at 12:18 pm
      Reply

      Well Microsoft suggests you do but if you have backup / restore in place you may decide not to.

  22. Anonymous said on April 12, 2013 at 3:06 pm
    Reply

    Thanks for announcing.Uninstalled & Windows Updates now states ‘No Important Updates Available’ although a Belarc Advisor Analysis states 1 Update Missing.

    1. charliechan said on April 18, 2013 at 4:18 am
      Reply

      That is a poor choice for a username, come up with something friendlier!

      1. Julia said on April 18, 2013 at 4:21 am
        Reply

        @charliechan: My thoughts too, exactly!!

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.