Microsoft recommends to uninstall Windows 7 update 2823324
Microsoft released a total of nine security bulletins last Tuesday fixing two critical security vulnerabilities and several lesser rated security vulnerabilities in the Windows operating system and several other Microsoft products.
It turns out that one of the updates related that day, update 2823323, is causing issues for some users of the Windows 7 operating system. The update, part of the bulletin MS13-036 is a security update for the Windows file system kernel-mode driver ntsf.sys. The vulnerability received a maximum severity rating of important, the second highest rating available to classify the severity of vulnerabilities.
The Microsoft Knowledgebase article acknowledges the issue and confirms that Microsoft is currently investigating reports of systems failing to boot into Windows 7 or applications after the security update has been installed on the computer system. Microsoft has removed the download link for the patch as a precaution and recommends that customers that have installed the update on their systems uninstall it.
Uninstalling the update
To uninstall the update do the following:
- Click on the start button and select Control Panel when the menu opens up.
- Click on uninstall a program on the Control Panel's home screen.
- Select view installed updates on the left sidebar to display the installed Windows updates.
- Increase the size of the window until you see the installed on column in the interface. Click on its header to sort by installation date.
- Locate Security Update for Microsoft Windows (KB2823324) under Microsoft Windows.
- Right-click on it and select uninstall.
You can alternatively run the following command from an elevated command prompt:
- wusa.exe /uninstall /kb:2823324 /norestart
The removal script can also be run using PSEXEC:
- Psexec -d -s \\remotemachine wusa.exe /uninstall /kb:2823324 /quiet /norestart
A prompt should come up asking you if you really want to uninstall the update from the computer. You can cancel here with a click on no, or go ahead and uninstall it with a click on yes.
Users affected by the issue may receive one or multiple of the following error messages:
Windows failed to start. A Recent hardware or software change might be the cause. To fix the problem, To do this, follow these steps:
1. Insert your windows installation disc and restart your computer.
2. Choose your language settings, and then click next.
3. Click "Repair your computer."Status: 0xc000000e
Info: The boot selection failed because a required device is inaccessible.---------------------------
STOP: c000021a {Fatal System Error}
The Session Manager Initialization system process terminated unexpectedly with a status of 0xC000003a (0x00000000 0x00000000).
The system has shutdown.
Microsoft notes that the error occurs early in the boot process so that no memory.dmp file gets created. Users of Kaspersky Anti-Virus for Windows Workstations or Windows Servers may receive a "Your license is not valid" error message after installing the update.
Systems that fail to start may use the recovery options (by pressing F8 after BIOS repeatedly) to use system restore to roll back the update.
Additional information about the issue are available under KB 2839011.
hi, microsoft released a new security update: kb2840149
Is it best to leave that update until next month?? because the previous update: KB2823324 caused my eventviewer to fill up with ntsf errors – (5000+)
It scared the shit out of me….. When I rebooted, black screen ntsf errors need to scan blahblah…. I honestly thought my ssd (ocz) died.
Glad this alert was available to uninstall that previous update – it fixed it, no errors etc.
@Ivann: read this https://www.ghacks.net/2013/04/24/microsoft-releases-updated-ms13-036-security-patch/#comment-1791129
“incompatibility with banking security plugin G-Buster that’s currently installed on lots of Brazilian computers.”
“Kaspersky and Trend Micro security products don’t seem to get along very well with the new update”
Looks like a very restricted group of affected systems.
Some updaters report restart issues after _uninstalling_ this update.
Issues will appear immediately. If they don’t you aren’t at risk. If it ain’t broke don’t fix it. I’m leaving the update alone on my sytems.
some days later…
This “important security update” just vanished, or what? Oups, we (Microsoft) made a mistake, toooo bad that some people noticed. Let’s hope that everyone forgets and doesn’t mention it anymore…
Huh?
Thanks, no problem here win7 64 but will uninstall it
typo in article: It turns out that one of the updates related that day, update 2823323
but then it says: Locate Security Update for Microsoft Windows (KB2823324)
Thanks a lot for posting about this :)
I was just going to install this month updates yesterday when I saw this article and decided to wait. I usually wait some more time before applying updates (at least two weeks since release, to avoid problems like this one), but somehow this month I was going to install them just yesterday… Thank you :)
Win7 x64 SP1 Pro becomes unresponsive (00-01% CPU usage) after every bootup with standalone Threatfire 4.7 running. Uninstalled Threatfire (in Safe Mode) and everything is back to working perfectly normally.
Should I still uninstall KB 2823324 patch?
Right now, I have Microsoft Security Essentials 4.2, Kingsoft Antivirus 2012 SP5.6, Zemana AntiLogger 1.9.3, PrevX 3.0.5 all left running smoothly in the background without the slightest hint of impact in performance or otherwise.
I’m debating, and may have to. I’m not too excited waiting for a BSOD as a consequence of but a future software conflict.
Win7 x64 SP1 Pro becomes unresponsive (00-01% CPU) after bootup with standaloneThreatfire 4.7 running. Uninstalled Threatfire (in Safe Mode) and everything is back to working perfectly normally.
Should I still uninstall KB 2823324 patch?
Right now, I have Microsoft Security Essentials 4.2, Kingsoft Antivirus 2012 SP5.6, Zemana AntiLogger 1.9.3, PrevX 3.0.5 all running smoothly in the background without the slightest hint of impact in performance or otherwise.
I’m debating, and may have to. I’m not too excited waiting for a BSOD as a consequence of but a future software conflict.
It’s done in my two machines
Anyway there will be a corresponding patch
long ago i decided not to do updates right away. i wait a couple
weeks, then check to see if there are any problems. has saved
me many a problem and waiting has never caused me any con-
cerns. just my take as i dont trust any updates until they are
proven ok by many lemmings testing them.
2 Windows 8 (x64 and x86), 2 Vista SP2 (x64 and x86) and no problems at all. It may be related either to hardware or some conflict with a specific piece of software.
You’d do well to actually READ the above article.It plainly says the issue relates to Win 7 ONLY,for crying out loud.
Sorry for the first line of my previous comentaire. It should read:
Updated on two Windows 7 x64, no problem either since Wednesday.
Mise à jour sur deux Windows 7 x64, aucun problème non plus depuis mercredi.
However, I would add that this is a real big problem. This news is highlighted everywhere today, but we are an informed public, “power users” or “geeks”. For the general public, if the problem occurs, it will turn into a disaster.
@ Nerdebeu this would indeed be a nightmare for causal users
I uninstalled KB 2823324 yesterday although I didn’t experience any problems with it. Update notification offered it again. But – today it’s not offered anymore.
So, I guess it’s better to have it not installed.
What a confusing mess Microsoft is making out of this situation!
No, it’s not better to have it not installed as it puts your Windows OS in risk.
@ilev
Since it’s not anymore offered with Windows Update, are you saying that I should try to download it manually (or do a system restore)?
@
So were is the recommendation to uninstall KB 2823324 ? nowhere.
This post is a short version of https://support.microsoft.com/kb/2839011
It is under Resolution right there: We recommend that customers uninstall update 2823324, which is provided in Microsoft Security bulletin MS13-036. This article provides multiple methods to uninstall the update.
Wow, I did I skip that :-).
Martin, You wrought that Microsoft pulled the update.
But I have the same probelem as Ficho I also uninstalled the KB 2823324 update and also for me it is available again in Windows Updates.
It is unchecked and notification says that 1 important update is available being KB 2823324.
Should I hide the update?
What to do?
I haven’t seen Microsoft recommendation to uninstall KB 2823324.
If your Windows works fine with no BSOD/errors you can install the update which plugs a huge security risk in Windows XP, Vista, 7, 8 and RT and all servers.
I wouldn’t say a HUGE risk, ” Moderate-level vulnerability that requires an attacker to have physical computer access to exploit”
I mean it plugs a hole sure but the attacker needs PHYSICAL access to your computer, at that point you are already screwed… Definitely uninstall this update in the mean time, its not worth the risk of booting your computer only to get into some BSOD loop because of some 3rd party program or hardware change you did. Even if you don’t have any issues now, something could trigger it that you don’t know.
MS address the issue here:
https://blogs.technet.com/b/msrc/archive/2013/04/11/kb2839011-released-to-address-security-bulletin-update-issue.aspx?Redirected=true
If after you uninstall the update and it still shows, press the “check for update” button at the top left and it will recheck and remove that update from showing up.
How lucky we are to have ghacks.net on patrol.
Cheers
I noticed something was not right when the update took almost more than 3hrs to complete. I am in the process of removing it right now.
“To uninstall the update do the following”…
How can you uninstall when Windows 7 is in state of BSOD and can’t boot ?
Microsoft recommends to repair Windows installation.
http://support.microsoft.com/kb/2839011
Windows failed to start. A Recent hardware or software change might be the cause. To fix the problem, To do this, follow these steps:
1. Insert your windows installation disc and restart your computer.
2. Choose your language settings, and then click next.
3. Click “Repair your computer.”
This is the second month in a row where Microsoft botched Windows 7 with its updates.
I always wait a bit installing updates manually just
for a situation such as this so I dodged this bullet.
I uninstalled update anyway,but it is available again in Windows Updates.
It is unchecked and notification says that 1 important update is available.
I guess we should wait for fix from Microsoft.
You can press ‘Hide update’ of the ones you want
I don’t have any problems.Should I uninstall KB2823324?
No. It only applies to Windows 7 BSOD machines.
You receive an Event ID 55 or a 0xc000021a Stop error in Windows 7 after you install security update 2823324
I have no problems with my Windows 7 64 bit.
Well Microsoft suggests you do but if you have backup / restore in place you may decide not to.
Thanks for announcing.Uninstalled & Windows Updates now states ‘No Important Updates Available’ although a Belarc Advisor Analysis states 1 Update Missing.
That is a poor choice for a username, come up with something friendlier!
@charliechan: My thoughts too, exactly!!