Microsoft releases updated MS13-036 security patch
If you are following my coverage on Microsoft's Patch Tuesday here each month you have noticed that one of the patches that the company released this month caused severe issues for some Windows 7 users. Update 2823324, which is part of the bulletin MS13-036 fixes a vulnerability in the file system kernel-mode driver ntsf.sys. It was assigned a security rating of important - the second highest - rating available across all systems, and a moderate rating on Windows 7.
An elevation of privilege vulnerability exists when the NTFS kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.
The vulnerability allows local users to cause a denial of service attack or gain privileges using specifically crafted applications. Some Windows 7 users quickly learned about a side-effect of the first patch that Microsoft released on Patch Day. Their system would go in to an endless reboot cycle and Microsoft confirmed later that this was caused by a conflict with third party software installed on the computer system.
Microsoft as a consequence pulled the patch from Windows Update for the time being and suggested to users to uninstall it on their systems.
Microsoft today released an updated patch that resolves the issue that some Windows 7 users were facing. The new update is now listed under KB2840149 and it is suggested that Windows 7 users download and install it as soon as possible on their systems. The update is not only available via Microsoft's Download Center but also via Windows Update. If you have not booted your system for a while check for new updates in Windows Update and it should appear in the list of available updates there as well.
I recommend you uninstall update KB2823324 if it is still installed on the system before you do install the new one to avoid conflicts of any kind. Consult the guide linked above to find out how you can install the previous update on your operating system.
Update: The previous update, if still installed on the system, seems to be pulled automatically after you have installed the new update on your system.
Advertisement
Microsoft new MS security patch surely resolves denial of service attacks and malware
Thank you Martin for the information on the new patch :)
#Julia I love the BSoDs. At least I can play Pakman without the kids worrying me!
We’re all here to help if Pakman stops working!! I trust all is ok?.
We all are on this thread — to help each other.
Geeee!
J
Next time, my turn, ok?
Quoting from http://technet.microsoft.com/en-us/security/bulletin/ms13-036:
Customers do not need to uninstall the expired 2823324
update before applying the 2840149 update; however,
Microsoft strongly recommends it.
That is: it shouldn’t be necessary but then… if something goes
wrong don’t blame us :-)
Geeee! I uninstalled the expired 2823324
update AFTER applying the 2840149 update! Waiting right now for all BSOD and more to jump at me….. :-)
Note that the opening paragraph of the article mistakenly says “2823323” instead of “2823324” (the other one occurrence in the article is correct).
Corrected, thanks for noticing the typo.
Just as an aside MS Technet says: “The update that this article describes has been replaced by a newer update. To resolve this problem, install security update 2840149″
Note the words: To resolve this problem”. I don’t know why, unless they have screwed another update, which is unlikely???
[sorry about the earlier pre-post]
J
@Martin: Thanks!
@John: Thanks, too! Yes, I got a re-boot signal from the Windows Update. And yes, I rebooted.
Ts, ts, ts Microsoft…
#Julia. All is ok! stay with what Microsoft has done and pull the 2823324 as Martin recommends. It may be that it is on your update log but not applicable. Unfortunately Julia, I don’t know cos I pulled it 10 days ago.
And, seriously: it’s finished. It’s gone. Otherwise … contact me and we’ll both sue MS! You are as safe as you can be! The Microsofts have done it. Nice people.
Ts, Ts….
John
It looks like KB 2840149 is not culprit.I still have problems.
I’ll continue to search what could be the problem.
# Julia, did you get a re-boot signal from the Windows Update? And did you re-boot? If you still have it after the 2840149 after install, then I agree with Martin: uninstall the KB2823324. To get a sense of proportion on this, most users have no problem. It was a screwed update by MS and affects 1% of users so there is no need to go too far — though why the old update wasn’t uninstalled I don’t know.. Go with Martin on this one.
John
Huge problem!
I could not restart PC few hours after I installed KB 2840149.I was able to turn off/on PC,
but normal restart didn’t work so I uninstalled KB 2840149 and everything is OK now.
How important that update is?
I have Avast 8 Free as AV if that matters.
I’ll check if restart is working without that update few more times.
It can only be exploited locally.
Hello Martin
Thanks for the info.
From my understanding the manual pull of the update of KB2823324 MS13-036 issued on 9 April is now not necessary as it has been over-ridden with the recently issued KB2840149 and will automatically pull the old update of 9 April. That’s why they need a reboot to get rid of the kernel hooks that they incorrectly implemented at that time. There is no need to uninstall: 2840149 will pull it.
Let me know if that is wrong, as the is my understanding from Technet.
John
John it seems that way, I’ll update the article.
On one of my computers (which I rarely use) I didn’t deinstall KB2823324 previously. After installing KB2840149 today, I see that KB2823324 is NOT pulled automaticly after reboot. Should I deinstall it manually, once and for all???
I’d uninstall it since Microsoft did recommend to uninstall that update.
Let’s hope that with this update everything will work smoothly….
Thanks.Update installed.