If you are following my coverage on Microsoft's Patch Tuesday here each month you have noticed that one of the patches that the company released this month caused severe issues for some Windows 7 users. Update 2823324, which is part of the bulletin MS13-036 fixes a vulnerability in the file system kernel-mode driver ntsf.sys. It was assigned a security rating of important - the second highest - rating available across all systems, and a moderate rating on Windows 7.
An elevation of privilege vulnerability exists when the NTFS kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.
The vulnerability allows local users to cause a denial of service attack or gain privileges using specifically crafted applications. Some Windows 7 users quickly learned about a side-effect of the first patch that Microsoft released on Patch Day. Their system would go in to an endless reboot cycle and Microsoft confirmed later that this was caused by a conflict with third party software installed on the computer system.
Microsoft as a consequence pulled the patch from Windows Update for the time being and suggested to users to uninstall it on their systems.
Microsoft today released an updated patch that resolves the issue that some Windows 7 users were facing. The new update is now listed under KB2840149 and it is suggested that Windows 7 users download and install it as soon as possible on their systems. The update is not only available via Microsoft's Download Center but also via Windows Update. If you have not booted your system for a while check for new updates in Windows Update and it should appear in the list of available updates there as well.
I recommend you uninstall update KB2823324 if it is still installed on the system before you do install the new one to avoid conflicts of any kind. Consult the guide linked above to find out how you can install the previous update on your operating system.
Update: The previous update, if still installed on the system, seems to be pulled automatically after you have installed the new update on your system.Advertisement
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.