bit-tech.net

Microsoft pulls faulty MS14-045 patch

Microsoft pulls faulty MS14-045 patch

A kernel-level patch for a security hole in all current Windows releases has been pulled by Microsoft following the discovery it can cause a constant reboot loop on some systems.

Microsoft has pulled a security update, released as part of its regular Patch Tuesday update cycle, following the discovery that it can cause systems to crash and endlessly reboot.

The kernel patch, dubbed MS14-045, was released earlier this month to fix issues that would allow attackers to escalate their privilege level - running code as an administrative user, even if the affected account was restricted - across all currently supported versions of the Windows operating system. The vulnerability being addressed wasn't given Microsoft's strongest rating, Critical, owing to it requiring the attacker to have already gained the ability to run code on the target system; as an Important patch, however, its installation was still recommended - and, on systems that have Windows Update activated, automatic.

Sadly, there's a bug in the update. Following the reboot that occurs when the patch is installed - required to load the revised kernel - affected systems can enter a reboot loop, never managing to load the desktop. The issue stems from the new kernel failing to parse the font cache correctly - but only if one or more OpenType Font (OTF) files, a non-default format that would have to have been installed manually, are present in a non-standard directory entered into the registry with a fully-qualified filename.

That particular set of circumstances is uncommon, but not so much that Microsoft could let things stand: in what is becoming a regular occurrence for the company, Microsoft has pulled MS14-045 from Windows Update until a revised edition can be released and is advising anyone with the update installed to remove it from their systems. For those currently suffering from a reboot loop as a result of the patch, a workaround is offered.

6 Comments

Discuss in the forums Reply
Corky42 18th August 2014, 09:59 Quote
Is it just me that is starting to think it maybe a good idea not to update Windows on the first Tuesday of the month anymore ? Let others be Microsoft's beta testers and wait to see if problems surface a week or so later.
Atomic 18th August 2014, 11:06 Quote
Quote:
Originally Posted by Corky42
Is it just me that is starting to think it maybe a good idea not to update Windows on the first Tuesday of the month anymore ?
That's what a lot of enterprise customers do, wait a week until the dodgy updates have been found then authorise updates after.
Nexxo 18th August 2014, 17:28 Quote
Quote:
Originally Posted by Corky42
Is it just me that is starting to think it maybe a good idea not to update Windows on the first Tuesday of the month anymore ? Let others be Microsoft's beta testers and wait to see if problems surface a week or so later.

http://cdn.slashgear.com/wp-content/uploads/2009/05/burning_pc.jpg

Naah, looks totally safe to me. :p
raxonb 20th August 2014, 13:45 Quote
The day after Patch Tuesday should be officially called Rollback Wednesday
Nexxo 20th August 2014, 16:23 Quote
ROFL :)
RedFlames 20th August 2014, 16:26 Quote
Patch Tuesday
Nervous Wednesday
Oh **** Thursday
'Where did I put my windows disk?' Friday
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums