Microsoft pulls faulty KB3004394 patch

December 15, 2014 | 10:54

Tags: #flaw #insecurity #patch #patch-tuesday #quality-assurance #quality-control #security #update #update-tuesday #vulnerability #windows-7

Companies: #microsoft

Microsoft has once again been forced to remove a security patch from its Windows Update service following the discovery of severe flaws, advising those who have already installed the patch to reverse the process as soon as possible.

Released earlier this month as part of the company's regular Patch Tuesday - recently rebranded as Update Tuesday - release cycle, KB3004394 was designed as a simple update for the Windows Root Certificate Programme to boost system security. Unfortunately, while the patch appears to work fine on the company's latest operating systems it is causing no end of problems for those on the last-generation Windows 7 and its server-orientated Windows Server 2008 R2 stable-mate.

According to Microsoft's write-up of the flaws in the security patch, installing the update under Windows 7 causes problems including instability and - more critically - a total inability to install future security updates. AMD's Robert Hallock took to Twitter to confirm that this update flaw isn't limited to Microsoft's own patches, either, with AMD graphics drivers failing to install or update as long as the patch is installed.

The problem only appears to affect Windows 7 and Windows Server 2008 R2 installations, but it's serious enough for Microsoft to have withdrawn the update from Windows Update and to have released a replacement out-of-band which removes the faulty patch from affected systems. Alternatively, the patch can be uninstalled using the usual View Installed Updates mechanism in Programs and Features.

This patch joins a worrying number of patches over the last couple of years which appear to have been released by Microsoft with inadequate testing, despite the company's once-a-month update cycle theoretically giving it plenty of time to ensure patches work correctly before releasing them on an unsuspecting public. Microsoft has yet to comment on the cause of the flaw.
Discuss this in the forums
Mod of the Month April 2019 in Association with Corsair

May 8 2019 | 13:30

TOP STORIES

SUGGESTED FOR YOU