Microsoft has pulled a security update, released as part of its regular Patch Tuesday update cycle, following the discovery that it can cause systems to crash and endlessly reboot.
The kernel patch, dubbed MS14-045
, was released earlier this month to fix issues that would allow attackers to escalate their privilege level - running code as an administrative user, even if the affected account was restricted - across all currently supported versions of the Windows operating system. The vulnerability being addressed wasn't given Microsoft's strongest rating, Critical, owing to it requiring the attacker to have already gained the ability to run code on the target system; as an Important patch, however, its installation was still recommended - and, on systems that have Windows Update activated, automatic.
Sadly, there's a bug in the update. Following the reboot that occurs when the patch is installed - required to load the revised kernel - affected systems can enter a reboot loop, never managing to load the desktop. The issue stems from the new kernel failing to parse the font cache correctly - but only if one or more OpenType Font (OTF) files, a non-default format that would have to have been installed manually, are present in a non-standard directory entered into the registry with a fully-qualified filename.
That particular set of circumstances is uncommon, but not so much that Microsoft could let things stand: in what is becoming a regular occurrence for the company, Microsoft has pulled MS14-045 from Windows Update until a revised edition can be released and is advising anyone with the update installed to remove it from their systems. For those currently suffering from a reboot loop as a result of the patch, a workaround