Author Topic: Problems after you install Microsoft's security update 2823324 (Read 33385 times)

40hz · « **on:** April 12, 2013, 09:54 AM »

Posting this as an FYI.

Got my first call from a client about this problem yesterday. She had a laptop that wouldn't restart following the installation of a security update from Microsoft's WSUS that was included in a group of updates made available on 9-APR-2013.

Microsoft is aware of the problem and has posted instructions on how to fix it here. The symptoms, as described by Microsoft, are as follows:

You receive an Event ID 55 or a 0xc000021a Stop error in Windows 7 after you install security update 2823324
Article ID: 2839011

Symptoms

Microsoft is investigating behavior where systems may not recover from a restart, or applications cannot load, after security update 2823324 is applied. We recommend that customers uninstall this update. As an added precaution, Microsoft has removed the download links to the 2823324 update while we investigate.

Only got one call so far. Fingers crossed. $:-\$

app103 · « **Reply #1 on:** April 12, 2013, 12:13 PM »

I think that may be the wrong link to the instructions. $:-\$

40hz · « **Reply #2 on:** April 12, 2013, 01:10 PM »

I think that may be the wrong link to the instructions. $:-\$
-app103 (April 12, 2013, 12:13 PM)

Thx April. Apologies. Fixed now.

tomos · « **Reply #3 on:** April 12, 2013, 02:00 PM »

Thanks for the warning 40

Luckily they worked fine here (Win.7 64bit)

40hz · « **Reply #4 on:** April 12, 2013, 03:05 PM »

^Yeah. All of mine were ok, and I only got one call so far so I'm optimistic it's an oddball problem.

Microsoft also pulled the patch until they figure out what the problem is. My client had her machine set to "download and notify" but not install. Unfortunately, she downloaded the patch before it got pulled - but then installed it yesterday - after the fact. That was the part that threw me.

So it goes. (And it's all billable time!)

wraith808 · « **Reply #5 on:** April 12, 2013, 03:56 PM »

So it goes. (And it's all billable time!)
-40hz (April 12, 2013, 03:05 PM)

Gettin' paid by the hour and older by the minute...

Tinman57 · « **Reply #6 on:** April 12, 2013, 08:32 PM »

And hence my tag-line:

((((TINMAN))))
----------------------------------------------------------
(Duck! It's another MicroSoft Patch!)

TaoPhoenix · « **Reply #7 on:** April 13, 2013, 12:21 AM »

This is the first big-bad patch warning from MS I've seen in a while. Usually I take my time installing them, but more from a hassle point, not so much of distrusting MS. That honor goes more towards Adobe

pilgrim · « **Reply #8 on:** April 13, 2013, 06:47 AM »

I have long thought that the biggest threat to a Windows computer is not malware but MS Updates.

About a month ago I went through my three computers sorting out updates that had refused to install, in total there was well over thirty of them, two thirds on the same computer and nearly all relating to the NET Framework.
It took me seven hours altogether, much of that looking up solutions on the internet, and for the first time since the first update on my first PC there are no updates outstanding although each computer has several hidden that are not relevant for one reason or another.

My pet hate is that you keep getting notified about an update but when you go to install it you are informed that the relevant program is not installed!
Then why the ******* hell do you keep getting told you need it?

Actually in rare cases it can be therapeutic, I heard of a doctor who advised his patients with low blood pressure to buy a Windows computer.

40hz · « **Reply #9 on:** April 13, 2013, 07:03 AM »

I have long thought that the biggest threat to a Windows computer is not malware but MS Updates.
-pilgrim (April 13, 2013, 06:47 AM)

Speaking from the perspective of somebody who is responsible for the health and safety of a large number of Windows PCs and servers, I'd have to politely agree to disagree with you on that point. From my experience, about 50% of all serious Windows problems can be directly attributed to the failure on the part of the owner to be current with Microsoft's critical updates.

If the automatic updates are not installing, it's a very clear indication that there's another critical issue on a machine that needs to be addressed. This can range from an unsuccessful previous installation attempt, a corrupted system file, or the presence (or residual/collateral damage) from some unusually nasty malware.

That said - it would be nice if Microsoft's updater was a little more verbose. And also if it could be more helpful in notifying the user that there has been a problem. Because I have seen the same problem you had (although only on XP machines). Usually right after I receive a call from someone who got referred to me because their system was seriously infected with malware.b Something that came as a complete shock to the owner because they had a quality antivirus utility installed on their machine. They usually learn that their realtime scanner - and the security center notification - had also been disabled without their knowledge.

Updates...they're like oatmeal. You may not like it - but make it a regular part of your diet anyway.

wraith808 · « **Reply #10 on:** April 13, 2013, 11:42 AM »

It seems that we are more forgiving until its us. I just reinstalled on my son's laptop... and decided to enable automatic updates. He came to me this morning saying that his computer kept going to this 'black screen'. And yeah... since it's an old Sony that they only include "Recovery DVDs" instead of the OS, it's been a pain. And all of their recovery steps have... you guessed it... not included Windows XP.

rgdot · « **Reply #11 on:** April 13, 2013, 11:50 AM »

The worst lesson one could get out of these situations is to distrust updates, MS or otherwise. I am not a pro like 40hz but speaking from some experience I would say he is very right.

wraith808 · « **Reply #12 on:** April 13, 2013, 11:53 AM »

I think you have to take a more measured approach. What I usually do is disable *automatic* updates. Then, a week (or more) after update Tuesday and all of the furor has died down, I download and install the updates manually. I just don't want to trust anyone to automatically do anything to my computer. Because if it borks up, are they going to take responsibility for it?

I'll evaluate and decide whether to take the risks, and take the responsibility for my choices. I've been bitten once about 15 years ago... and to a large extent, that was my fault, as I was hosting my own web site when code red came out and wasn't keeping up to date. It hurt, but at least it was my fault.

In this case, it hurts... but it's nothing that I did. And that's a hard pill to swallow, especially since it seems I'm now looking at several hours to restore his computer. Thankfully, nothing is lost, but it's still a pain, and a drain.

40hz · « **Reply #13 on:** April 13, 2013, 11:55 AM »

@Wraith - That's a bloody nuisance for sure!

BTW is it just me, or does it seem like Sony loves to make things just a little more complicated that they need to be with their products? I have had more weird issues with Sony desktops (Vaio) and laptops than just about any other brand. To me they were like that "little girl who had a little curl." Because when a Vaio is good, it's very very good - but when it's not...forget it!
$:-\$

rgdot · « **Reply #14 on:** April 13, 2013, 11:57 AM »

^ Yes but then you are weighing the 'pros and cons' of being affected by something like a 0 day exploit vs BSOD from bad updates.

EDIT: Vaio laptops ... have been disappointing in my limited experience

wraith808 · « **Reply #15 on:** April 13, 2013, 11:58 AM »

Oh no... I totally agree. I was onboard with Sony until their complications started making my life complicated. They were trying to be Apple for a while... with much worse results. I think they're better now. But I'm not taking any more chances, and have been slowly migrating them out the door in regards to computers.

^ Yes but then you are weighing the 'pros and cons' of being affected by something like a 0 day exploit vs BSOD from bad updates.

EDIT: Vaio laptops ... have been disappointing in my limited experience
-rgdot (April 13, 2013, 11:57 AM)

And pros and cons considering that I've been hit once in over 25 years by exploits, vs being hit 3 times by automatic patching (and missing being hit a few other times from the articles I've seen).

It might not work for others, but a week is acceptable risk for me.

40hz · « **Reply #16 on:** April 13, 2013, 12:00 PM »

I think you have to take a more measured approach. What I usually do is disable *automatic* updates. Then, a week (or more) after update Tuesday and all of the furor has died down, I download and install the updates manually.
-wraith808 (April 13, 2013, 11:53 AM)

+1! That's what I personally do and recommend doing. The real problem is in getting the clients to allow the installations, and not just tell WSUS to "remind me later" that there's a downloaded update waiting to be installed.

I love sitting down in front of a machine and seeing that little reminder pop up. Especially when I tell it to run and it shows it has something like 50 updates totaling around 200Mb that go back six months which are still sitting in the queue.

wraith808 · « **Reply #17 on:** April 13, 2013, 12:04 PM »

I wish I knew or had the time to create a script for the computers on my network to automagically do it a week after the update notification. I know its possible... but I just haven't had the time to look into how to do it.

40hz · « **Reply #18 on:** April 13, 2013, 12:18 PM »

^ Yes but then you are weighing the 'pros and cons' of being affected by something like a 0 day exploit vs BSOD from bad updates.
-rgdot (April 13, 2013, 11:57 AM)

And pros and cons considering that I've been hit once in over 25 years by exploits, vs being hit 3 times by automatic patching (and missing being hit a few other times from the articles I've seen).

It might not work for others, but a week is acceptable risk for me.
-wraith808 (April 13, 2013, 11:58 AM)

I'm 1 for 1. Had one bad update in 25+ years crowbar a machine. And that was a hardware driver in the optional list. Took a safe boot and a rollback to fix it.

The hit came out of the blue while surfing. It was a few years back. Went to something (a suposed tech info article) off a link at one site and got slammed by something that romped over every piece of security software I had installed like it didn't exist. Whatever it intended to do didn't get to happen because I immediately pulled the CAT-5 out the minute I saw the system go completely haywire and the net traffic on the NIC go through the roof. About three minutes later I was looking at a completely borked machine.

Had to pull the drive and sanitize it, first under Linux, and then under Windows to get rid of it. And even then I didn't trust that drive enough to do anything other than recover user data before reformatting.

Never found out what it was I got hit with. But whatever it was, it was one nasty bit of work. After that I stopped being quite so skeptical about all the reports and rumors you hear about "box killer" malware out in the wild. Because it's hard to believe until you actually see an example in action. However, seeing it happen to one of your own machines can sure make you a believer in no time flat.

pilgrim · « **Reply #19 on:** April 14, 2013, 07:25 AM »

In spite of my view of MS Updates (and many other things MS) I would always advise people, especially those who were not particularly computer literate, to have MS Updates set to automatic. Mine are all set to notify only.

Going back to the events I mentioned in my previous post, I had one update that I had tried every method I could think of to install, nothing worked.
MS had not listed it as a problem even though I found several forums where people were having trouble installing it but none of them had found a solution.
Finally, after a lot of time I found a thread on a forum I had never visited before in which it was not the main topic but someone mentioned this particular update and suggested that you should download the installer and manually extract the files, then place one of them in the System32 folder. The minute I did that it installed.

This raises a whole range of questions in my mind which I won't bother to go into as most of them are self evident.

Much of the way we view things is based on our personal experiences, I have read many stories of disasters brought about by malware, the worst thing I've ever found on one of my computers was a tracking cookie, along with my share of false positives.

Going back to the update this thread originally mentioned I found that it had installed on my Windows 7 computer without issue and as it had been there a couple of days without incident I have decided to not tempt fate and leave it there.

cyberdiva · « **Reply #20 on:** April 14, 2013, 08:24 AM »

I don't think anyone has mentioned the weekly Windows Secrets Newsletter, but it includes a column called "Patch Watch" where Susan Bradley discusses the Microsoft Updates (and occasionally other updates as well) that have been newly released and talks about which ones she has had no problem with, which ones she or others HAVE had problems with, and offers a judgment: Install, Wait, Skip, Optional. She updates her advice in the coming weeks. I never install updates until I've read Bradley's column. So far, it has served me well. At times, I get Updates that she hasn't mentioned, but mostly she covers the ones I receive. IIRC, the Newsletter is "pay what you wish" for a year's subscription.

There's also a Windows Secrets Forum.

AndyM · « **Reply #21 on:** April 14, 2013, 09:51 AM »

http://www.askwoody....ws-patches-security/

This is Woody Leonhard's Patch site. It's been interesting since he joined forces with Susan Bradley and others, since sometimes they don't have the same take on potential patch problems.

I like to let others be the first patchers, read about their experiences, and then patch a few weeks later if it's safe. And I always do a full backup before patching.

tomos · « **Reply #22 on:** April 15, 2013, 04:07 PM »

zdnet.com article says MS recommend uninstalling this patch.

Microsoft recommends that users uninstall the patch, and warns that another issue with the security update may cause anti-virus programs cease to work correctly. The Redmond giant says that Kaspersky Anti-Virus for Windows Workstations and Kaspersky Anti-Virus for Windows Servers versions 6.0.4.1424 and 6.0.4.1611 may display an error message stating that licenses for the products are not valid, and so the software will cease to function.

But they dont clarify if MS mean everyone should uninstall it - or just those with problems.
They link to this from MS which talks about *if* you revceive an error.

So I guess I'll leave it in place for the moment (maybe $:-\$ )

Shoddy journalism on the part of zdnet imo.

MerleOne · « **Reply #23 on:** April 17, 2013, 10:55 AM »

I think I found out another issue with this update : Sandboxie (latest V3) refused to work until after I uninstalled this patch. Found that on Sandboxie user forum.

Tinman57 · « **Reply #24 on:** April 20, 2013, 05:47 PM »

Posting this as an FYI.

Got my first call from a client about this problem yesterday. She had a laptop that wouldn't restart following the installation of a security update from Microsoft's WSUS that was included in a group of updates made available on 9-APR-2013.
-40hz (April 12, 2013, 09:54 AM)

I read on (I think PCWorld) that MS released a notice that anyone having problems with this patch should boot up in safe mode and uninstall the patch, and adding it to the "Ignore" list on Windows Updater.