Microsoft KB2823324 Update Bug Possibly Caused by Kaspersky Anti-Virus Incompatibility

[tezza]

Microsoft’s KB2823324 update released on Patch Tuesday is causing quite a lot of problems to Windows 7 users, as some computers enter a continuous reboot loop that can’t be repaired without removing the fix.

The tech giant has already confirmed the issue and said that it’s already working on a fix but, according to the latest details on the matter, the problem could be caused by a compatibility error with Kaspersky security products.

After installation, the update automatically disables Kaspersky Anti-Virus for Windows Workstations / Server versions 6.0.4.1424 and 6.0.4.1611, both of which are then displaying a message saying that “Your license is not valid. Protection disabled.”

“After you install security update 2823324, Kaspersky Anti-Virus for Windows Workstations or Kaspersky Anti-Virus for Windows Servers versions 6.0.4.1424 and 6.0.4.1611 may display an error message that resembles the following: Your license is not valid,” the company confirmed in a statement.

In addition, Kaspersky engineers are also investigating the issue and are now working on a patch that would re-enable anti-virus protection on the affected systems.

http://news.softpedia.com/news/Microsoft-KB2823324-Update-Bug-Possibly-Caused-by-Kaspersky-Anti-Virus-Incompatibility-345054.shtm

EDIT

The buggy KB2823324 update released by Microsoft on Patch Tuesday wreaks havoc on a number of Windows 7 computers due to a compatibility issue with some third-party software solutions, including Kaspersky Anti-virus products.

Kaspersky was one of the first companies to take notice of the problem, so its developers have been hard at work to release a patch that would fix this issue on Windows 7 computers running its security apps.

The security vendor has released a patch for Kaspersky Anti-Virus for Windows Workstations and Server versions 6.0.4.1424 and 6.0.4.1611 and for Kaspersky Endpoint Security for Windows version 8.1.0.831 that should fix the bug in just a couple of minutes.

Users are required to download and apply this patch, restart the computer and let the chkdsk utility complete the disk scanning process. Afterwards, Kaspersky users need to re-introduce the license, as anti-virus protection was most likely disabled on all affected computers.

[Olexijl]

uninstalled.

[sanjoa]

Krapersky :rofl:

[shamu726]

Microsoft recommends to uninstall Windows 7 update 2823324

Microsoft released a total of nine security bulletins last Tuesday fixing two critical security vulnerabilities and several lesser rated security vulnerabilities in the Windows operating system and several other Microsoft products.

It turns out that one of the updates related that day, update 2823323, is causing issues for some users of the Windows 7 operating system. The update, part of the bulletin MS13-036 is a security update for the Windows file system kernel-mode driver ntsf.sys. The vulnerability received a maximum severity rating of important, the second highest rating available to classify the severity of vulnerabilities.

The Microsoft Knowledgebase article acknowledges the issue and confirms that Microsoft is currently investigating reports of systems failing to boot into Windows 7 or applications after the security update has been installed on the computer system. Microsoft has removed the download link for the patch as a precaution and recommends that customers that have installed the update on their systems uninstall it.

Uninstalling the update

To uninstall the update do the following:

• Click on the start button and select Control Panel when the menu opens up.
• Click on uninstall a program on the Control Panel's home screen.
• Select view installed updates on the left sidebar to display the installed Windows updates.
• Increase the size of the window until you see the installed on column in the interface. Click on its header to sort by installation date.
• Locate Security Update for Microsoft Windows (KB2823324) under Microsoft Windows.
• Right-click on it and select uninstall.

You can alternatively run the following command from an elevated command prompt:

• wusa.exe /uninstall /kb:2823324 /norestart

The removal script can also be run using PSEXEC:

• Psexec -d -s \\remotemachine wusa.exe /uninstall /kb:2823324 /quiet /norestart

A prompt should come up asking you if you really want to uninstall the update from the computer. You can cancel here with a click on no, or go ahead and uninstall it with a click on yes.

Users affected by the issue may receive one or multiple of the following error messages:

Windows failed to start. A Recent hardware or software change might be the cause. To fix the problem, To do this, follow these steps:

1. Insert your windows installation disc and restart your computer.
2. Choose your language settings, and then click next.
3. Click "Repair your computer."

Status: 0xc000000e
Info: The boot selection failed because a required device is inaccessible.

--------------------------

STOP: c000021a {Fatal System Error}
The Session Manager Initialization system process terminated unexpectedly with a status of 0xC000003a (0x00000000 0x00000000).
The system has shutdown.

Microsoft notes that the error occurs early in the boot process so that no memory.dmp file gets created. Users of Kaspersky Anti-Virus for Windows Workstations or Windows Servers may receive a "Your license is not valid" error message after installing the update.

Systems that fail to start may use the recovery options (by pressing F8 after BIOS repeatedly) to use system restore to roll back the update.

Additional information about the issue are available under KB 2839011.

Source: Ghacks

[Zex]

Kaspersky drops a grade in my book now. :s

[Matsuda]

I think it is not related for kaspersky because 2 friends that use ESET and Avast free was killed after this update. both use windows 7 32-bit.

I´m happy now by be using windows 8.... :tooth:

[anuseems]

Microsoft has advised all users of Windows 7 (and the server version, Windows Server 2008) who installed a security update on Tuesday to uninstall it, after some customers found their computers would not restart or applications would not load.

Users who experienced problems described how they saw fatal system errors like the following:

STOP: c000021a {Fatal System Error}

The Session Manager Initialization system process terminated unexpectedly with a status of 0xC000003a (0x00000000 0x00000000).

The system has shutdown.

The problem appears to be connected with Update 2823324 in Microsoft Security Bulletin MS13-036, a security update for the Windows file system kernel-mode driver (ntfs.sys).

In a blog post on the Microsoft Security Response Center, the company blamed the problem on conflicts with third-party software:

We are aware that some of our customers may be experiencing difficulties after applying security update 2823324, which we provided in security bulletin MS13-036 on Tuesday, April 9. Weve determined that the update, when paired with certain third-party software, can cause system errors. As a precaution, we stopped pushing 2823324 as an update when we began investigating the error reports, and have since removed it from the download center.

Contrary to some reports, the system errors do not result in any data loss nor affect all Windows customers. However, all customers should follow the guidance that we have provided in KB2839011 to uninstall security update 2823324 if it is already installed.

According to media reports, computers in Brazil have been particularly badly hit - with machines continually rebooting.

Microsoft's knowledgebase article on this issue, explains that one symptom of the bug can be that Kaspersky Anti-Virus for Windows may display a message claiming its license is invalid, and that as a consquence it may no longer provide anti-malware protection.

Microsoft has already acknowledged the issue and said that its working on a fix. Yes, that's right. Some people had problems with the Patch Tuesday update, so there will be an update. But in the meantime, don't update the bit that's broken.

Users are recommended to block the 2823324 security update or uninstall it if its already present.

@ http://support.microsoft.com/kb/2839011

[lurch234]

I have Win7 64 bit sp1 and the next day after installing that update I got a blue screen for my desktop. The only time I got that problem was with Malwarebytes v1.65.

I also have ESS v6 and my license wasn't messed with.The blue screen didn't last long and it didn't come back but my machine took longer to boot and not without some trouble with

certain apps not loading...

Uninstalled. End of story <_<

[Zex]

I have also installed that update, but haven't experienced any errors or crashes. :D

Using Webroot SA

[SyafaTahvBroentoeng]

Krapersky :rofl:

no effect for home user product,... ;)

[LiLmEgZ]

I think it is not related for kaspersky because 2 friends that use ESET and Avast free was killed after this update. both use windows 7 32-bit.

I´m happy now by be using windows 8.... :tooth:

It doesn't seem to be affecting Windows 7 64bit... just 32bit edition of Win7 only.

See this quote:

If you live in Brazil and run the 32-bit version of Windows 7, it’s best not to run any updates until you are able to block update KB2823324, as it is putting machines into an infinite reboot cycle.

[Gabben]

If i would believe in conspiracy theories then i would think this is a move frome Microsoft to force Win 7 users to upgrade to Win 8... :sneaky:

[dcs18]

If i would believe in conspiracy theories then i would think this is a move frome Microsoft to force Win 7 users to upgrade to Win 8... :sneaky:

Without touching upon this particular issue, I'd suppose Microsoft did conspire to foist Windows 8 upon Users of Windows 7 by not making Windows 7 UEFI compatible.

[tezza]

The buggy KB2823324 update released by Microsoft on Patch Tuesday wreaks havoc on a number of Windows 7 computers due to a compatibility issue with some third-party software solutions, including Kaspersky Anti-virus products.

Kaspersky was one of the first companies to take notice of the problem, so its developers have been hard at work to release a patch that would fix this issue on Windows 7 computers running its security apps.

The security vendor has released a patch for Kaspersky Anti-Virus for Windows Workstations and Server versions 6.0.4.1424 and 6.0.4.1611 and for Kaspersky Endpoint Security for Windows version 8.1.0.831 that should fix the bug in just a couple of minutes.

Users are required to download and apply this patch, restart the computer and let the chkdsk utility complete the disk scanning process. Afterwards, Kaspersky users need to re-introduce the license, as anti-virus protection was most likely disabled on all affected computers.

http://news.softpedia.com/news/Kaspersky-Releases-Fix-for-Buggy-Microsoft-KB2823324-Update-345161.shtml

[Hottwire]

Not experienced any issues yet, however removed as I don't want to find out

[spudboy]

Krapersky :rofl:

Kaspersky drops a grade in my book now. :s

Ridiculousness. This was a fault of MS, not Kaspersky. The affected versions of Kaspersky and Windows both worked fine before the update. Neither work after. Kaspersky products are amongst the top 5 in the industry, I'd even say top 3.