Microsoft pulls the plug on buggy security updateBy Shawn Knight
Microsoft has pulled the plug on a buggy security update released as part of Patch Tuesday earlier this week. The issue first came to light a couple of days ago when some PCs in Brazil were rendered unbootable after installing update 2823324.
Microsoft has since addressed the issue in a post on TechNet. In it, Microsoft said they stopped pushing the update in question as a precaution when they began investigating error reports. The issue has to do with the update conflicting with certain third-party software, Microsoft said.
Contrary to previous reports, the company noted that the system error does not result in any data loss nor does it affect all Windows customers. That said, customers are advised to follow the guidance provided in KB2829011 to uninstall the update if it has already been installed. No worries if you haven't installed it as Microsoft has removed it completely from the download center.
Update 2823324 addresses a moderate-level vulnerability that can only be exploited if an attacker has physical access to a machine. The security bulletin released on Tuesday - MS13-036 - is still available for download if you haven't already picked it up (sans update 2823324, of course).
Interestingly enough, Microsoft didn't mention if the update was specifically related to customers in Brazil so it appears this could have just been a coincidence. Furthermore, Redmond didn't address which third-party software was causing problems with update 2823324.