It is now safe. That is what Microsoft is saying about the re-released security update that caused users’ computers to crash and crippled the machines with countless supply of reboots.
The revamped MS13-036 update — first issued April 9, but pulled three days later from distribution — “resolves issues some customers experienced,” said Microsoft spokesman Dustin Childs.
“The new update, KB2840149, still addresses the Moderate security issue described in MS13-036, and should not cause these [rebooting] issues,” Childs added in a post to the Microsoft Security Response Center blog.
Two weeks ago, Microsoft yanked one of the two patches comprising MS13-036 from the Windows Update service as reports spread the fix was generating the notorious “Blue Screen of Death” (BSOD) error message and paralyzing PCs with repeated reboots.
Microsoft never clearly described the causes of the BSODs and endless reboots, saying at the time, “We’ve determined that the update, when paired with certain third-party software, can cause system errors.” Childs today also declined to get into specifics, instead saying only that “some customers were having issues.”
Customers and experts, however, pinned blame on combinations of the security update and “G-Buster,” a browser security plug-in widely used in Brazil for online banking; and on the Microsoft patch and Kaspersky Lab security software.
In a support document, Microsoft posted several error messages that were symptoms of the patch failure, and recommended that Windows 7 users uninstall the update.
The revised MS13-036 update is now in the Windows Update service, and will end up downloaded and installed by machines with Automatic Updates enabled. Microsoft urged those who manually download patches to deploy the re-release at their earliest convenience.