Microsoft issues new version of patch pulled on Patch Tuesday

Microsoft has issued a new version of a patch after an earlier version caused some users' machines to suffer the blue screen of death.

Microsoft has reissued a patch for Windows after an earlier version led to some machines crashing and suffering the 'blue screen of death'.

The first patch, security update 2823324, which fixed flaws in the NTFS kernel-mode driver of Windows, was pulled earlier this month after some users reported getting a "STOP: c000021a {Fatal System Error}" error message after installation.

A new version of the patch was made available by Microsoft yesterday.

Windows users with automatic updating enabled will receive the new patch, while those with it disabled will need to install the fix manually.

Microsoft recommends that customers uninstall the earlier security update 2823324 that triggered the initial error message. Instructions for how to uninstall the update and recover affected machines are available here.

The patch fixes three privately disclosed and one publicly disclosed flaw in an NTFS kernel-mode driver that could allow a user to elevate their privilege level. An attacker would need valid logon credentials and be able to log on locally to "exploit the most severe vulnerabilities", according to Microsoft.

The flaws affect versions of Windows XP, Vista, 7, 8 and RT, as well as versions of Windows Server 2003, 2008 and 2012. A full list of the affected versions is available here.

The security update addresses the vulnerabilities by correcting the way that the Windows kernel-mode driver handles objects in memory.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All
See All