Microsoft issues new version of patch pulled on Patch Tuesday

Microsoft has reissued a patch for Windows after an earlier version led to some machines crashing and suffering the 'blue screen of death'.

The first patch, security update 2823324, which fixed flaws in the NTFS kernel-mode driver of Windows, was pulled earlier this month after some users reported getting a "STOP: c000021a {Fatal System Error}" error message after installation.

Read this

Patch Tuesday: Microsoft to fix four critical flaws, all versions of IE at risk again

• Read more

A new version of the patch was made available by Microsoft yesterday.

Windows users with automatic updating enabled will receive the new patch, while those with it disabled will need to install the fix manually.

Microsoft recommends that customers uninstall the earlier security update 2823324 that triggered the initial error message. Instructions for how to uninstall the update and recover affected machines are available here.

The patch fixes three privately disclosed and one publicly disclosed flaw in an NTFS kernel-mode driver that could allow a user to elevate their privilege level. An attacker would need valid logon credentials and be able to log on locally to "exploit the most severe vulnerabilities", according to Microsoft.

The flaws affect versions of Windows XP, Vista, 7, 8 and RT, as well as versions of Windows Server 2003, 2008 and 2012. A full list of the affected versions is available here.

The security update addresses the vulnerabilities by correcting the way that the Windows kernel-mode driver handles objects in memory.