Microsoft pulls faulty SHA-2 patch

October 20, 2014 | 11:38

Tags: #insecurity #patch #patch-tuesday #security #update-tuesday #windows-7 #windows-server-2008-r2

Companies: #microsoft

Following its monthly Patch Tuesday release cycle earlier this month, Microsoft has once again pulled an apparently faulty update that has been causing its customers some grief in what is turning into a regular occurrence for the company.

Microsoft implemented Patch Tuesday on its Windows Update service as a means of providing a longer testing period for software updates internally as well as giving system administrators a set date on which they should schedule a download and test cycle. This, the company has argued, provides more stable and reliable updates while only slightly increasing the threat from zero-day attacks - flaws made public before a patch is available for download - for which it sometimes breaks the cycle and releases emergency patches.

Over the past two years or so, however, something appears to have gone wrong with Microsoft's quality assurance arm. It became rare in 2013 for a Patch Tuesday, now quietly rebranded by the company to Update Tuesday to avoid negative connotations, to pass without at least one - or as many as ten - to be withdrawn from availability following reports from customers that they cause ill-effects ranging from denial of service on enterprise applications to reboot cycles that can require a considerable song-and-dance to recover.

While things appear to have been improving of late, October, it appears, is to be the month in which Microsoft reverses this trend. A patch designed to add the SHA-2 hashing algorithm, a standard feature of Microsoft's Windows 8 and associated operating systems, to Windows 7 and Windows Server 2008 R2 - Security Advisory 2949927 - has been withdrawn from download following customer complaints. 'This update has been removed from the Download Centre because of an issue with the update,' the company confirmed in an updated security bulletin. 'Microsoft is researching this problem and will post more information in this article when the information becomes available.'

For now, anyone finding their system operating a little screwy since Patch Tuesday is advised by the company to go into Programs and Features in the Control Panel, click View Installed Updates, then select 'Security update for Microsoft Windows (KB2949927)' and uninstall it.
Discuss this in the forums
Video: Corsair Crystal Series 680X RGB Build

March 12 2019 | 19:11

TOP STORIES

SUGGESTED FOR YOU