Microsoft tells all Windows 7 users to uninstall security patch, after some PCs fail to restart

Filed Under: Featured, Microsoft, Vulnerability, Windows

Microsoft has advised all users of Windows 7 (and the server version, Windows Server 2008) who installed a security update on Tuesday to uninstall it, after some customers found their computers would not restart or applications would not load.

Users who experienced problems described how they saw fatal system errors like the following:

Windows fatal system error

STOP: c000021a {Fatal System Error}
The Session Manager Initialization system process terminated unexpectedly with a status of 0xC000003a (0x00000000 0x00000000).
The system has shutdown.

The problem appears to be connected with Update 2823324 in Microsoft Security Bulletin MS13-036, a security update for the Windows file system kernel-mode driver (ntfs.sys).

In a blog post on the Microsoft Security Response Center, the company blamed the problem on conflicts with third-party software:

We are aware that some of our customers may be experiencing difficulties after applying security update 2823324, which we provided in security bulletin MS13-036 on Tuesday, April 9. We’ve determined that the update, when paired with certain third-party software, can cause system errors. As a precaution, we stopped pushing 2823324 as an update when we began investigating the error reports, and have since removed it from the download center.

Contrary to some reports, the system errors do not result in any data loss nor affect all Windows customers. However, all customers should follow the guidance that we have provided in KB2839011 to uninstall security update 2823324 if it is already installed.

According to media reports, computers in Brazil have been particularly badly hit - with machines continually rebooting.

Windows 7 patchMicrosoft's knowledgebase article on this issue, explains that one symptom of the bug can be that Kaspersky Anti-Virus for Windows may display a message claiming its license is invalid, and that as a consquence it may no longer provide anti-malware protection.

Microsoft has already acknowledged the issue and said that it’s working on a fix. Yes, that's right. Some people had problems with the Patch Tuesday update, so there will be an update. But in the meantime, don't update the bit that's broken.

Users are recommended to block the 2823324 security update or uninstall it if its already present. More information on how to do this is detailed in this Microsoft knowledgebase article.

, , , , ,

You might like

68 Responses to Microsoft tells all Windows 7 users to uninstall security patch, after some PCs fail to restart

  1. Hman · 914 days ago

    What about people who have installed the update, restarted and everything 'seems' to be working ok?

    • Microsoft appears to confirm that the issue is only affecting *some* users. My guess is that if you're not using one of the offending third-party products then you may not be impacted by the problem.

      However, the official recommendation from Redmond is to uninstall the patch. I can understand why they're showing an abundance of caution, as no-one likes a computer that isn't booting properly or has had its anti-virus disabled.

      • Scott · 914 days ago

        Seems strange to me to tell people to remove a security patch on systems that are functioning properly. The idea of decreasing my computer's security because some other users might be having issues related to software that I never use seems silly to me.

        I for one am glad I installed the patch on my Windows 7 machines and have no intention of uninstalling it, since my systems are functioning perfectly fine!

      • shaine · 914 days ago

        it has affected my video driver on my thinkpad it caused an error with my extended monitor could not figure out what was going on till reading this article uninstalled the security update and presto no more problem with monitor . but what was the security update for ?

        • JimboC_Security · 914 days ago

          Hi shaine,

          This security update contains an updated ntfs.sys driver and a win32k.sys driver. Both of these are kernel mode drivers.

          It is the new NTFS driver that is causing the issue. This update was designed to address an issue when the NTFS driver improperly handles a Null pointer that has been not been de-referenced correctly.

          Microsoft has removed the download links for update kb2823324 since for an attacker to use this flaw they need to have physical access to your computer and so you are at much less risk because of this fact. The attacker would first need to be in front of your computer. This updates is still available via Windows Update.

          This is mentioned in the following Microsoft blog post:

          Full details on this update are provided in the Microsoft Security bulletin mentioned by Graham (above). Here is the direct link:

          I hope this helps. Thank you.

  2. Deg · 914 days ago

    So how do I go about uninstalling it if I've already restarted and I don't seem to be experiencing any problems? Unless I'm missing something, my computer doesn't fit into either of the scenarios Microsoft are offering assistance for. I've already restarted and my computer isn't failing to start either.

    • Richard · 914 days ago

      I'm in the same position. I managed to uninstall the update by following the instructions for scenario A - "computers that have installed security update 2823324 but have not yet restarted" - and then restarting.

    • JimboC_Security · 914 days ago

      Hi Deg,

      If you are not experiencing any issues but still wish to uninstall, you can follow these steps to remove the update:

      1.In Control Panel, open Programs, and then click View Installed updates.
      2.Select Security Update for Microsoft Windows (KB2823324), and then click Uninstall to uninstall the security update.

      These steps come from the knowledge base article linked to by Graham at the end of his blog post. That knowledge base article also describes how to uninstall the update if your computer will not start.

      I installed this update on Tuesday evening and have routinely restarted my PC several times since then. I have not experienced any issues thus I am going to leave the update installed. If Microsoft release a new version of the update and I am offered it via Windows Update again, I will install it only then.

      I hope this helps. Thank you.

      • PhredE · 909 days ago

        We are NOT all administrators, Deg.
        Move the world to running as standard user and when people offer advice they'll eventually realise that they have to point out the need for admin rights in their answers.

    • AJA · 914 days ago

      Directions to uninstall the update are provided in the KB article that is linked above:

  3. What is unclear here is whether you can remove the update in safe mode if it starts affecting you. If you can it's no big deal, just continue working, and if the bug hits later, remove the update.

    If on the other hand you can't remove the update once the s*t hits the fan, then we'd better all renove the update now.

    The MS KB luckily tells us that the former is the case; the update can be removed from the command prompt *if you have an install disk".

  4. Bryan Copeland · 914 days ago

    I Updated my Dell Laptop but I never found the update I guess microsoft removed it before I updated.

  5. MikeP_UK · 914 days ago

    Don't you just love how well 'tested' the software is these days?

    Glad we have a System Restore feature as that seems to be the only saving grace in this saga.

    • Nate W. · 914 days ago

      Try to imagine how expensive software would be if every program writer had to staff sufficiently to test EVERY possible combination of software and hardware. If testing seems poorer today than it did 10yrs ago, it might have something to do with the shorter acceptable dev time tables and a much larger number of software writers all dumping their application onto systems with 30 other software writers.

  6. Dave · 914 days ago

    I uninstalled the update, restarted, then went out to Windows Update. Sure enough, there's the same update waiting to be installed! If this is such a concern to MS, then why didn't they pull the Windows Update after they've told users to uninstall it?
    I did not have an issue here, but we are not taking the chance of issues cropping up, so we've pulled it from our WSUS server.

  7. Tom westheimer · 914 days ago

    If it ain't broke don't fix it. I just removed it and had trouble restarting windows 7 after ....

  8. toto · 914 days ago

    how to start a computer which can not start any more ?

    • JimboC_Security · 914 days ago

      Hi toto,

      I am sorry to hear that you are experiencing an un-bootable computer.

      As AJA mentioned in their comment above, the instructions on how to remove this update when your PC is unbootable is provided at the following link:

      If you require any further advice, please let us know. Thank you.

    • Scott · 914 days ago

      You will probably need something like a Windows 7 recovery disk. The Windows 7 install disc might let you boot up into recovery mode, I am not sure. Either way, once there, there is an option to use Windows 7's system restore. Before installing Windows patches, Windows usually makes an automatic system restore, unless system restore was otherwise disabled before hand. In a situation like this, a bootable disk and a Windows 7 restore can be a life saver.

    • Scott · 914 days ago

      Simplest method to use system restore in a non-bootable machine that recently installed the security patch:

      Option 1: Recover the last Restore Point

      Restart by using the F8 key.
      Select Repair your Computer.
      Select the language, and then log on to the computer.

      Note If you do not know the local password, you must start by using a Windows 7 DVD or USB bootable media. Then, access System Recovery Options.
      Select System Restore from the menu:

      Restore the last restore point. This uninstalls security update 2823324.
      Restart the computer into normal mode.

  9. @ Deg,

    Go into control panel/programs/view installed updates...Find Update 2823324 (easiest to refer to the date you did this month's update), uninstall, restart.

  10. 404techsupport · 914 days ago

    Do they say what the third party software is? Is it just Kaspersky or are there other products?

    • shaine · 914 days ago

      it also affected bitdefender internet security 2013

    • MichP · 914 days ago

      I had problems with XP computers running an old version (5) of Avast (the free version). An XP machine running Avast 8 and a Windows 7 64-bit laptop running Avast 6 have been fine. I fixed my problem by updating to Avast v8 on one computer and uninstalling Avast and using Microsoft Security Essentials on the other one.

  11. gene · 914 days ago

    I had it installed and had no issues with rebooting, but went in and found it anyway, which wasn't as easy as I thought as the first batch of 4/10 updates didn't have it listed and I thought they were in date order, but scrolled down and found it anyway. Uninstalled and rebooted, and here I am. But here is what is funny, and annoying. Windows update is offering me the same dang patch again! If I hide that patch, will the ultimate fix ever be visible to me?

    • Beatlefan · 914 days ago

      I have the same issue, Gene. I thought it was being removed from the update links?

      • JimboC_Security · 914 days ago

        Hi Beatlefan,

        You are correct, the update remains available for download via Windows Update but the links for the kb2823324 update in the Security bulletin no longer work.

        This is mentioned in the following Microsoft blog post:

        @Gene: I would set the Windows Update settings to:

        Check for updates but let me choose whether to download and install them

        Download updates but let me choose whether to install them

        This way when the revised update is made available you can download it then (this is a pre-caution only as you should in theory be able to un-hide any update you have previously hidden) but the above approach works around that issue.

        I hope this helps. Thank you.

  12. Mr Gues · 914 days ago

    one word.. LINUX!

    • klaatu · 914 days ago

      The most singularly perfect word I know and so - yes, get LINUX...!!!

  13. Anonymous · 914 days ago

    I'm a little torn about uninstalling a security patch when my system is still working. Once the security patch is released, the "bad guys" can start analyzing it to figure out what the problem was in the first place, and devise an attack for unpatched systems. If everyone removes the patch, well, that attack is likely to be pretty successful.

  14. Bob Hannah · 914 days ago

    This issue may go further back then what Microsoft is saying. I am dealing with an issue with some Patches that attempted to install back in February and did not install properly. These patches were Security patches for Win 7 64 bit systems that worked with the kernal and changed the system configuration preventing the system from booting correctly and causing the system not to allow new secuirty patches to install. Microsoft while they are aware of the issue, because I have spent a lot time trying to various steps to fix the problem none of the steps actually works. The MS Office Patches install correctly, but not the O/S patches or the IE Patches. The only work around that I have been able to get to work correctly is to tell the system to go back to the last known good configuration and to turn off Microsoft updates because the updates do not install properly. Other updates like Java, Flash, Adobe, Antivirus, continue to update correctly.

  15. Michele · 914 days ago

    My computer will not power up at all. Now what?

    • JimboC_Security · 914 days ago

      Hi Michele,

      Sorry to hear that.

      Please follow the advice provided in the following knowledge base article by Microsoft (see the Resolution section) and/or see the advice provided by the commenter named Scott (above):

      If you require any further advice, please let us know. Thank you.

    • Emir · 914 days ago

      Check if it is plugged in an outlet

  16. Beatlefan · 914 days ago

    I uninstalled it, but when windows checks for updates it is back on the list. I thought it was removed from the update links?

    • JimboC_Security · 914 days ago

      Hi Beatlefan,

      Please see the clarification that I provided in my response to your comment above (in your response to gene's comment). It should answer your question. If not, I will be happy to provide any further assistance that I can.


  17. Basil · 914 days ago

    Just uninstalled 2823324. I then checked for any available updates and 2823324 is NOT offered.

    • JimboC_Security · 914 days ago

      Hi Basil,

      That's interesting. Perhaps Microsoft have decided to take it down from Windows Update to avoid any further disruption/inconvenience.

      Thanks for this information.

  18. Removed and then it download and installed straight away

  19. Eric · 914 days ago

    Kaspersky played up, so I uninstalled 2823324, restarted the PC and things are ok now.

  20. klaatu · 914 days ago

    Sounds more like they are trying to get users to migrate to linux, lol.

  21. Easy to fix for a tech but not for the majority of Windows' users. With all the money that Microsoft cashes in from software vendors who need to have verified and approved their drivers, that should have never happened.

  22. Rod · 913 days ago

    I installed this on April 12. Was this a corrected version?

  23. Ken · 913 days ago

    The news comes a bit too late unfortunately :/

    Mine failed to restart the first time and jammed up but after forcing it to power off it restarted on the second try.

  24. Charlie · 913 days ago

    How do I uninstall it and how do I ever check whether I have that update installed?

    • Mary · 912 days ago

      I went to control panel, add/remove programs, then choose the updates and found it in there, it's still available as a download though, so i choose whether or not i install now from microsoft.

      the update went through fine, however, when i'd leave my computer running for an took awhile to bring it out of the mode it was in, enough to make me worry something was wrong.

  25. umsami · 913 days ago

    I updated with no problem.

  26. gregbacon · 913 days ago

    Microsoft announces that the best way to avoid problems with Windows 7 is to purchase and install Windows 8.

  27. Thomas · 912 days ago

    I had several issues after installing the 9 patches on 4-9 Patch Tuesday. Did not even think of the patches as possible cause of issues. Here were some of the issues I experienced: fingerprint reader would not function to start up, had to use other credentials; some desktop icons moved on screen upon restart after installing updates; security zone on AV product (not Kaspersky) changed, preventing wireless from working.
    The first two were inconveniences, the third was a frustrating couple hours of rebooting modem and router without resolution and digging around to discover the issue. Thank you Microsoft! I've put less maintenance into a truck I've owned for 35 years than I've had to put into the 4 computers with MS OS I've owned over the last 12 years. Isn't technology wonderful?

  28. Lynn · 912 days ago

    Uninstalling it caused me further problems. My computer wouldnt boot. Started it in Safe Mode and it is working OK now but update still there - can't get rid of 2823324

    I uninstalled on laptop and laptop booted back OK but when I look in update list - it is still there! I don't intend to do any more until Microsoft know what they are about as uninstalling is causing me more problems than the update being there!

    • JimboC_Security · 912 days ago

      Hi Lynn,

      Since you laptop is once again working, you are correct, leaving the update installed is definitely the best course of action.

      If at any time you wish to uninstall it, there are alternative methods to uninstall it as described in the following Microsoft Knowledge base article (see the Resolution section) or you can also follow the advice provided by the commenter named Scott (above):

      Scenario B: Recovery steps for computers that have installed security update 2823324 and are now failing to start

      Option 1: Recover the last Restore Point
      Option 2: Recover the last Restore Point
      Option 3: Uninstall security update 2823324 at the command prompt

      If you require any further advice, please let us know. Thank you.

  29. Lynn Sharpe · 911 days ago

    Ignore my previous post above - KB2823324 has gone from Laptop and Desktop. I was looking at update history instead of installed updates.

    Did have trouble uninstalling on Desktop though but not on laptop.

  30. jthegonz · 911 days ago

    Get a Macintosh! :)

  31. Nat · 911 days ago

    I've read this only affects 32-bit systems.
    Is that correct?

  32. On phone with ms now. Because i did everything to recover from black screen, per their instructions, no change. They toldd me i need to upgrade from vista and when i told them no i am not the only person that still cant use compter a week after theirr error .... they hung up on me !!! Am now on hold for a supervisor. Oh, they are emailing directions for me to read from phone. Yippee. Not. I told them i already followed their online diections. I bet they just sent me same. Is it possible to find anyone that gives a crap?

    • JimboC_Security · 903 days ago

      Hi Mary,

      I am sorry to hear about the issues you have been facing.

      Microsoft have now replaced the defective update kb2823324, with kb2840149 which should work without issues.

      This is now available via Windows Update. I installed it on my PCs a few minutes ago and everything remains normal.

      In the FAQ of the following security bulletin, Microsoft provides a link to an ISO file that can be used to create a bootable disc to recover your PC and repair it to a working state:

      Full details are provided in the Update FAQ within the above link.
      This ISO is available from the following link:

      Please note that is has the following limitations:

      1) This will not run on old hardware (pre 2004) that does not support NX (i.e. DEP).

      2) This will only run on Windows 7 32 bit installations.

      3) It will not work if BitLocker is enabled.

    • JimboC_Security · 903 days ago

      Further steps to repair your PC are available in the following knowledge base article:

      The Microsoft Support staff are only trying to assist you. While it is a frustrating situation, please try to work with them as best as you can.

      If I can assist any further, please let me know and I will be happy to do so.

      I hope this helps. Thank you.

  33. Squall · 902 days ago

    The only reason I found out about this was because Windows Update popped up saying there was an important update to be installed a few minutes ago, so I Googled it wondering why when the next patch Tuesday isn't for a while yet. Glad I found out before anything happened to my computer.

  34. Eric · 875 days ago

    Hi, i got windows update on the 13th of April. It was successful but i didn't try to re-open my laptop. I went out of town for a month and left my laptop in our office. When i got back, tadaaaaa . . . It turned on eventually, tried to boot up at windows and goes to HP diagnostics window.

    I patiently tried a couple of times (10x) but the same occurs.

    I tried system restore on the last restore point. That time i saw the last update for windows. I tried to click the last restore point prior to the update. Unfortunately, nothing happened. It's been 4 days now and i am thinking of going to any computer shop that would do something. But i guess they'll just reformat my HDD and re-install the OS.

    Is there other option other than reformatting my HDD? Badly needs advice. :(

    • Eric · 870 days ago

      The update was tranfering all my system files to another drive. Previously, all my system files was on C:. Now, i used a 2.5HDD adapter and checked the contents of my affected laptops HD, it is already on drive D:. C: is empty. All my files are intact in D: and i guess that's the reason why all affected PC's are rebooting. Not unless it's not the same case.

      Can i just remove C: and rename drive D? Any inputs guys? Badly needed help before doing last option >>> reformat... grrrr

  35. 6toy · 865 days ago

    f8 on startup. run safe mode, msconfig in windows, turn of antivirus on startup, restart and/or delete antivirus.

  36. Jessica · 852 days ago

    It crashed BOTH of my computers!! I had to completely reformat my laptop. GRR. And my desktop fixed itself, but now it says it has no boot drive! I will never use IE again.

  37. sheila · 851 days ago

    My computer was at my summer home. Emachine, 1 year old. I hooked up a new wireless router to it, ran the startup disc, and then once connected to internet BAM! I got the fatal error then my pc shut down. I cannot get it back on! What do we do once this happens? How do we uninstall something if we can't get into our pc?

  38. Pewpew · 843 days ago

    Well I uninstalled it and my laptop continues to stop responding, nothing will load up,or at least if it does it just stops responding. Anything anyone could advise that I should do?

  39. sandeep · 841 days ago

    Mistakely i have installed Windows XP Servicepack 3 in my windows 7 computer.
    now my computer is not starting.i want to uninstall Windows XP Servicepack 3 from my
    when i am starting my computer it is showing following option
    option I.
    launch startup repair (recommended) after i click on this option windows load some files but doesn't move further.{this is due to some changes in hardware or software this is shown in first line of window)
    option II.
    start normally after i click on this option windows load some files but doesn't move further.
    please suggest me how to solve this problem
    thanks in advancs

  40. Chris bond · 824 days ago

    I am so pI$$ed off with windows malfunctioning, that I am seriously thinking of dumping Windows altogether and getting an An Apple Mac. The latest malfunction fiasco is around two or three time an hour I get flags up saying my Kaspersky, and internet security is turned off, Apparently this is a known fault, but along with several others Microsoft/ Windows couldn't give a $hy- te!!

  41. Lou · 779 days ago

    Precisely why my next machine will be a Mac. This is my last MS machine. Apparently musicians are also not that important as customers to MS as well since much of my recording and sequencing software doesn't work anymore with Win 7 due to removal of key architecture involved. Such BS should not be tolerated!

    Done with MSBS

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley