Microsoft seems to be at it again; first puts up a buggy update only to remove it

Microsoft engineers are sure having the roughest patch of their careers. They did the same thing last month and on Tuesday repeated it.  A update containing several patches was released by Microsoft as a part of mega fix called Black Tuesday, for all the CVE’s reported to Microsoft. It seems that one of the update was causing the system reboots in loops after installation.  The issue flared up all over the techforums and of course, Reddit,  forcing, Microsoft to withdraw the update.

Microsoft Security Advisory 2949927

The said update was released on Tuesday and  described in Microsoft Security Advisory 2949927.  Microsoft Security Advisory 2949927 has added SHA-2 hash algorithm signing and verification for Windows 7 and Windows Server 2008 R2. However the update seemed to be malworking causing the users to reboot their systems in a loop.

It was one of three proactive security feature updates released on Tuesday in addition to the eight patches of Windows and Office.

On Friday, October 17 Microsoft revised the 2949927 advisory with the following statement:

Removed Download Center links for Microsoft security update 2949927. Microsoft recommends that customers experiencing issues uninstall this update. Microsoft is investigating behavior associated with this update, and will update the advisory when more information becomes available.

Let’s start with the less upsetting patch, KB 2952664. It was released to the Automatic Update chute on Oct. 14, this month’s Black Tuesday. The ensuing uproar  and the backlash on the tech forums was so bad as the patch failed to install on many Windows 7 machines and was giving error 80242016.

The more disconcerting patch, KB 2949927 mentioned above was one of the four botched patches.It is supposed to add SHA-2 hash signing and verification capability to Windows 7. But if a user tries installing, some machines reported to lead to multiple reboots failing with error 80004005

The workaround

There was a complex workaround has been proposed by Pavel Stastny on the TechNet forum and is further explained by Intros9 on Reddit.

microsoft botchup

Amidst the brouhaha, Microsoft quietly yanked off the patch on Thursday without any explanation. As of now, the article on Technet doesn’t describe the multiple-reboot failure problem, nor does the Security Advisory and the direct download links in the Security Advisory lead to “We are sorry, the page you requested cannot be found” pages.