Microsoft Pulls Botched Patch Tuesday Update

Microsoft has pulled one of the updates from its most recent Patch Tuesday release and recommends anyone who downloaded the fix should uninstall it.

The update added support for the SHA-2 signing and verification functionality to Windows 7 and Windows Server 2008 R2 machines with the intent of improving security over the more vulnerable SHA-1 hashing algorithm.

However some users reported “issues” after downloading the update, causing Microsoft to withdraw the fix on Friday and update its guidance.

Patch Tuesday botch

“Microsoft is investigating behaviour associated with this update, and will update the advisory when more information becomes available,” said the company.

It is unclear when the patch will be re-released for compatible machines. Windows 8 and Windows Server 2012 machines already have SHA-2 while earlier versions of the operating system, such as Windows Server 2008 and Vista are not eligible for the update.

The patch in question was released alongside seven other updates, three of which were deemed to be ‘critical’. The most notable of these was a fix for the vulnerability known as ‘Sandworm’, which had been used by Russian hackers to spy on government organisations and NATO, possibly as far back as 2009.

Microsoft has had to withdraw buggy patches before, including a UI update for Microsoft Office last September that rendered the navigation pane unusable.

Are you a security expert? Try our quiz!