Microsoft is reporting that a recent Windows update is causing serious problems with many computers that have received it as an automatic update. The update, KB 3004394, was released on December 9 and “is causing additional problem[s] on computers that are running Windows 7 Service Pack 1 (SP1) and Windows Server 2008 R2 SP1. This includes the inability to install future updates, ” according to Microsoft’s official page. The problem does not seem to affect computers running other versions of Windows.
The KB 3004394 update is what is known as a patch, meaning it was designed to fix a known bug. It turns out, in this case, that the patch is a bug and the fix is worse than the problem. The update disables portions of User Account Control. Since User Account Control handles critical security features such as allowing or disallowing changes to user accounts and permissions of installed programs and applications, disabling it causes a variety of security risks and can cause programs and applications to fail. The update also disables Windows Defender, the virus protection built into Windows, leaving computers vulnerable to a trove of malware including viruses and spyware.
On the Windows forums, many users complained of a variety of issues:
Windows Authentication failing to recognize that a Windows installation is valid
System Files being corrupted
BSOD (Blue Screen Of Death) caused by complete system failure
Hardware Drivers failing
Network Issues
Random Error Messages related to User Account Control
The list goes on, but these seem to be the most common problems. Not all users are experiencing all of these issues and some are not experiencing any.
Initially, users were in the dark as to what was causing the myriad of issues they were experiencing, due at least in part to the sporadic nature of the problems. When it was discovered that the KB 3004394 update was to blame, Microsoft began working on the new patch to remove the update and replace it.
Microsoft issued an automatic update to remove the KB 3004394 update and repair the damage. The absurdity of having to issue a patch to repair the damage done by a patch that was released to repair problems caused by vulnerabilities that should have never existed in the first place should be bad enough, but this time Microsoft has outdone themselves. By issuing the new patch as an automatic update, the company is failing to address at least one major problem caused by KB 3004394: automatic updates are not working for a large number of users’ computers.
The only solution for these users is to download and manually install the new patch, a process that many users may find to be too technical. For those experiencing corrupted system files or the Blue Screen Of Death, the only solution may be to format their hard drives and reinstall Windows. Unless these users have backed up their data, they will lose everything, since formatting the hard drive erases all data.
This is not the first time a Microsoft update has disabled systems. Moving forward from here, many security experts are recommending that users disable automatic updates and download and install new updates only after any bugs have been discovered and fixed.
This might be a good time for Windows users to consider switching to Linux.