Microsoft Pulls Faulty SHA-2 Patch for Windows 7 and Server 2008 R2
In Microsoft’s latest Patch Tuesday, the company has been forced to pull the update for the second time in three months after users reportedly received errors following the installation.
Microsoft’s Patch Tuesday program on its Windows Update Service has been postponed due to a faulty software update. Patch Tuesday’s are Microsoft’s monthly patch cycle, allowing administrators and consumers to know when to update their services. This gives system administrators of large companies a set day in which they can schedule a download and test cycle. Microsoft has argued it provides better stability and reliable updates among the increasing threats and zero-day vulnerabilities.
Last week in Microsoft’s Patch Tuesday, the company added support for the SHA-2 hashing algorithm in its Windows 7 and Server 2008 R2 operating system versions, a feature that comes standard with Windows 8 and further system versions. Microsoft had finally made SHA-2 available for Windows 7 and Windows Server 2008 R2 which was short lived, being pulled in only three days, in the company’s Security Advisory 2949927.The patch has since been removed due to the patch causing issues with users computers. Microsoft’s updated security bulletin said the patch has been removed from the Download Centre because of an issue with the update.
Microsoft’s official statement read:
“Removed Download Center links for Microsoft security update 2949927. Microsoft recommends that customers experiencing issues uninstall this update. Microsoft is investigating behavior associated with this update, and will update the advisory when more information becomes available.”
All download links in Microsoft’s security advisory for the Patch now direct to non-existent pages.
Microsoft has not yet released any form of a fix and has instead advised users to uninstall the security update. To remove the faulty update, you can open the Windows Control Panel, navigate to Programs and Features, click View Installed Updates, select ‘Security Update for Microsoft Windows (KB2949927)’ and uninstall the patch.
Microsoft’s patch fixed a vulnerability that had been actively exploited for five years as part of the Russian Sandworm APT campaign, which saw Nato targets being actively exploited as part of an intensive cyber-espionage initiative.