Microsoft warns users to kill botched KB 2949927 patch

Microsoft yanked SHA-2 patch KB 2949927, and now goes further and cautions users to uninstall the update

After yanking botched patch KB 2949927, which failed to install on some machines, Microsoft is now warning users to uninstall the update -- even though there has been no mention of problems after the patch is installed.

Microsoft released KB 2949927 as part of its ill-fated batch of October "Update Tuesday" patches. On Wednesday I wrote about the first patch that showed widespread problems, KB 2952664, which failed to install with error 80242016. I followed up on Thursday with details about four more patches causing problems:

  • KB 3000061, the kernel mode driver update, fails to install in some circumstances. It's still being offered through Automatic Update, without any warnings. I'm still astounded that Windows can be pwned by a fault font file.
  • KB 2984972, a patch for Remote Desktop for restricted admin logons, has well-documented problems with Microsoft App-V based programs. It's still offered, but there's a warning in the KB article about the App-V conflicts, updated Saturday, that says, "Microsoft is researching this problem and will post more information in this article when the information becomes available." There's also an unresolved report that this patch breaks Wyse multimonitor support.
  • KB 2995388, a Windows 8.1 patch rollup, has a well-known conflict with VMware that isn't documented anywhere on Microsoft's site. VMware's recommendation is to uninstall the patch.
  • The patch at hand, KB 2949927 (and its associated Security Advisory), brings SHA-2 hashing capabilities to Windows 7.

I've seen lots of reports about KB 2949927 causing multiple reboot-rollback problems on certain machines. Many home-brew fixes are listed on the TechNet forum, but all of them seem to be jury-rigged methods for installing the patch. I haven't seen any mention of problems after the patch is installed.

That's why Microsoft's new admonition, posted in the KB 2949927 article on Friday afternoon -- after the botched patch was yanked -- has me scratching my head:

This update has been removed from the Download Center because of an issue with the update. Microsoft is researching this problem and will post more information in this article when the information becomes available. We recommend that customers who are experiencing issues with this update uninstall this update.

Perhaps some people have installed the update and they're having problems that haven't yet been widely documented? Or is this recommendation completely bogus? Your guess is as good as mine.

In my opinion, if you have the patch installed, it'd be worthwhile to pull it. Microsoft has to re-release Windows 7 SHA-2 support at some point. If there are phantom problems floating around, you'd be better off killing the patch now and waiting for Microsoft to get its act together.

Copyright © 2014 IDG Communications, Inc.

InfoWorld Technology of the Year Awards 2023. Now open for entries!