Tuesday 3 September 2013

Windows Update KB2859537

Microsoft seem to be having a poor time with their monthly Windows updates in 2013.  August's monthly updates included several security patches including one for the kernel - KB2859537 - which seems to be causing a few problems.  Reported symptoms include application freezes and BSODs, but many systems are are unaffected.

Based on superficial evidence, problems may be affecting systems that have:
  • Windows 7
  • IE10 installed
  • more than 3 cpu cores
  • Avast antivirus installed
  • third-party apps that directly alter the kernel.

My own system (Windows 7 SP1 32-bit, dual-core) had no apparent problems, but a friend's 32-bit 4-core laptop was brought to its knees.  Any attempt to start a system program or Outlook resulted in a systems freeze, although web surfing could take place happily for up to an hour or so.  Removal of this update proved troublesome because system restore points were limited by a very full system disk, and running Windows Update resulted in, yes, a system freeze - grrr!  It was eventually removed in safe mode, but even that was not straightforward.

Interestingly, restarting after KB2859537 removal did not cure the problem.  However a clean boot did sort things out.  Time to exclude both hardware faults via diagnostics, and malware via AV scans (aswboot, TDSSkiller, MBAM) - no problems revealed.

By disabling various start-up processes and services, the machine finally became stable with everything running except Avast.  Using 'Programs & Features' to repair Avast did not fix the problem, nor did removing and re-installing it.  So a new copy was downloaded and installed - success!

So that the offending update did not get re-installed, Windows Update settings were changed to 'notify' rather than 'automatic' on that laptop.  A backward step in terms of combating malware, but the owner would prefer to be able to use her PC please.

So did KB2859537 change something in the kernel that Avast had altered?  Or did KB2859537 trample over some vital part of Avast?  Did Avast make a change shortly after KB2859537 was released?  There was no mention of that on Avast's web site at the time.  We may never know; at the time of writing, Microsoft is still investigating and requesting examples of systems with problems.  But the update still lurks in my updates list with the check-box ticked, even though some report it is unticked.

If this post helped you, please leave a comment - thanks!

Posted by at
Labels: , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)