When Microsoft was preparing Windows 8 and Windows RT there were concerns about the way the OS was locked down. Many existing anti-malware applications would not work properly with Windows 8 and not at all on Windows RT. If these applications would install at all they all too often did not have access to critical parts of the OS (and file system) and were not capable of removing threats they did find there. Microsoft claimed that simply enabling this extra security on the core parts of the OS and file system would server to mitigate many threats. Unfortunately it seems they did not learn their lesson when they tried this with both Vista and Windows 7. Those protected areas became primary targets for malware writers. Fortunately the anti-malware companies were able to find a way to work within the new framework and we have options to scan for and remove malware on x86 versions of Windows 8 (Windows RT is still another matter).
However is looks like Microsoft is not content with just locking down Windows 8, they have released two security patches that fix issues with the way that applications can elevate privileges. The two fixes were intended to prevent third-party applications (Malware) from being able to run with elevated privileges and install malware or compromise the security of the system. The patches were part of MS13-036; unfortunately Microsoft appears to have gotten the patch half right. It seems that one of the fixes (2823324) causes havoc with the file system and certain anti-virus software (Kaspersky). Some of the symptoms that this patch did not work as planned are errors on boot, application errors, applications failing to launch, Kasperrky showing that there is no valid license, and according to some reports a continuous boot loop.
Microsoft is aware of the issue and has released a statement and instructions on how to remove the patch if things have gone bad. According to Microsoft you do not have to worry about data loss, but you should uninstall patch 2823324 by following their instructions;
“Contrary to some reports, the system errors do not result in any data loss nor affect all Windows customers. However, all customers should follow the guidance that we have provided in KB2839011 to uninstall security update 2823324 if it is already installed.”
All of this on top of the news that Microsoft’s Bing returns 5 times more malicious sites in their search results than Google. Like we said sometimes it seems like Microsoft and Malware go hand-in-hand…
Tell us your thoughts in our Forum