Microsoft has urged customers to uninstall a security update made available last Tuesday after widespread reports that it has locked computers with the notorious Blue Screen of Death (BSOD).
MS14-045 was one of nine bulletins released on the August 12 Patch Tuesday and dealt with three elevation of privilege vulnerabilities in Windows.
However, Redmond was forced to pull the bulletin after complaints that it caused systems to crash with a “0x50 Stop error message (bugcheck)”.
MS14-045 is not only causing the dreaded BSoD, though, with Microsoft warning that it could also lead to fonts not rendering correctly.
A third “known issue” being investigated was described as follows:
After you install this security update, fonts that are installed in a location other than the default fonts directory (%windir%\fonts\) cannot be changed when they are loaded into any active session. Attempts to change, replace, or delete these fonts will be blocked, and a "File in use" message will be presented.
Paul Ducklin, Sophos’ APAC head of technology, explained that the BSOD issue didn’t show up in testing because it only happens “under rather specific circumstances”.
“You need to have one or more OpenType Font (OTF) files, installed in non-standard font directories, that are recorded in the registry with fully-qualified filenames,” he added in a blog post.
“A default Windows 8.1 install, for instance, includes only TTF (TrueType Font), TTC (TrueType font Collection) and FON (Windows bitmap FONt) files, recorded without pathnames.”
Microsoft has published a detailed workaround while it investigates the problems, which involves uninstalling MS14-045 as well as three other updates: KB2970228, KB2975719, and KB2975331.
“Unfortunately, and understandably, Patch Tuesday aftershocks of this sort leave sysamdins wondering if they should approach future updates more cautiously,” noted Ducklin.
“We regularly urge you to ‘patch early, patch often,’ so let's hope Microsoft's patch for the broken patch goes smoothly, lest even those who weren't affected this time get cold feet next month.”
This is by no means the first time Microsoft has been forced to withdraw a security bulletin after users reported problems.
In April 2013 Redmond told users to uninstall a patch related to MS13-036 after it caused the Blue Screen of Death.