Microsoft pulls security update over software conflicts

A security update issued by Microsoft on Tuesday isn't playing nicely with other software, prompting Microsoft to pull it from its download center.

Dustin Childs, group manager of Microsoft Trustworthy Computing, revealed the problem in a blog post late yesterday:

We are aware that some of our customers may be experiencing difficulties after applying security update 2823324, which we provided in security bulletin MS13-036 on Tuesday, April 9. We've determined that the update, when paired with certain third-party software, can cause system errors. As a precaution, we stopped pushing 2823324 as an update when we began investigating the error reports, and have since removed it from the download center.

Childs said the system errors don't affect all Windows users and don't cause any data loss. However, he advised all people who installed the update to uninstall it by following the steps outlined in a Knowledge Base article published after the problem was discovered.

Despite Microsoft's advisory, the problem is hardly widespread, according to security firm Qualys.

"The problem is mostly confined to users in Brazil that have the banking security plugin 'G-Buster' installed," Qualys Chief Technology Officer Wolfgang Kandek said in a blog posted on Friday. "G-Buster is locally developed in Brazil by the company 'GAS Tecnologia' and is widely installed in Brazil. Given the number of complaints in Brazil, it is clear that Microsoft does not have this particular combination of Windows 7 and G-Buster plugin in its QA setup."

The update in question fixes a moderate-level security hole that requires someone to have physical access to a computer in order to exploit it. Tuesday's overall security package is still available but no longer contains the buggy update. As such, Microsoft advises that Windows users who haven't yet applied the patches to install them.