Awkward —

Microsoft withdraws bad Windows 7 update that broke future Windows 7 updates

Broken update also blocks install of third-party software.

One of this week's Patch Tuesday updates for Windows 7 has been withdrawn after some users discovered that it blocked installation of software containing digital signatures, including first- and third-party software, and even other Windows updates.

The problem update is called KB3004394. The purpose of this update was to change how Windows updates its collection of root certificates used to authenticate SSL and TLS connections. Without the update, Windows is meant to poll for certificate updates once a week. With the update, this frequency is increased to once a day.

Unfortunately, this apparently simple change has had severe consequences for some users of Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1, with users reporting that Windows Update, drivers from both Nvidia and AMD, and some third-party software including Virtual Box are all unable to install correctly. The error code 0x8004FF91 seems to be a common finding.

Microsoft has issued a second update to remove the bad update from affected machines and has withdrawn the original update for Windows 7. However, the company continues to offer, and recommend, the patch for Windows 8, 8.1, Windows Server 2012, and 2012 R2.

This withdrawn update is the latest of several updates that Redmond has pulled this year. The certificate update isn't the only patch from this Tuesday that was withdrawn; an Exchange 2013 update was also withdrawn temporarily after problems were discovered by end users. The Exchange patch has now been updated and reissued. It's unclear how widespread the certificate problem—or any of the previous problems that have caused patches to be reissued—really is, but there's nonetheless a growing sense among many Windows users that patches are less reliable, and more frequently withdrawn, than they used to be. This concern is compounded by Microsoft's decision to lay off many dedicated software testers earlier in the year.

With Windows Update so important to keeping Windows users secure, a loss of confidence would be very bad news. But if this kind of problem continues, that seems like an inevitable outcome. While IT departments might be able to test updates in a lab before deploying them, providing some protection against faulty fixes, home users have no such luxury. Users have to have confidence that installing an update won't break their machine. Broken, withdrawn updates shake that confidence.

Channel Ars Technica