Microsoft seems to be at it again; first puts up a buggy update only to remove itMicrosoft Security Advisory 2949927The workaround
Microsoft Security Advisory 2949927
The said update was released on Tuesday and described in Microsoft Security Advisory 2949927. Microsoft Security Advisory 2949927 has added SHA-2 hash algorithm signing and verification for Windows 7 and Windows Server 2008 R2. However the update seemed to be malworking causing the users to reboot their systems in a loop. It was one of three proactive security feature updates released on Tuesday in addition to the eight patches of Windows and Office. On Friday, October 17 Microsoft revised the 2949927 advisory with the following statement: Let’s start with the less upsetting patch, KB 2952664. It was released to the Automatic Update chute on Oct. 14, this month’s Black Tuesday. The ensuing uproar and the backlash on the tech forums was so bad as the patch failed to install on many Windows 7 machines and was giving error 80242016. The more disconcerting patch, KB 2949927 mentioned above was one of the four botched patches.It is supposed to add SHA-2 hash signing and verification capability to Windows 7. But if a user tries installing, some machines reported to lead to multiple reboots failing with error 80004005
The workaround
There was a complex workaround has been proposed by Pavel Stastny on the TechNet forum and is further explained by Intros9 on Reddit.
Amidst the brouhaha, Microsoft quietly yanked off the patch on Thursday without any explanation. As of now, the article on Technet doesn’t describe the multiple-reboot failure problem, nor does the Security Advisory and the direct download links in the Security Advisory lead to “We are sorry, the page you requested cannot be found” pages.