updated 04:22 pm EDT, Fri April 12, 2013
Microsoft has identified problem, posted an OS repair procedure
Microsoft declared that it has revised the "patch Tuesday" package from April 9, removing a fix that was causing some PCs to fail to blue screen, and not boot thereafter. The problem is being blamed on incompatibility with some third-party security software, and Microsoft is recommending that affected users uninstall the patch. All editions of Windows 7 and Windows Server 2008 are affected.
Patch MS13-036 addressed three issues with the kernel-mode driver, which can be used to elevate attacker's privileges. The vulnerability is listed in Microsoft's database as "important," because an exploit designed around this flaw does not require the assailant to have physical access to the computer. Microsoft has posted a procedure for removing the elements of the patch that have caused the crashing.
"There is a chance that criminals discover the same vulnerabilities and exploit them to compromise critical systems," security firm VUPEN CEO Chaouki Bekrar told Threatpost. "I'm not surprised about the delays; Microsoft had always been very slow in fixing reported vulnerabilities, as they have very strict QA tests in place to avoid regressions."