Microsoft has confirmed one of the Windows security updates released this Tuesday (9) is preventing computers from booting. The company said the issue is only appearing in Brazilian computers, but hasn’t explained why. The update, KB2823324, replaces Windows system file ntfs.sys.
Despite the company’s claim about the limited scope of the issue, the are some reports of similar problems at Overclockers UK, Experts Exchange (from an unindentified location), and Spiceworks (from a user who claims to be from South Africa). Not every Brazilian computer has been affected and the cause of the failure remains unknown.
So far, no clear solution has been found to solve the problem in all instances, except by replacing ntfs.sys with a known good one from the same version of Windows. This requires access to a previous version of the file (from another computer or one of the winsxs subfolders) and a Linux LiveCD or another boot disk.
If the disk is encrypted, replacing the file might prove very difficult. There is also no automated workaround for Windows networks.
There are some reports of Windows not being able to find any restore points, even when one should be available. The system might also complain that data is corrupt and request the user to run chkdsk, which will also fail.
Microsoft has not provided any solution, but revealed to be working on one. “We apologize for any inconvenience this may cause customers,” the company added.
Tests made by Linha Defensiva following reports found on Twitter and discussion forums confirmed that G-Buster, an internet banking plug-in developed by GAS Tecnologia (a Diebold-owned company) and used by many Brazilian banks, is linked to the issue. A 32-bit Windows 7 system with G-Buster installed will not boot after the update is applied. Conversely, if G-Buster is installed on a machine after the update is applied, it will also prevent the machine from booting.
Kaspersky Lab has also published a knowledge base article stating the company is aware of issues related to the same update.
This article has received the following corrections:
- 11 April @ 15:42 — ntfs.sys can be found in the winsxs subfolder and another computer is not required for a fix. Possible causes added.
- Falha em atualização do Windows força usuário a formatar sistema [G1, in Portuguese]