You are currently offline, waiting for your internet to reconnect

You receive an Event ID 55 or a 0xc000021a Stop error in Windows 7 after you install security update 2823324

Symptoms
Microsoft is investigating behavior where systems may not recover from a restart, or applications cannot load, after security update 2823324 is applied. We recommend that customers uninstall this update. As an added precaution, Microsoft has removed the download links to the 2823324 update while we investigate.

Examples of symptoms

LanguageError message text
AnyThe System log shows the following event ID:

Event Type: Error
Event Source: Ntfs
Event Category: Disk
Event ID: 55
Date: Date
Time: Time
User: N/A
Computer: Computer_name
Description:
The file system structure on the disk is corrupt and unusable. Please run the Chkdsk utility on the volume E:.


Note The volume letter may vary. Chkdsk will run but will not find any issues to fix.
Any
STOP: c000021a {Fatal System Error}
The Session Manager Initialization system process terminated unexpectedly with a status of 0xC000003a (0x00000000 0x00000000).
The system has shutdown.


Note The status will always be 0xC000003a if you are experiencing the issue described here.
EnglishWindows failed to start. A Recent hardware or software change might be the cause. To fix the problem, follow these steps:

1. Insert your windows installation disc and restart your computer.
2. Choose your language settings, and then click next.
3. Click "Repair your computer."

Status: 0xc000000e
Info: The boot selection failed because a required device is inaccessible.
PortugueseMensagem de Erro 1

STOP: c000021a {Fatal System Error}
The Session Manager Initialization system process terminated unexpectedly with a status of 0xC000003a (0x00000000 0x00000000).
The system has shutdown.

Mensagem de Erro 2

O Windows não foi iniciado com êxito. Uma alteração recente de hardware ou software pode ter causado o problema. Para corrigir o problema:
1. Insira o disco de instalação do Windows w reinicie o computador.
2. Escolha as configurações do seu idioma e clique em "Avançar".
3. Clique em "Reparar o seu computador".
Se você não tiver o disco, entre em contato com o administrador do sistema ou fabricante do computador para obter assistência.

Status: 0xc000000e
Informações: A seleção da inicialização falhou porque um dispositivo necessário está inacessível.
This failure occurs very early in the startup process, and no Memory.dmp file is created.

After you install security update 2823324, Kaspersky Anti-Virus for Windows Workstations or Kaspersky Anti-Virus for Windows Servers versions 6.0.4.1424 and 6.0.4.1611 may display an error message that resembles the following:

Your license is not valid.


Therefore, some or all of Kaspersky protection components stop functioning.
Status
Microsoft has released security update 2840149. This security update resolves the issue that was introduced by security update 2823324. Security update 2823324 was replaced by security update 2840149.

For more information, click the following article number to view the article in the Microsoft Knowledge Base:
2840149 MS13-036: Description of the security update for the Windows file system kernel-mode driver (ntfs.sys): April 9, 2013
Resolution
We recommend that customers uninstall security update 2823324 and then install security update 2840149. This article provides multiple methods to uninstall the update.

Scenario A: Recovery steps for computers that have installed security update 2823324 and are now failing to start

The following options provide different methods to restore your computer to the state that it was in before the security update was installed:

Option 1: Recover the last Restore Point by using System Restore

  1. Access the System Recovery Options. To do this, restart the computer and repeatedly tap the F8 key before the Windows logo appears. If the Windows logo appears, try again. Wait until the Windows logon prompt appears, and then shut down and then restart your computer. You must remove any floppy disks, CDs, and DVDs from your computer before you restart.

    Note If you cannot access the System Recovery options, go to Option 4.
  2. Select Repair your Computer.
  3. Select the language, and then log on to the computer.

    Note If you do not know the local password, you must start by using a Windows 7 DVD or USB bootable media. Then, access System Recovery Options.
  4. Select System Restore from the menu:
    Select System Restore from the menu
  5. Restore the last restore point. This uninstalls security update 2823324.
  6. Restart the computer into normal mode.

Option 2: Recover the last Restore Point at the command prompt

  1. Access the System Recovery Options. To do this, restart the computer and repeatedly tap the F8 key before the Windows logo appears. If the Windows logo appears, try again. Wait until the Windows logon prompt appears, and then shut down and then restart your computer. You must remove any floppy disks, CDs, and DVDs from your computer before you restart.

    Note If you cannot access the System Recovery options, go to Option 4.
  2. Select Repair your Computer.
  3. Select the language, and then log on to the computer.

    Note If you do not know the local password, you must start by using a Windows 7 DVD or USB bootable media. Then, access System Recovery Options.
  4. Select Command Prompt from the menu:
    Select Command Prompt from the menu
  5. At the command prompt, run the following command:
    dism /image:C:\ /cleanup-image /revertpendingactions
  6. Restart the computer into normal mode.

Option 3: Uninstall security update 2823324 at a command prompt

  1. Access the System Recovery Options. To do this, restart the computer and repeatedly tap the F8 key before the Windows logo appears. If the Windows logo appears, try again. Wait until the Windows logon prompt appears, and then shut down and then restart your computer. You must remove any floppy disks, CDs, and DVDs from your computer before you restart.

    Note If you cannot access the System Recovery options, go to Option 4.
  2. Select Repair your Computer.
  3. Select the language, and then log on to the computer.

    Note If you do not know the local password, you must start by using a Windows 7 DVD or USB bootable media. Then, access System Recovery Options.
  4. Select Command Prompt from the menu:
    Select Command Prompt from the menu
  5. At the command prompt, run the following command:
    dism /image:C:\ /get-packages
  6. Search the results for security update 2823324.
    Search the results for security update 2823324
  7. Copy the package name, and paste it as shown:
    dism /image:C:\ /remove-package /PackageName:Package_for_KB2823324~31bf3856ad364e35~x86~~6.1.1.1
    Copy the package name and paste it into the dism command as shown
  8. You receive a message that states that the uninstallation was successful.
    the uninstall was successful
  9. Restart the computer into normal mode.

Option 4: Uninstall security update 2823324 by using a downloaded package from Microsoft

To help customers who have problems restarting their systems after they install security update 2823324, Microsoft is making available a bootable media ISO image through the Microsoft Download Center (DLC). Customers who cannot restart their systems after they apply the 2823324 update can download this image to create a bootable DVD or USB drive. Then, they can use this DVD or USB drive to boot their systems, uninstall security update 2823324, and return their systems to a normal operating state.



Note An ISO image is a way to distribute software so that an image can be written or "burned" to removable bootable media, such as a DVD.
  1. Download the ISO package from the Microsoft Download Center:
    DownloadDownload the ISO package now.

  2. After you download the ISO package, burn a CD or DVD from an ISO file.
  3. Insert the CD or DVD into the affected computer, and then restart the computer.
  4. Follow the instructions on the screen, and then after the uninstallation is complete, remove the disk and then restart the computer.
After the computer is restarted, security update 2823324 will have been automatically uninstalled.

Scenario B: Recovery steps for computers that have installed security update 2823324 but have not yet restarted

The following options provide different methods to uninstall the security update: For computers that have security update 2823324 installed but have not yet restarted, follow the steps in Microsoft Knowledge Base article927392 to uninstall the hotfix by using the command line syntax that is described in the article.

Option 1: Manually uninstall the Security Update

  1. In Control Panel, open Programs, and then click View Installed updates.
  2. Select Security Update for Microsoft Windows (KB2823324), and then click Uninstall to uninstall the security update.

Option 2: Incorporate a command line uninstall in a custom script

If multiple computers are affected, and you want to run a script remotely to remove the update, you can use the following command to remove the security update silently:
wusa.exe /uninstall /kb:2823324 /quiet /norestart

Option 3: Run removal script remotely by using PSEXEC

If multiple computers are affected, and you want to run a script remotely to remove the update, you can use the following command to remove the security update silently:
Psexec -d -s \\remotemachine wusa.exe /uninstall /kb:2823324 /quiet /norestart
More information
While Microsoft is investigating the issues that are described in this article, the MS13-036 security update (KB 2823324) is no longer being offered by Windows Update.
Properties

Article ID: 2839011 - Last Review: 04/24/2013 00:11:00 - Revision: 6.1

Windows 7 Service Pack 1, Windows 7 Enterprise, Windows 7 Professional, Windows 7 Ultimate, Windows 7 Home Premium, Windows 7 Home Basic, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Standard, Windows Server 2008 R2 Enterprise, Windows Server 2008 R2 Datacenter, Windows Server 2008 Service Pack 2

  • atdownload kbbug kbexpertiseinter kbfix kbsecbulletin kbsecurity kbsecvulnerability KB2839011
Feedback
f?DI=4050&did=1&t=">/html>/html>=">ml>