[German]Microsoft has released yesterday several Windows updates. One of them, Update KB3004394 seems to damage the Root Certificate Store on some Windows 7 and Windows Server 2008 R2 machines.
I noticed this problem during comments left on my to days German blog article Microsoft Dezember 2014-Patchday-Nachlese. After installing all updates enrolled from December patch day (December 9. 2014), Windows 7 and Windows Server 2008 R2 shows several errors.
- Some users reported, that Windows doesn’t starts anymore (see this German Dr. Windows-Forum entry).
- Microsoft Memory Management-Console (MMC.exe) suddenly asks for Administrator credentials from UAC, even if an Administrator account is used (see this MS Answers-dicussion).
- AMD Control Center CCC OMEGA refuse to install new AMD drivers 14.12 (Omega) with error code 52, claiming an unsigned driver (see discussion in AMD-Forum and at MS Answers).
- The Windows Diagnostic Tool reports error 0x800706F7 and doesn’t work anymore(see this entry).
- Installing Microsoft Security Essentials (MSE) fails with error 8004ff91 (see this MS Answers discussion).
Searching the web, it seems that Update KB3004394 (which is December 2014 update for Windows Root Certificate Program in Windows) is the root cause for all this trouble. Update KB3004394 has been rolled out for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 8, Windows RT, Windows Server 2012, Windows 7, and Windows Server 2008 R2.
What does Update KB3004394 do? The Windows Root Certificate Program enables trusted root certificates to be distributed automatically in Windows. Usually, a client computer polls root certificate updates once a week. After you apply this update, the client computer can receive urgent root certificate updates within 24 hours.
It seems that Update KB3004394 damaged the Root Certificate store on some Windows 7 and Windows Server 2008 R2 systems. After installing this update, sfc /scannow reportes a corrupted system. The fix for this issue: Uninstall Update KB3004394 repairs all damaged system components. And don’t forgot to block Update KB3004394 in Windows Update, until Microsoft delivers a fixed patch.