# Botched KB 3004394 triggers error messages, but no response from Microsoft



## JMH3143 (Jun 18, 2012)

> *That's not the only bad patch in yesterday's release: There's also an easily fixed error that prevents KB 3002339 from installing
> 
> *If yesterday was Black Tuesday, today must be Crash Wednesday.
> I'm seeing lots of reports of problems with KB 3004394, which modifies the Windows Root Certificate checker so that it looks for bad root certificates daily. As usual, there's no confirmation from Microsoft about the problem, no documentation that I can find, and no advice on how to proceed. Users with problems find they go away if they uninstall the patch.


Botched KB 3004394 triggers error messages, but no response from Microsoft | InfoWorld


----------



## JMPC (Jan 15, 2011)

I've only patched a few systems so far but none have experienced these issues reported.


----------



## JMH3143 (Jun 18, 2012)

*Windows Update KB3004394 Breaks Down Windows Defender*



> Users find yet another botched update released by Microsoft
> 
> *This month’s Patch Tuesday rollout brought us 7 security bulletins supposed to fix vulnerabilities in a wide array of applications developed by Microsoft, but unfortunately for users, two of them appear to be causing more harm than good.*
> 
> ...


Windows Update KB3004394 Breaks Down Windows Defender - Softpedia


----------



## JMH3143 (Jun 18, 2012)

*Install KB3024777 to fix an issue with KB3004394 on Windows 7 and Windows Server 2008 R2 *



> The KB 3004394 update that was dated December 10, 2014 can cause additional problems on computers that are running Windows 7 Service Pack 1 (SP1) and Windows Server 2008 R2 SP1. This includes the inability to install future updates. This new update is available to remove KB 3004394 from your computer.
> 
> For more information about the KB 3004394 update, see the following Microsoft Knowledge Base article:
> 
> 3004394 December 2014 update for Windows Root Certificate Program in Windows


https://support.microsoft.com/kb/3024777?wa=wsignin1.0


----------



## JMH3143 (Jun 18, 2012)

*Microsoft withdraws bad Windows 7 update that broke future Windows 7 updates*



> One of this week's Patch Tuesday updates for Windows 7 has been withdrawn after some users discovered that it blocked installation of software containing digital signatures, including first- and third-party software, and even other Windows updates.
> 
> The problem update is called KB3004394. The purpose of this update was to change how Windows updates its collection of root certificates used to authenticate SSL and TLS connections. Without the update, Windows is meant to poll for certificate updates once a week. With the update, this frequency is increased to once a day.
> 
> Unfortunately, this apparently simple change has had severe consequences for some users of Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1, with users reporting that Windows Update, drivers from both Nvidia and AMD, and some third-party software including Virtual Box are all unable to install correctly. The error code 0x8004FF91 seems to be a common finding.


Microsoft withdraws bad Windows 7 update that broke future Windows 7 updates | Ars Technica


----------

