Microsoft releases bad patch – How to remove KB 3004394

DohMicrosoft recently pushed an update that breaks Windows Updates.  Brilliant!

Microsoft KB3004394 was supposed to be a simple update to the Windows Root Certificate Program.  All it was supposed to do was change the frequency that Windows looks for root certificate updates from once a week to once a day.

Some of the other errors you might see after installing this update:

  • Inability to run or download Windows Updates. Which means the inability to uninstall this update for some.
  • Unexpected UAC prompts.  All MMC functions now require Administrator action even if logged in as administrator.
  • Windows Diagnostic Tool error 8000706f7
  • Failure when installing AMD and NVIDIA graphics driver updates.
  • Windows Defender error 2147023113
  • “Windows not genuine” notifications
  • Validation Code: 0x8004FE21

Affected versions of Windows include Windows 7 SP1 and Windows Server 2008 R2 SP1.
To quote Microsoft KB3004394:

Issue for Windows 7 SP1 and Windows Server 2008 R2 SP1

We have found that this update is causing additional problem on computers that are running Windows 7 Service Pack 1 (SP1) and Windows Server 2008 R2 SP1. This includes the inability to install future updates.

The KB 3004394 update does not cause any known problems on the other systems for which it is released. We recommend that you install the update on the other systems.


Microsoft pulled the update, but not soon enough.  If you have it installed, you may notice that you can’t uninstall it either – because Windows Update is broken.

The Fix

The official Microsoft supported fix is to download and install MS 3024777.  It’s a small patch that will require a reboot.  Some users have reported that multiple reboots may be required to clear the “Windows not genuine” errors.

Other unsupported methods for fixing this.  Run one of the following commands: