Forgot your password?
typodupeerror
Bug Microsoft Windows IT

Microsoft Black Tuesday Patches Bring Blue Screens of Death 179

Posted by timothy
from the but-wait-for-the-patch dept.
snydeq (1272828) writes "Two of Microsoft's kernel-mode driver updates — which often cause problems — are triggering a BSOD error message on some Windows systems, InfoWorld reports. 'Details at this point are sparse, but it looks like three different patches from this week's Black Tuesday crop are causing Blue Screens with a Stop 0x50 error on some systems. If you're hitting a BSOD, you can help diagnose the problem (and perhaps prod Microsoft to find a solution) by adding your voice to the Microsoft Answers Forum thread on the subject.'"
This discussion has been archived. No new comments can be posted.

Microsoft Black Tuesday Patches Bring Blue Screens of Death

Comments Filter:
  • Laugh.. (Score:4, Interesting)

    by koan (80826) on Thursday August 14, 2014 @12:26PM (#47671641)

    Someone right now is looking at that error and figuring out how to exploit it.

    • Lucky I'm on XP and don't have to worry. It's been 100% stable for months now.

  • Phew. (Score:5, Insightful)

    by ledow (319597) on Thursday August 14, 2014 @12:34PM (#47671713) Homepage

    I work in schools, preparing for a huge summer deployment, just re-imaged every PC on-site.

    Fortunately, although I pushed the updates out over WSUS, my image was taken BEFORE patch Tuesday. Anything that hasn't been out for a least a month is in beta testing, as far as I'm concerned, and after a month it either "works" (for some definition) or something like this will come to my attention.

    Have all the PC's imaged in my rooms, but only have a handful actually deployed at the moment while I test. The very first blue-screen I see, any kernel-mode patch this month will be changed to "Declined" so no further PC's get it.

    Yet again, those people who get all stroppy about "you should install updates the SECOND they come out".... real life hits you again. And the downtime from a potential "zero-day" that I'll probably never witeness is nothing compared to potentially rolling out faulty updates to hundreds of PC's that would then have to be re-imaged, and/or having a faulty update inside your images forcing you to reverse changes (in my case, to pre-summer images which is a HUGE step backwards) and re-deploy.

    • Re:Phew. (Score:5, Insightful)

      by gstoddart (321705) on Thursday August 14, 2014 @12:40PM (#47671745) Homepage

      Yet again, those people who get all stroppy about "you should install updates the SECOND they come out".... real life hits you again.

      I've never understood that mentality ... usually I give patches from any vendor a few weeks or more to have a shakedown period.

      Let someone else do the beta testing.

      I've seen more problems caused by applying fresh steaming patches than I have seen problems solved by it.

      • by steelfood (895457)

        That only works if you either 1) have a test system you can test patches on or 2) turn off automatic updates. Either way, you need to be savvier than your average Windows user.

        Fortunately, the big corps that give Microsoft the majority of its sales tend to have sufficiently capable tech teams. It's the small businesses that really lose (the personal/home users can mostly hit the reboot button or hold the power button down for 5 seconds or whatever passes for a hard reset these days).

        • Either way, you need to be savvier than your average Windows user.

          That's not exactly setting the bar very high, is it?
      • by antdude (79039)

        Even if they are zero/0 days?

        • by gstoddart (321705)

          In all honesty, I've had to deal with very few of them, and only indirectly. Most notably the heartbleed thing recently. And you know what? It was senior management and IT managers who made that call and accepted the risks. (I'm primarily inside the firewall, so usually not my issue.)

          There are times when you have to weigh risks and make choices.

          But generally speaking, I don't apply a patch which is fresh and steaming immediately, and then I deploy to a lab and do some testing first.

          Assume the worst, an

    • Yup, back when I did the patches for about a thousand computers, I'd always roll them out sloooooowly. First my test system, then my system, then the rest of my office (we know not to panic), then our smallest clients, and then snowballing up to a final massive push to 500 or so systems at our biggest client just before the next round of patches came out. If there was ever a problem anywhere along the line, we could halt before too much damage happened.
    • you need to update drivers as well. Don't use the ones on the dell website (other then with some laptop that will not take the full ones)

      Also drives on windows update can be very hit or miss.

  • by DigiShaman (671371) on Thursday August 14, 2014 @12:34PM (#47671715) Homepage

    So it looks like certain video drivers are barfing the system (itching the gdi32.dll the wrong way). If you can, roll back to an earlier system restore point, update the video drivers, then re-apply the updates again.

  • The update crashed 100% on re-boot stopping at 10% install. Fortunately, I was able to disable UEFI, boot to my Ubuntu Linux partition, go online and figure out what to do... then go back and bang away 'till it booted. I ended up going back to a good install point and adding updates incrementally.

    Note to self: Always, always put a Linux partition on EVERY Windoze machine!

    Yeah, yeah, I could carry a bootable USB around, but this way, it's always IN the machine.

    My problem is this: WHO is going to PAY me fo

    • by PRMan (959735)
      When my Ford car broke down, who is going to pay me for the time it took me to take it to the repair shop and rent a car? Nobody.
    • Re: (Score:2, Insightful)

      by amicusNYCL (1538833)

      My problem is this: WHO is going to PAY me for my time?

      Goddamn, how entitled can you be? How about this question: how much time have you saved by using a computer running Windows to do your job? But, what, you expect Microsoft to shell out your hourly rate every time something on your computer doesn't work right? That must mean that you cut Microsoft a portion of every check you make from working on your Windows machine, right? Or wait, you keep all that money don't you? And Microsoft never expects you to cut them part of your check, do they? It's a one-t

      • by sjames (1099) on Thursday August 14, 2014 @01:56PM (#47672485) Homepage

        If it doesn't work right because of something MS did and they then leave him to fix it, why not?

        I'm pretty sure MS insists on being paid for each and every install of Windows.

        Since you were perfectly free to not reply at all, you're an unpaid volunteer.

        • If it doesn't work right because of something MS did and they then leave him to fix it, why not?

          You mean other than the license agreement which specifically indemnifies them against things like that?

          Is the first time that a Windows update has caused problems on certain configurations? No? It's not? Is it a fantastic idea to have automatic updates enabled if you're going to whine about being paid for your time to fix a problem that your computer had but most others did not?

          • by sjames (1099)

            EULAs claim all sorts of wacky things.

          • by ultranova (717540)

            You mean other than the license agreement which specifically indemnifies them against things like that?

            The one that tries to unilaterally alter a deal after the fact? Why would that make Microsoft not subject to consumer protection laws simply because they said they aren't?

            • Simply because there's no legal precedent that would say otherwise. Maybe there should be a class action lawsuit, I don't know, but I think it's kind of ridiculous for people to expect payment from Microsoft because an update caused problems on their machine. If an update causes problems on 25% of machines that's one thing. If the percentage is in the low single digits then I think it would be difficult for a judge with knowledge about computers to find Microsoft liable.

  • by djdanlib (732853) on Thursday August 14, 2014 @12:45PM (#47671791) Homepage

    This rollback procedure got my Win7 x64 system booting again:

    From another system with the same bit width and service pack level, grab the files C:\Windows\System32\gdi32.dll and C:\Windows\System32\Win32k.sys.

    Using HBCD or a similar boot disc, boot your defunct system. You can also snag the hard drive and plug it into another working computer.

    BACK UP the gdi32.dll and win32k.sys files from System32 to another location just in case. Overwrite those two files in System32 with the ones you grabbed from the other system.

    Your system is now bootable, having effectively rolled back the KB2982791 update. This is a quick and dirty procedure and leaves the update itself in an indeterminate state.

    • This is a quick and dirty procedure and leaves the update itself in an indeterminate state.

      Quick if you live in an area with lots of cloned Windows around.

      Not that quick if you have to call a few friends, ask they Windows' versions, get a match, grab a pendrive, drop by the friend's house, copy the files, use the friend's computer to download and burn a rescue disk, drive home, and proceed to step 2.

      • by djdanlib (732853)

        Indeed.

        You could also boot with the install media and do a System Restore since Windows Update generates a checkpoint when you install updates.

        If you don't have that option, my original solution will get you up and running, inconvenient as it may be.

        • by tlhIngan (30335)

          You could also boot with the install media and do a System Restore since Windows Update generates a checkpoint when you install updates.

          Or you can boot the recovery partition on Windows (startup repair), and you can use it to restore from a previous restore point.

          You should also be able to find a copy of the older gdi32.dll in the WinSxS directory (that's where all updates are stored - then the files are hard-linked to their final location in the Windows directory. You could, in theory just alter the hard l

          • by djdanlib (732853)

            Yep. That partition didn't exist on the affected machine because end user reasons, or I definitely would have tried it.

    • by thegarbz (1787294)

      As interesting as this technical solution is, why not just do a system restore?

      The default settings for windows are to create a restore point before any patches are applied, and if your computer BSODs during boot performing a recovery from a restore point is an option given to the user before next boot.

      Or is there something special about this BSOD that prevents that from happening?

      • by djdanlib (732853)

        This system did not have a recovery partition, so no recovery mode on the HD, and it won't boot a restore disc... it was the perfect storm of garbage.

        Otherwise I absolutely would have done a system restore.

  • don't kill the persistent task bar and add it + start menu to windows 9.

  • by daveywest (937112) on Thursday August 14, 2014 @01:09PM (#47671999)
    So happy I'm running XP right now. No patch for me.
    • by sinij (911942) on Thursday August 14, 2014 @01:13PM (#47672055) Journal
      No problem, Chinese People's Army will patch it for you.
      • by iggymanz (596061) on Thursday August 14, 2014 @01:46PM (#47672399)

        nonsense, plenty of current malware prevention and detection wares run on XP, better than Microsoft's.

        you are full of needless FUD

        • by sinij (911942)
          Malware detection is largely ineffective, as a result prevention is only effective when done by disabling functionality. If you think "I can run AV and be safe" you are hopelessly outdated in your thinking. You could secure any OS by air gap, but if you want to actually use it in a networked environment, you better update.

          Now, OS is generally not exploited head-on, but it makes it easier to leverage other vulnerabilities that would be largely mitigated on something newer.

          You are probably safe if you disab
          • by iggymanz (596061)

            I am going to be infected by the three site I exclusively use with my Windows XP machine for busines reasons? no I am not. no reason to disable any functionality.

    • by Megane (129182)
      Citizen, have you not yet received your monthly Malicious Software Removal Tool? Clearly you are telling an untruth about using XP and should report to a re-education center immediately!
  • I just checked my update history for my Dell XPS 15 running up to date Windows 7 SP 1 and the three patches listed in the OP post were installed and I have no problems. One was recommended and the other two were listed as important.
  • by sootman (158191) on Thursday August 14, 2014 @01:50PM (#47672427) Homepage Journal

    ... Throwback Tuesday!

  • Once again, Microsoft discovers what's obvious anyone else who's been in the business for 25 years or so.

    You have to have manual and automated GUI testers. Unit testing is nifty, but that's like testing just the spark plug, or maybe the spark plug and the ignition timing. Not a bad idea, but listen. If you knew about a new car, but knew that nobody had ever actually *driven* the car, much less taken it out on the road on a regular basis, would you buy that car?

    For that matter, would you fly in a plane teste

  • by Anon E. Muss (808473) on Thursday August 14, 2014 @09:05PM (#47675037)

    The way to fix this is to delete \Windows\System32\FNTCACHE.DAT. The file will automatically be regenerated on the next boot.

    (Information found on Microsoft Support Forum [microsoft.com] and used to successfully fix my own system.)

    How do you delete the file if you can't boot?

    (1) Press F8 during boot to get to the Windows boot manager advanced options screen.
    (2) Select "Repair".
    (3) Provide password for a local account that's a member of the Administrator group.
    (4) Select "Command Prompt".
    (5) Find drive letter assigned to Windows partition (may not be C: in the repair environment!).
    (6) Delete \Windows\System32\FNTCACHE.DAT.
    (7) Exit command prompt and reboot system.
    (8) Fixed!

    ----------

    And now, since this is /., here is the required Windows bashing...

    This bug demonstrates the danger of running your GUI in kernel mode (win32k.sys). One stray pointer can ruin your whole day. In this case the pointer was sufficiently invalid to cause a bugcheck. A stray pointer that silently scribbles on other kernel data structures is even worse.

    "Those who would give up essential Safety, to purchase a little temporary Performance, deserve neither Performance nor Safety."

  • by Aryeh Goretsky (129230) on Friday August 15, 2014 @12:09AM (#47675615) Homepage
    Hello,

    I know that Slashdot loves to bash Microsoft, but calling it's monthly patching cycle "Black Tuesday [wikipedia.org]" is pushing it. Black Tuesday was the name for the stock market crash that preceded the Great Depression, and for all the negativism about Microsoft, I have yet to hear of someone committing suicide over a Microsoft patch.

    Frankly, using Woody "I'm a Windows victim [infoworld.com]" Leonhard as a source of information about Microsoft patches isn't a good idea, at least until he stops grinding whatever axe it is he has against Microsoft. Go read Microsoft's Security TechCenter [microsoft.com] if you want to know the patches are for, or at least blogs like ComputerWorld o ZDNet's r>Ed Bott, both of whom are more likely to put facts ahead of opinions. Even Paul Thurrott [winsupersite.com] provides some good coverage, although I think he often is the opposite of Woody Leonhard, e.g.doesn't critical enough coverage.
    Regards,

    Aryeh Goretsky

"Those who will be able to conquer software will be able to conquer the world." -- Tadahiro Sekimoto, president, NEC Corp.

Working...