Security Patch Breaks VMware Users' Windows Desktops

jbrodkin writes "VMware is telling customers that two Windows 7 security patches have left VMware View users incapable of accessing their Windows desktops. Security updates issued on Patch Tuesday fixed Windows but broke the VMware View connection between users' PCs and remotely hosted Windows 7 desktops. Users will have to upgrade VMware View or uninstall the Microsoft patches in order to regain access to their desktops."

Re:

[bluefoxlucid]

Uh, if they fix it, you will have to download the fixed upgraded version. Which... is what the upgrade is.

YOU SO STUPIIIIIIIIIIIIIIIID!

Re:

[mwvdlee]

The upgrade is free. You're encouraging piracy of software that is free.
Yes, the base package is commercial, but the upgrade is free. And since you're complaining about being unable to fix broken software free of charge, I'm assuming you purchased the base package already. Otherwise, what right do you have to complain?

Either way, I am not going to be the one paying for this.

I'm going out on a limb here and guess that's you're attitude towards ALL commercial software you use.

Re:BYOD!?

[Penguinisto]

One would think that Microsoft would beta-release their patches to the really big software partners, so that at least some sort of testing could happen.

Then again, the conspiracy theorist side of me keeps saying that maybe Microsoft doesn't mind if the biggest competitor to Hyper-V suffers a few PR flubs once in awhile...

Re:

[Jeremiah Cornelius]

Ballmer hates VMware more than he does Linux - and View 4.x is the new "DR-DOS".

Re:

[cusco]

They do, most of the patches are in the hands of their larger partners for a month before release. Not sure if VMWare is not considered a partner, or if they just didn't do extensive enough testing. That they already have a fix for View suggests that they knew there was going to be a problem but didn't want to push it out into the real world until they had confirmed that it was an issue outside the lab.

Re:

[nametaken]

I'd guess it's more an effect of us all screaming that it takes them way too long to release fixes as it is. Introducing more lag time for marginal benefit to most of us is a no-win, I'd guess.

Re:

[lordshipmayhem]

Why wasn't Slashdot's Microsoft icon completely scrapped with the re-design?

That thing looks so incredibly dated and anachronistic...(snip)

Sort of like Microsoft...

Re:

[marcello_dl]

Dear Cato, in fact your GP is off topic and And globally redundant [google.com].

About the rest of your comment, it should be obvious that evil policies are the problem, the resulting complaint is a mere consequence.

Re:

[MobileTatsu-NJG]

This "my software is better than yours" sentiment with people arguing how evil Apple and MS are is annoying enough, does slashdot really have to propagate this with that icon?

Yes. Slashdot serves ads while we fanboy-fight.

Re:

[C_amiga_fan]

Microsoft's soul is Bill Gates soul. They still carry-on the "embrace; extend; extinguish' philosophy he created in the late 80s and into the 90s. In fact - I dare say they've gotten a little worse. Also the Borg reference is appropriate given that Microsoft assimilates everything it touches. AOL instant messaging, WordPerfect, IBM DOS, Netscape, Mosaic, and so on. I'd like to be able to say I don't use any MS product but windows, but that would be a lie. MS has identified my workplace computer as som

Re:

[Larryish]

The current Microsoft icon needs to be replaced by an animated GIF of Steve Ballmer doing the monkey dance.

Re:

[jdharm]

Seconded.

Re:

[techno-vampire]

Either that, or replace one obsolete reference with a slightly less obsolete reference by replacing the Borg icon with a flying chair.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[im_thatoneguy]

Actually it sounds like some of the new virtualization enhancements in SP1 are also in this latest security patch. So it's a case of VMWare theoretically working better--they just didn't expect it yet.

Re:

[hcs_$reboot]

This is one of these threads where I miss the most my yesterday's moderator points...

VMWare is not VMware view

[Anonymous Coward]

VMware view is way to access remotely hosted virtual machines.

VMWare workstation and server are not affected.

VMWare view clients just need to be updated.

Re:

[Khue]

I was actually going to mention this. VMware actually typically assumes you are on the latest version of their software products anyway. After reading the article I didn't think that this was as big of a catastrophe as some of you have made it out to be. Upgrading the VMware View client on the virtualized device doesn't really sound all that difficult and I highly doubt that this is bringing anyone who matter's production system to it's knees. Also, stop upgrading everything on the day patches are released.

Re:

[mwvdlee]

VMware actually typically assumes you are on the latest version of their software products anyway. [...] Also, stop upgrading everything on the day patches are released.

Can you see the irony?

Broke a few things so far

[digitalhermit]

At some point the responsibility shifts from Microsoft to VMWare. Where the responsibility for alerting customers lies is maybe not clear yet.

The update has broken a few things for me. Half my desktop gadgets are not functioning properly. There are some other glitches that I noticed with my AV software, though I'm still confirming on other PCs.

Re:

[nemesisrocks]

The responsibility absolutely is VMWare's. Large software companies generally have access to early releases of the Microsoft patches, specifically so they can perform whatever testing they need.

Sounds like in this case, VMWare didn't bother doing their testing (or that testing was too costly), and is now trying to blame Microsoft for their fuckup.

Re:

[Anonymous Coward]

Microsoft has had a competing virtualization product [microsoft.com] for years.

Re:

[bertok]

I wouldn't be surprised.

Windows 7 has the .NET framework built-in, with a version number of 3.5.1, which was an undocumented stealth release. Microsoft's website made no mention of it, Visual Studio could not target it or verify compatibility for it. It seemed to be almost identical to 3.5 SP1, except that it broke VMware Virtual Centre. The issue was a subtle change with the way self-signed cryptographic certificates were verified, and hence probably didn't affect any other application.

This was right aroun

Re:

[VertigoAce]

Here's the documentation for what is in 3.5.1: http://support.microsoft.com/kb/977683 [microsoft.com]. This list appears to include all publicly documented bugs that were fixed in 3.5.1 (in other words, bugs in earlier versions that warranted a hotfix and KB article).

I would guess that there were other bugs in 3.5 that didn't meet the hotfix bar (for example, low severity issues or ones that no customers had reported). Fixing these kinds of bugs on their own would require lots of testing. Instead, 3.5.1 included fixes for

Re:

[bertok]

Windows 7 went RTM in July 2009, that article is from January, 2010.

Microsoft just pretended that the latest .NET version was 3.5 SP1 during the entire Windows 7 beta, and even for a while after RTM, even though they were shipping a new point release with breaking changes in it!

Re:Broke a few things so far

[phoebus1553]

The responsibility absolutely is VMWare's. Large software companies generally have access to early releases of the Microsoft patches, specifically so they can perform whatever testing they need.

Sounds like in this case, VMWare didn't bother doing their testing (or that testing was too costly), and is now trying to blame Microsoft for their fuckup.

Lets try to RTFA before assuming...

However, Lee said the Patch Tuesday security updates included the "early release of updates anticipated in" the Service Pack, which is due out Feb. 22. Lee said VMware provided its own VMware View update to customers "within 24 hours of the Microsoft security patch, in an effort to minimize customer impact."

Sounds like MS did an early release of things VMWare knew was coming, but not expected until later. You're right that they were testing, hence the speedy update. Sounds like MS just released early and didn't communicate the release, so shift that blame back to MS.

Re:

[jovius]

Sounds like MS just released early and didn't communicate the release, so shift that blame back to MS.

Lack of communication. And now she want's to talk about issues. I decided to rather have her neatly framed on my desktop than in control.

Re:

[wharlie]

There is shared responsiblity.
Some responsibility also lies with the users.
VMware View is an enterprise product, not used by home users.
All enterprises should thoroughly test any patches they deploy, this would be picked up instantly.
More of an annoyance than an issue really.

Re:

[syousef]

At some point the responsibility shifts from Microsoft to VMWare. Where the responsibility for alerting customers lies is maybe not clear yet.

The update has broken a few things for me. Half my desktop gadgets are not functioning properly. There are some other glitches that I noticed with my AV software, though I'm still confirming on other PCs.

You know what. I'm tired of running an experimental desktop. I have had enough things break that I view the patches as a greater security risk than the flaws they're meant to fix. I'm sick of it.

Re:

[syousef]

you must be new to this computing thing, so let us help you out, turn off automatic updates on your production servers and machines. RUn your own update server, test the patches before you release them to your corporate environment?

Yeah, I'll just let the know at work that I won't be requiring any patches and that I'll be running my own update server.

YOU must be new. End user doesn't always have control of the machine.

Microsoft not responsible ????????

[doperative]

"At some point the responsibility shifts from Microsoft to VMWare. Where the responsibility for alerting customers lies is maybe not clear yet"

At what point did VMware, invent a time machine, go back in time, inflitrate Microsoft and hack out a Windows 7 security patch that broke VMware.

"VMware is telling customers that two Windows 7 security patches have left VMware View users incapable of accessing their Windows desktops"

Re:

[Nevo]

Maybe VMWare was doing something that the documentation says you shouldn't do, and the security patch came along and actually started enforcing what the documentation said. Don't be so quick to judge MSFT. Without further details it's not possible to know whose fault this is (as if assigning blame is productive).

Re:

[mdielmann]

At some point the responsibility shifts from Microsoft to VMWare. Where the responsibility for alerting customers lies is maybe not clear yet.

The update has broken a few things for me. Half my desktop gadgets are not functioning properly. There are some other glitches that I noticed with my AV software, though I'm still confirming on other PCs.

And those gadgets that broke. Are they MS gadgets, or third-party? If MS, then I think it's safe to say that MS screwed up somewhere...

Re:

[VortexCortex]

At some point the responsibility shifts from Microsoft to VMWare. Where the responsibility for alerting customers' lies is maybe not clear yet.

(Was I the only one who read the bold section as such?)

I'll take full responsibility for notifying you of which customers are lying. IMHO, this should have been the burden of the headline author: "Patch breaks VMware" is misleading -- The headline should read: "VMware Viewer Client Broken by Windows Desktop Security Patch" or simply "Windows update breaks desktop users' software, once again". Patch the client (viewer), or remove the client machine's security patch (not the remote server) in order to regain

Re:

[codegen]

There are toasters and knives that run VMware view? Cool. Where can I get one?

Re:

[cusco]

You install Window 7 patches on your Mac? Can I watch?

companyy

[hood8263]

Its a good thing we are so slow at integrating new software. We only have 3 Windows 7 machines in VMWare the rest are all Windows XP!

Games!

[Raptor007]

I haven't used Windows since 2006. People actually still use it? By God, what for?

I guess you're not a gamer. There's still no better gaming platform out there than Windows.

I also use Windows for Visual Studio, although when I'm developing something cross-platform I tend to write it in Xcode and just use Visual Studio to make Windows builds.

Not the whole story..

[Anonymous Coward]

They have an updated build of the View Client available for download that fixes the problem.

Good yes?

Not really. The updated client has a new build number but the SAME version number in the MSI! Why does this matter? It matters because the MSI will not UPDATE an existing install. It looks like the same version so you have to uninstall and then reinstall.
(No I have not tried MSIEXEC /FA option to try and force a reinstall of the same versions, that is next on my list.)

They had the fixed build quick enough that I am guessing that this issue was known prior to today. It is just crazy that they did not change the version number so that the tools for managing applications (SCCM et al) can detect that a new version is available and install it.

Even their own View Connection Servers which check the version of your View Client when you talk to them will not detect that a new version is available.

Crazy!

Jorgie

Re:

[Culture20]

I can personally assure you that the issue was known about, but Microsoft stated they would not release these patches until IE9/Win7 SP1 final.

Good for ms then, releasing "early" to make all their users safer at the expense of less than one percent of their total users.

Where's the story?

[TrancePhreak]

They already fixed it according to the summary, so where's the story? Operating system updated, breaks software. Software gets updated.

Re:

[Anonymous Coward]

The news is that they released a new BUILD of the client, not a new version.

As I said in my note above, since it is a new build not a new version, you cannot just install it, you have to uninstall first AND VMware's own tools for checking the version of the View Client tell you that you are up to date even if the Connection Sever has the new build and your workstation has the old one.

Jorgie

Re:

[kikito]

"At that point all the legacy unportable corporate applications that need IE6 will run in some kind of frozen in time universe"

That point is here already. There are companies effectively frozen in time, from the IT point of view.

Re:

[sleigher]

Unintentional? You thin they didn't test anything and just let it roll? This is called testing to see just how formidable a foe VMWare really are.

Well You Gotta Admit....

[Greyfox]

They're a lot more secure that way!

New Borg Icon Sucks

[Anonymous Coward]

WTF? The old Borg icon is much better. Did the creator of this new one not even watch Star Trek and realize borg skin is pale white/blue?

jeez

Re:

[WarmNoodles]

Mod this coward up 5 points. Dammed if he doesn't look fleshy and pink.

Just wrong and so many levels.

Re:

[WarmNoodles]

Forgot to mention, I was running the latest Oracle Virtual box 4.0.2 r69518. Apparently, the impact was not restricted to as as the OP implied to just VM-Ware

Re:

[cusco]

You did an update just before you had to do a presentation? WHAT were you thinking? I don't even open email attachments if I have to do a presentation. Maybe I'm just paranoid, but the idea of having my operating system or apps do something unexpected while in front of an audience, especially one that expects us to do all their tech work for them, scares the snot out of me. No thanks.

Re:

[WarmNoodles]

I should have been a slight bit more informative RSA is from Feb 14 to the 18th.

This was just a dry run prep. Kind of a sound test and the audience I mentioned was composed of a half dozen geeks I've known for years. A small audience and it was appropriate to be on line and get patches applied, the demo requires it.

At presentation time, I'll be host only.

Perhaps not just vmware...

[jedidiah]

Recent patches seemed to have buggered a Win7 VM I had running in VirtualBox. It wasn't a total buggering but the old configuration of the VM was fine (well, fine enough) until recent patches made it unusable. It bogged down and ground to a halt until I went into safe mode and disabled just about everything that was running.

Sound like it's not just a vmware problem. Wonder if bare metal users were impacted too.