Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Microsoft Software

Microsoft Botches More Patches In Latest Automatic Update 254

snydeq writes "'No sooner did Microsoft release the latest round of Black Tuesday patches than screams of agony began sounding all over the Internet,' writes Woody Leonhard, reporting on verified problems with Microsoft Automatic Updates KB 2817630, KB 2810009, KB 2760411, KB 2760588, and KB 2760583. The latest round of MS Auto Update hell comes on the heels of one of the worst runs in MS Patch Tuesday history — and just in time for Microsoft to expand the scope of its automatic update damage. 'Does this make you feel warm and fuzzy about automatic app updates in Windows 8.1?'"
This discussion has been archived. No new comments can be posted.

Microsoft Botches More Patches In Latest Automatic Update

Comments Filter:
  • by Sponge Bath ( 413667 ) on Wednesday September 11, 2013 @05:22PM (#44824375)
    Microsoft just went bukkake on its customers.
  • by dicobalt ( 1536225 ) on Wednesday September 11, 2013 @05:23PM (#44824381)
    It's simple but effective.
    • by WarJolt ( 990309 ) on Wednesday September 11, 2013 @05:26PM (#44824423)

      Good thing it takes longer than a week to exploit Windows vulnerabilities.

    • Re: (Score:3, Insightful)

      by tftp ( 111690 )

      I, personally, have even better install policy: off. The disruption from MS patches exceeds the pain from defects in the OS.

      • by fekmist ( 2857907 ) on Wednesday September 11, 2013 @05:32PM (#44824489)
        I used to have this policy as well, until I went GNU/Linux for 99% of the time. The 1% on Windows I use to play games but it is rare and seeing as Linux is getting more games nowadays I might go 100% soon enough.
        • by Anonymous Coward on Wednesday September 11, 2013 @05:53PM (#44824703)

          Your virginity is assured. Rest at ease.

      • by Penguinisto ( 415985 ) on Wednesday September 11, 2013 @05:52PM (#44824699) Journal

        Ditto for home - the only Windows box left in the house is a VM on my MacBook Pro, which doesn't have network access to the outside world.

        Now at work? It depends on the box, where it sits (inside, DMZ, etc), what it does, and how badly the patch is needed. Snapshot/backup-before-patching is a *must*. Takes work to triage it all, but well worth the effort, all things considered.

        • Restoring domain controllers from images is a dangerous game. Nothing like'a'split brain AD network to make your day.

          • by joelleo ( 900926 )

            USN rollback errors are a pain in the ass :(

            • About the only way I can see you safely making a backup image before applying updates to an AD domain controller is to make the image, then download the updates, and then most importantly disconnect the DC from the network, or at least sever all links from any other DCs in the forest before applying the updates. That way if things do go south you can always restore the backup without having mucked up the rest of the forest.

              I've done it on my forest, but each network segment is connected by a VPN or VLAN and

        • by AmiMoJo ( 196126 ) *

          You know Windows creates a system restore point before installing updates, right? You can roll back, just like a VM snapshop, and yes it actually works.

      • I, personally, have even better install policy: off. The disruption from MS patches exceeds the pain from defects in the OS.

        Isn't that the truth! I think a lot of people who only have limited scope in what they do, simply don't understand just how much stuff Windows bollixes when it updates.

        I supported just about all computer functions, and it was a monthly practice to go back in to repair what was turned on or off during the update, Video problems were encountered several times a year My favorite was whne Microsoft removed a codec and I had to on the fly in real time find a player that would play everyone's DVD's. Security pa

      • Or... test your patches before installing them. If you're installing just on one machine, do like the OP said and wait a few weeks or so before installing (to let others find the bugs). It really isn't that difficult to avoid having headaches with Windows patches.
    • by Anonymous Coward on Wednesday September 11, 2013 @05:30PM (#44824459)

      It's OK, these specific bugs are minor... an unexpected UI change in office 2013 and an update to office 2007 that says it's not installed after it has been installed.

      • by steelfood ( 895457 ) on Wednesday September 11, 2013 @06:25PM (#44824817)

        an unexpected UI change in office 2013

        Did they backtrack on ribbon too? Well it's about time.

      • First, there is a KB missing from the article. He states that there are six patches botched, but only lists five of them.
        I can confirm that the sixth botched patch, KB2810048, affects Excel 2003. Like the Office 2007 patches, it keeps trying to install again and again and again.

        The issue that these patches are trying to fix is a privilege escalation exploit. By loading a crafted Office file, it can give user privileges to an external user. If running as a normal user, this is not that big of a deal. Bu
      • by MrL0G1C ( 867445 )

        "causes the folder pane in Outlook 2013 to disappear."

        That sounds like a major headache to me. And considering the article only states the ill-effects of one of the patches, how do you know that the other patch effects are minor?

        The cowards post is not informative is it stupid mods, MS employees with mod points?

    • Only a week?

    • by Nerdfest ( 867930 ) on Wednesday September 11, 2013 @05:47PM (#44824651)

      Linux user here. No real comment, just enjoying the show.

      Do you pay for this operating system?

      • Yes, because I develop cross platform applications, but I run it in a VM on Linux too, so I just restored the MS OS partition from snapshot. If you don't have a separate partition for /home/, or if you you let Windows touch bare metal, you're going to have a bad time. Always use protection.

        Unvirtualized proprietary software? Not even once.

      • by Anonymous Coward

        The price is reduced due to
        NSA subsidies.

      • Re: (Score:3, Interesting)

        by JakeBurn ( 2731457 )

        Windows user here. Have never had an issue from a patch and definitely glad I paid for Win7. Quite nice being able to play games that are fun. For everything else that can be done on Linux, why bother?

        • by Nerdfest ( 867930 ) on Wednesday September 11, 2013 @07:04PM (#44825069)

          It's free, it's fast, it's open, it's reliable, and it's not back-doored by the NSA?

          • Plus I can use my computer and all its hardware for just about anything I want without having to worry about support for any of my devices. In addition, I do not have to debug the problems that occur. BTW - I can guarantee that the NSA is thoroughly familiar with open source operating systems and can get them to do anything they want.
          • by bigstrat2003 ( 1058574 ) on Wednesday September 11, 2013 @11:44PM (#44826821)

            Let's address those point-by-point.

            • Free: fair enough.
            • Fast: Windows is plenty fast enough, and has been for quite some time.
            • Open: who cares? Being open source doesn't matter for the vast majority of people, even power users.
            • Reliable: Windows is also plenty reliable enough. We aren't on Win95 any more.
            • Not back-doored by the NSA: for all 99% of people know, Linux is back-doored by the NSA to high heaven. The ability to inspect the source code means nothing when you aren't qualified, nor in possession of a trusted contact who is qualified, to find vulnerabilities in the source code. Linux's lack of back doors is taken by most people on faith... the same as Windows.

            So out of your list, the only valid point is "free". And perhaps applications, depending on if you need to use an app which is Linux-specific. But otherwise it's not a compelling argument you just made. And hey, if you have no need of applications which run on Windows and want to take advantage of the Linux price point (or just prefer the OS), God bless you. But Linux advocates also need to cut it out with this superiority complex nonsense. Linux and Windows are both perfectly serviceable operating systems which may or may not be superior depending on your needs. Saying one is inherently better than the other is asinine.

            • Reliable: Windows is also plenty reliable enough. We aren't on Win95 any more.

              except that EVERY month, you run the risk of your system breaking badly...

              • In the sense that there is a non-zero risk? Sure. But that goes for any system which you patch. In the sense that there is a significant risk? Absolutely not. I have installed more patches on more machines than I can count, and I can count on one hand the number of times I have ever had a problem. The only times I have had problems was on occasion with my test group of PCs at work and well... that's what test groups are for. On my personal machine, I have never had problems ever, even though I have nothing
            • Holy fuck, you're defending this, what has /. come to?
          • by Splab ( 574204 )

            Really?

            What about that little update to the openSSL that caused Debian deriviants to only have 32.000 possible keys (http://queue.acm.org/detail.cfm?id=2508864)? NSA has their grubby little fingers in everything, who cares that it's open source, if it's unreadable?

            PHK has a nice post about this also:
            http://www.version2.dk/blog/nsas-gennembrud-eller-noget-53787 [version2.dk]
            It's in Danish, but scroll down a bit for an example of openSSL source code, having it in binary would only make it slightly less readable...

        • by AHuxley ( 892839 )
          +1 Just enjoy the great games on good gpu drivers on fast gpu hardware.
          For other roles it seems to be a stressful OS choice.
          • by AmiMoJo ( 196126 ) *

            For other roles it seems to be a stressful OS choice.

            Really though? I don't find Windows 7/8 stressful, they both just seem to work and run everything I need. No instability or blue screens.

            I think Windows still has a bad rep from the 95 days when it would throw up a blue screen of death every half hour.

            • by AHuxley ( 892839 )
              I found Windows 7 and 8 have been perfect for games too :) Great frame rate, good use of network, intel cpu and nvidia gpu. O instability or blue screens as well.
    • by jsepeta ( 412566 )

      how do you handle it when you turn OFF auto updates but Microsoft pushes them out to your servers ANYWAY, forcing restarts during production hours? that part always pisses me off.

  • way overblown (Score:5, Informative)

    by Anonymous Coward on Wednesday September 11, 2013 @05:32PM (#44824479)
    I am not sure how this qualifies as a patch disaster. There appears to be nothing wrong with the patch. The issue appears purely to be people that haven't updated their outlook while installing the latest patches lose a folder pane, annoying but hardly a disaster and fixed by updating their machine. The issue is applying a new patch to an out of date version.
    • by Anonymous Coward

      I am not sure how this qualifies as a patch disaster. There appears to be nothing wrong with the patch. The issue appears purely to be people that haven't updated their outlook while installing the latest patches lose a folder pane, annoying but hardly a disaster and fixed by updating their machine. The issue is applying a new patch to an out of date version.

      This is Slashdot! Thus, this event is the worst thing to happen to mankind EVAR. And it is ALL MICROSOFT'S FAULT!!!!!

      Are you not entertained?

    • Re:way overblown (Score:5, Insightful)

      by Nimey ( 114278 ) on Wednesday September 11, 2013 @06:03PM (#44824775) Homepage Journal

      Because there's a vocal bunch on Slashdot who get excited by a chance to hate on things, especially [Microsoft|Google|Sony|the government].

      • Re:way overblown (Score:4, Informative)

        by hedwards ( 940851 ) on Wednesday September 11, 2013 @08:18PM (#44825589)

        Spoken like somebody that hasn't wasted hours trying to figure out why the computer is running so slow. Only to discover that the computer is running so slow because MS decided to disable UDMA on the drive without bothering to ask permission or even bother to mention that they'd done so.

        And that's hardly the only example, MS ought to be paying people to use their shitty software as they sure as hell shouldn't expect to be paid for the privilege of beta testing their software.

        • Re:way overblown (Score:4, Informative)

          by Blakey Rat ( 99501 ) on Wednesday September 11, 2013 @08:29PM (#44825663)

          If Windows does that, it:
          1) is a result of hardware failure (meaning: the drive kept failing writes, and did it consistently enough that Windows "stepped-down" to a more simple protocol).
          2) tells the user in the form of a notification bubble, and of course it gets logged in the Event Viewer like everything else.

          So basically you have broken hardware and are blind. I mean if you were running Linux and it had a similar hardware failure, you'd just have files mysteriously deleted also with no notice, so obviously the Linux way is far superior.

          • Re:way overblown (Score:4, Insightful)

            by Dracos ( 107777 ) on Wednesday September 11, 2013 @10:43PM (#44826521)

            You mean those notification bubbles that always stay on screen until the very moment you move the mouse with the intent of clicking on it?

            • You mean those notification bubbles that always stay on screen until the very moment you move the mouse with the intent of clicking on it?

              Holy shit, all this time I thought it was just me.

              That little idiosyncrasy is almost as annoying as the start menu disappearing out from under the mouse pointer because something in the background (Windows Update, I'm looking at you) thieved the focus just so it could fail to display a window. Usually happens most when hunting through multiply-nested folders.

              Focus theft is a felony!

    • Agree, my windows box updated itself last night, you would think a "disaster" would be noticeable, .
    • by yuhong ( 1378501 )

      The updated Outlook has to be manually requested as a hotfix, but that update they pulled shortly. The other patches only suffer issues related to failed installation and redetection, which is not a serious problem.

    • by MrL0G1C ( 867445 )

      1) No-one called it a disaster.

      2) Its five+ bad patches not one.

      3) Your post is almost identical to the last one which got modded up a lot and is also an Anonymous Coward and was posted only 2 minutes prior and was also un-informative and un-insightful.

      4) The article neglects to state what the problems with all of the patches are. It appears that some of the patches don't install properly causing windows to loop round the boot process (ugly) or windows states installed patches aren't installed.

      5. "There app

  • Rebooted several times and the last 3 patches still wouldn't apply, finally went to control panel and forced them manually. Looks like the .net patches were the problem. Basically my machine was unusable for about an hour. Probably could have fixed it quicker, but I was doing other things and not really paying attention until the third or fourth reboot.
  • by organgtool ( 966989 ) on Wednesday September 11, 2013 @05:48PM (#44824657)
    It's shit like this that forces me to turn off automatic updates and wait a month before manually applying updates. And it's not just a Microsoft problem - I have also seen similar issues from Apple and Canonical.
    • And it's not just a Microsoft problem - I have also seen similar issues from Apple and Canonical.

      I think the problem of hasty and bug-ridden updates is becoming endemic in the industry.

      On my work computer, I have a detailed log of every piece of software and software update that has ever been manually installed since the very first time the machine was powered on, a lesson learned the hard way. Moreover, I am absolutely strict about installing only necessary software, no trials, install/uninstall cycles just to experiment, or anything like that.

      Even so, among other applications to have become buggy or

  • by BoRegardless ( 721219 ) on Wednesday September 11, 2013 @06:57PM (#44825011)

    Given all the backward compatibility for legacy items and new OS items, how long can it go before it becomes virtually impossible to maintain reliable code?

  • by jd ( 1658 ) <imipakNO@SPAMyahoo.com> on Wednesday September 11, 2013 @06:58PM (#44825027) Homepage Journal

    NEVER trust the odd numbers. The even number patch releases are where they fix the problems with the odd number patch releases.

    Basically, Microsoft is dealing with multiple Operating Systems for which no complete design document exists. For any of them. Microsoft is highly departmentalized and, in consequence, it is impossible for Microsoft to compile a single design for the entire system. They simply don't have the structure.

    This is not necessarily a bad thing - things tend to be worse when unrelated subsystems start making assumptions about internal design that they shouldn't. It simply means the Windows environment is now too big for a corporation to manage. Microsoft has exceeded its maximum stable size, and has done for some time. (Based on quality of products, I'd say somewhere around the DOS 4.0 level, but that would be mean. Accurate but mean.)

    The only reason I use MS products at all is that application developers go out of their way to be burdensome to non-MS users. Wine has a terrible time with many Windows applications and that's about the only way to run them at all. I would truly love developers to push platform-specifics into a library. It can be done. They can then either write libraries for other OS' or provide the API to that library so that others can write a porting library. It's not like it would hurt sales and it won't affect the game because it's purely a support module.

    But, no, game companies and solo writers prefer their 1970s approach to coding - damn the portability, even if all OS' are 99.5% the same, and damn the sales, we want absolute totalitarian power! Bwahahahahahahahaha! Even if it'll eventually kill the product and the company. Who cares, when you're rich, powerful and utterly FUBAR!

  • This 'disaster' is much worse than the time my kids gave me a rotavirus and I had trouble sleeping for fear I might wake up without bowel control.

    There were dozens of reports! DOZENS!

  • An old XP SP3 box I had about 8 WinXP patches, then patches for O2K3 and O2K7 (Don't ask!). Then once the computer had restarted a couple Excel 2007 patches, etc.
  • Jesus Christ (Score:4, Insightful)

    by Blakey Rat ( 99501 ) on Wednesday September 11, 2013 @08:22PM (#44825625)

    Did you used to write propaganda for the Nazis? Give the rhetoric a rest and just report the facts, please.

  • by AdamHaun ( 43173 ) on Thursday September 12, 2013 @02:53AM (#44827541) Journal

    Just in case you were worried about Windows updates, the defective patches are for Office 2007 and Office 2013. From the article:

    KB 2817630 is not a security patch, it's a gratuitously delivered functionality patch for Office 2013, and man has it had an impact on functionality. I've seen dozens of reports that installing this patch, possibly in conjunction with the KB 2810009 patch that is part of MS13-074, causes the folder pane in Outlook 2013 to disappear. An anonymous poster on the SANS Internet Storm Center offers this picture of the effect.

    KB 2760411, KB 2760588, and KB 2760583 are parts of the MS13-072 and MS13-073 security patches for Office 2007. There are many reports of the patches being offered and re-offered and re-re- ... you get the idea

  • Sometime in the last few days my home computer rebooted, on my home computer I run Windows 7 and Gentoo Linux, each on separate SSD's. Last night I was at home for the first time all week and noticed Windows couldn't boot, it would just hang in the start up screen and not do anything. I decided to run the recovery console program because frankly I couldn't do anything else, the recovery console program kept failing saying it couldn't run any checks. I decided maybe running msconfig.exe from the command

A committee takes root and grows, it flowers, wilts and dies, scattering the seed from which other committees will bloom. -- Parkinson

Working...