Microsoft Botches More Patches In Latest Automatic Update 254
snydeq writes "'No sooner did Microsoft release the latest round of Black Tuesday patches than screams of agony began sounding all over the Internet,' writes Woody Leonhard, reporting on verified problems with Microsoft Automatic Updates KB 2817630, KB 2810009, KB 2760411, KB 2760588, and KB 2760583. The latest round of MS Auto Update hell comes on the heels of one of the worst runs in MS Patch Tuesday history — and just in time for Microsoft to expand the scope of its automatic update damage. 'Does this make you feel warm and fuzzy about automatic app updates in Windows 8.1?'"
Wipe the gravy from your face. (Score:4, Funny)
Re:Wipe the gravy from your face. (Score:5, Funny)
What do you mean just?
Re:Wipe the gravy from your face. (Score:4, Funny)
Re: (Score:2)
You do realize that the update also includes patches that never seem to install and continue to try to install until you disable automatic updates, don't you?
This is why I have a 1 week delayed install policy (Score:5, Insightful)
Re:This is why I have a 1 week delayed install pol (Score:4, Funny)
Good thing it takes longer than a week to exploit Windows vulnerabilities.
Re:This is why I have a 1 week delayed install pol (Score:5, Informative)
That week makes little difference: Windows patches come weeks after the vulnerabilities are beeing exploited.
Re:This is why I have a 1 week delayed install pol (Score:4, Insightful)
weeks? YEARS in some cases.
Re: (Score:2)
You forgot the <Sarcasm> tag.
Re: (Score:3, Insightful)
I, personally, have even better install policy: off. The disruption from MS patches exceeds the pain from defects in the OS.
Re:This is why I have a 1 week delayed install pol (Score:5, Insightful)
Re:This is why I have a 1 week delayed install pol (Score:5, Funny)
Your virginity is assured. Rest at ease.
Re:This is why I have a 1 week delayed install pol (Score:5, Informative)
Your virginity is assured. Rest at ease.
I've always wondered why folks think so highly of the mating game. After years of married life and kids I'm miserable, while the friend of mine who remained single and mostly dateless is now the happiest guy I know.
Rest uneasily, divorce court is rape.
Re:This is why I have a 1 week delayed install pol (Score:5, Funny)
You chose your mate .... poorly. Its like you bought a discount pentium I computer with 8 megs ram and are complaining that all computers suck. No, they don't you just suck at the selection process.
Re:This is why I have a 1 week delayed install pol (Score:5, Funny)
You forgot the unwritten (until just now) rule that all analogies on Slashdot must be car analogies. This is like if he bought a Jaguar that he thought was going to be a fun, sexy ride, but instead is terribly high maintenance and broken most of the time.
Re: (Score:3, Insightful)
Re: (Score:2)
Linux systems are absurdly unmaintainable if you stray outside of the controlled environment of a well-managed distribution, and this is a direct result of the architectural foundations and established standards of Linux itself.
That's like saying 'Windows is absurdly unmaintainable if you start randomly deleting system files you don't think you need'.
BTW, maybe you could explain how to fix my old XP machine which refuses to install any .Net framework updates: nothing works, including downloading the 'uinstall all this .Net crap and start over' program from Microsoft.
Re: (Score:3, Funny)
we have a tool from quickbooks that does a thorough uninstall/reinstall, and i mean rigorous should work. pm me and ill try to get it to you.
Re: (Score:3)
That's like saying 'Windows is absurdly unmaintainable if you start randomly deleting system files you don't think you need'.
Except for the part where pretty much everyone's third party applications on Windows add a single uninstall entry in the standard place in Control Panel and can be removed with two clicks from that standard screen, you mean?
Also, if you start deleting random system files you don't think you'll need on any recent version of Windows, firstly you'll find yourself interrupted by various security measures, and secondly various recovery tools would rapidly restore your system to working order. It's 2013, not 1995
Re: (Score:2)
Linux systems are absurdly unmaintainable if you stray outside of the controlled environment of a well-managed distribution, and this is a direct result of the architectural foundations and established standards of Linux itself.
That is simply just not true. You keep the stuff you build separate from what the OS lays down, and ne'er the twain shall meet. Nor, in fact, affect each other in any way. You don't get automatic updates on that software, but life is hard all over.
Re: (Score:2)
Re: (Score:2)
That is simply just not true. You keep the stuff you build separate from what the OS lays down, and ne'er the twain shall meet.
And how are you going to enforce that, exactly, short of complete overkill like running everything you build in a dedicated VM or at least some sort of chroot jail?
In any case, the problem isn't the default distro packages interfering with those you build yourself, it's the completely uncontrolled dependencies between packages that you do build yourself, because there's no standard way of installing anything. I was setting up one notoriously awkward bit of software on a Linux box recently and looking up HOW
Re: (Score:2)
That is simply just not true. You keep the stuff you build separate from what the OS lays down, and ne'er the twain shall meet.
And how are you going to enforce that, exactly, short of complete overkill like running everything you build in a dedicated VM or at least some sort of chroot jail?
Why is a jail overkill? Is there some bizarre parallel world where it doesn't make sense to chroot?
Re: (Score:2)
Seriously, please don't pretend Linux systems are somehow more maintainable than Windows ones because every now and then MS screw up.
Screw up as in almost every month? If you haven't experienced it, you aren't doing enough different things.The folks I worked with that think Windows (anything) is the best thing since multiple orgasms didn't have to work with much variety of programs.
Re: (Score:3, Informative)
If you're seeing problems almost every month, you should investigate your systems for malware and/or hardware failures. That simply isn't normal. MS aren't perfect, but their QA for automatic updates is way better than most large software companies, and seeing failures as often as you describe is highly unlikely without some other factor causing problems.
Re: (Score:2)
Seriously please don't pretend than any admin worth their salt didn't have a manual update system and would wait for thirty days prior to uploading any patches to their system except of course high security risk patches and even then they would be updated to a test system first and cycled through a couple of days operation. M$ then contracted out all update testing because they were just so bad at it. Then took it back in house. It took until windows 7 (more like 14 odd) for them to be mostly reliable.
Re: (Score:2)
Ok, so how do I install a third-party kernel patch for windows?
Why would you need to? Do you also want to take out a soldering iron to perform a bit of light surgery on your CPU?
When you update a component that doesn't change it's ABI then nothing needs done, If the ABI does change you can recompile just the binaries that try to link to the old library.
Unfortunately, first you need to figure out which executables and libraries any given component actually provides, where it puts them, and what dependencies are involved. It is quite likely that the only way to do that reliably for a given component will be to manually read through extensive configuration/makefiles. As you say, in Linux there is some stuff that's hard.
Re:This is why I have a 1 week delayed install pol (Score:5, Interesting)
Ditto for home - the only Windows box left in the house is a VM on my MacBook Pro, which doesn't have network access to the outside world.
Now at work? It depends on the box, where it sits (inside, DMZ, etc), what it does, and how badly the patch is needed. Snapshot/backup-before-patching is a *must*. Takes work to triage it all, but well worth the effort, all things considered.
Re: (Score:3)
Restoring domain controllers from images is a dangerous game. Nothing like'a'split brain AD network to make your day.
Re: (Score:2)
USN rollback errors are a pain in the ass :(
Re: (Score:3)
About the only way I can see you safely making a backup image before applying updates to an AD domain controller is to make the image, then download the updates, and then most importantly disconnect the DC from the network, or at least sever all links from any other DCs in the forest before applying the updates. That way if things do go south you can always restore the backup without having mucked up the rest of the forest.
I've done it on my forest, but each network segment is connected by a VPN or VLAN and
Re: (Score:2)
You know Windows creates a system restore point before installing updates, right? You can roll back, just like a VM snapshop, and yes it actually works.
Re:This is why I have a 1 week delayed install pol (Score:5, Funny)
Macs are for fags.
So how many do you own?
Re: (Score:3)
Macs are for fags.
So how many do you own?
Hey, have some respect for Microsoft support, you insensitive clod!
Re: (Score:2)
I, personally, have even better install policy: off. The disruption from MS patches exceeds the pain from defects in the OS.
Isn't that the truth! I think a lot of people who only have limited scope in what they do, simply don't understand just how much stuff Windows bollixes when it updates.
I supported just about all computer functions, and it was a monthly practice to go back in to repair what was turned on or off during the update, Video problems were encountered several times a year My favorite was whne Microsoft removed a codec and I had to on the fly in real time find a player that would play everyone's DVD's. Security pa
Re: (Score:2)
Re:This is why I have a 1 week delayed install pol (Score:5, Informative)
It's OK, these specific bugs are minor... an unexpected UI change in office 2013 and an update to office 2007 that says it's not installed after it has been installed.
Re:This is why I have a 1 week delayed install pol (Score:5, Funny)
an unexpected UI change in office 2013
Did they backtrack on ribbon too? Well it's about time.
Re: (Score:2)
Not that minor (Score:2)
I can confirm that the sixth botched patch, KB2810048, affects Excel 2003. Like the Office 2007 patches, it keeps trying to install again and again and again.
The issue that these patches are trying to fix is a privilege escalation exploit. By loading a crafted Office file, it can give user privileges to an external user. If running as a normal user, this is not that big of a deal. Bu
Re: (Score:3)
"causes the folder pane in Outlook 2013 to disappear."
That sounds like a major headache to me. And considering the article only states the ill-effects of one of the patches, how do you know that the other patch effects are minor?
The cowards post is not informative is it stupid mods, MS employees with mod points?
Re: (Score:2)
Only a week?
Re:This is why I have a 1 week delayed install pol (Score:5, Funny)
Linux user here. No real comment, just enjoying the show.
Do you pay for this operating system?
Re:This is why I have a 1 week delayed install pol (Score:5, Informative)
Yes, because I develop cross platform applications, but I run it in a VM on Linux too, so I just restored the MS OS partition from snapshot. If you don't have a separate partition for /home/, or if you you let Windows touch bare metal, you're going to have a bad time. Always use protection.
Unvirtualized proprietary software? Not even once.
Re: This is why I have a 1 week delayed install po (Score:2, Interesting)
The price is reduced due to
NSA subsidies.
Re: (Score:3, Interesting)
Windows user here. Have never had an issue from a patch and definitely glad I paid for Win7. Quite nice being able to play games that are fun. For everything else that can be done on Linux, why bother?
Re:This is why I have a 1 week delayed install pol (Score:4, Insightful)
It's free, it's fast, it's open, it's reliable, and it's not back-doored by the NSA?
I had no problem with the update (Score:2)
Re:This is why I have a 1 week delayed install pol (Score:5, Insightful)
Let's address those point-by-point.
So out of your list, the only valid point is "free". And perhaps applications, depending on if you need to use an app which is Linux-specific. But otherwise it's not a compelling argument you just made. And hey, if you have no need of applications which run on Windows and want to take advantage of the Linux price point (or just prefer the OS), God bless you. But Linux advocates also need to cut it out with this superiority complex nonsense. Linux and Windows are both perfectly serviceable operating systems which may or may not be superior depending on your needs. Saying one is inherently better than the other is asinine.
Re: (Score:2)
except that EVERY month, you run the risk of your system breaking badly...
Re: (Score:2)
Re: (Score:2)
Re: (Score:3)
Really?
What about that little update to the openSSL that caused Debian deriviants to only have 32.000 possible keys (http://queue.acm.org/detail.cfm?id=2508864)? NSA has their grubby little fingers in everything, who cares that it's open source, if it's unreadable?
PHK has a nice post about this also:
http://www.version2.dk/blog/nsas-gennembrud-eller-noget-53787 [version2.dk]
It's in Danish, but scroll down a bit for an example of openSSL source code, having it in binary would only make it slightly less readable...
Re: (Score:3)
For other roles it seems to be a stressful OS choice.
Re: (Score:2)
For other roles it seems to be a stressful OS choice.
Really though? I don't find Windows 7/8 stressful, they both just seem to work and run everything I need. No instability or blue screens.
I think Windows still has a bad rep from the 95 days when it would throw up a blue screen of death every half hour.
Re: (Score:2)
Re:This is why I have a 1 week delayed install pol (Score:5, Insightful)
Ubuntu != Linux.
And "Debian testing" is called "testing" for a reason. See if you can figure out what that is.
Re: (Score:3)
Yes, I run Debian stable now for that very reason. I realized after I posted that it was rather dumb to compare security updates to program updates. With that said, I'm not sure how I am supposed to take your comment Ubuntu!=Linux. How is that addressing anything that I have said? I'm not trying to bash any distribution in particular, I like apt, I think it's the best packaging system out there in the Linux world right now, and I like Debian. However, I just wanted to point out that the update process on Wi
Re: (Score:2)
It's worth noting that Windows makes a system snapshot before installing updates too, so if one does break something it's easy to roll back. I don't think any major Linux distro has anything like that, although I'm sure if you tried hard enough you could revert individual packages.
Re:This is why I have a 1 week delayed install pol (Score:5, Insightful)
Use another distro, obviously you're doing something wrong and it's all your fault, you must have a weird configuration nobody else in the universe has, well it's open source you can go fix the updates yourself, maybe you're just not smart enough to run a sophisticated OS like Linux, etc etc etc etc.
Just going through the litany of replies you'll get to save some time.
Re: (Score:3)
Re:This is why I have a 1 week delayed install pol (Score:4, Funny)
Have you used a Debian based system? Dude, step into this millennium.
Re: (Score:2)
I agree, I rarely have trouble like that on Linux Mint. I think the last time I had trouble like that was when I was running RedHat, the people who designed the RPM system deserve to burn in hell for making it so that you couldn't just install all the packages you needed without manually installing each one. Presumably, they've fixed that by now. But, I gave up on them like a decade ago.
Re: (Score:2)
Have you ever used a Debian based system with Linux software RAID?
The standard installer will fail and you'll be straight back to hacking config files and manually playing with hard drive partitions, which is totally something you want to do because it's not error prone at all.
For extra credit, if you tried upgrading from 6 to 7 using the normal apt-based commands, don't forget to keep a spare live CD handy in case your system becomes unbootable because it didn't update the boot loader properly on all of yo
Re:This is why I have a 1 week delayed install pol (Score:4, Interesting)
True. I recently went through a bunch of Debian upgrades from 6 to 7, and this happened to one server. Unfortunately, it was one of the few physical servers on the list, which meant I had to haul my ass down to the data centre, early hours of the morning, to fix it at the console.
Serves me right for ignoring the grub update warning while doing the update. A simple "grub-install /dev/sda", when the update process is finished, would have made sure that all was OK. Also, this can be fixed by booting the Debian 7 install CD, and running through the rescue menu. No need for a live CD or such.
Still, it's a shame that this one got through the testing process, especially for such a crucial bit of the system. Very unusual for Debian.
Re: (Score:2)
Why is that supposed to scare us? If a new install is done in such a way that completely and utterly fucking it up results in permanent data loss of something important then you shouldn't be doing it.
Re: (Score:2)
I've been running Debian with /root on LVM on RAID1 since Lenny, with no problems at all. My anecdote beats your anecdote.
Re: (Score:3)
don't forget to keep a spare live CD handy in case your system becomes unbootable
I'd say being prepared for an unbootable system is a fairly normal part of preparing for a major version upgrade.
I'd also say that a major version upgrade is a very different thing from installing security updates.
Re:This is why I have a 1 week delayed install pol (Score:4, Informative)
By "enjoying the show", do you mean feverishly working through dependency hell to try to make updates work at all on your *nix system?
It isn't 1998 any more. Why do you use 1998 arguments?
Re: (Score:2)
how do you handle it when you turn OFF auto updates but Microsoft pushes them out to your servers ANYWAY, forcing restarts during production hours? that part always pisses me off.
way overblown (Score:5, Informative)
This is Slashdot! (Score:2, Funny)
I am not sure how this qualifies as a patch disaster. There appears to be nothing wrong with the patch. The issue appears purely to be people that haven't updated their outlook while installing the latest patches lose a folder pane, annoying but hardly a disaster and fixed by updating their machine. The issue is applying a new patch to an out of date version.
This is Slashdot! Thus, this event is the worst thing to happen to mankind EVAR. And it is ALL MICROSOFT'S FAULT!!!!!
Are you not entertained?
Re:way overblown (Score:5, Insightful)
Because there's a vocal bunch on Slashdot who get excited by a chance to hate on things, especially [Microsoft|Google|Sony|the government].
Re:way overblown (Score:4, Informative)
Spoken like somebody that hasn't wasted hours trying to figure out why the computer is running so slow. Only to discover that the computer is running so slow because MS decided to disable UDMA on the drive without bothering to ask permission or even bother to mention that they'd done so.
And that's hardly the only example, MS ought to be paying people to use their shitty software as they sure as hell shouldn't expect to be paid for the privilege of beta testing their software.
Re:way overblown (Score:4, Informative)
If Windows does that, it:
1) is a result of hardware failure (meaning: the drive kept failing writes, and did it consistently enough that Windows "stepped-down" to a more simple protocol).
2) tells the user in the form of a notification bubble, and of course it gets logged in the Event Viewer like everything else.
So basically you have broken hardware and are blind. I mean if you were running Linux and it had a similar hardware failure, you'd just have files mysteriously deleted also with no notice, so obviously the Linux way is far superior.
Re:way overblown (Score:4, Insightful)
You mean those notification bubbles that always stay on screen until the very moment you move the mouse with the intent of clicking on it?
Re: (Score:2)
You mean those notification bubbles that always stay on screen until the very moment you move the mouse with the intent of clicking on it?
Holy shit, all this time I thought it was just me.
That little idiosyncrasy is almost as annoying as the start menu disappearing out from under the mouse pointer because something in the background (Windows Update, I'm looking at you) thieved the focus just so it could fail to display a window. Usually happens most when hunting through multiply-nested folders.
Focus theft is a felony!
Re: (Score:3)
Re: (Score:2)
The updated Outlook has to be manually requested as a hotfix, but that update they pulled shortly. The other patches only suffer issues related to failed installation and redetection, which is not a serious problem.
Re: (Score:3)
1) No-one called it a disaster.
2) Its five+ bad patches not one.
3) Your post is almost identical to the last one which got modded up a lot and is also an Anonymous Coward and was posted only 2 minutes prior and was also un-informative and un-insightful.
4) The article neglects to state what the problems with all of the patches are. It appears that some of the patches don't install properly causing windows to loop round the boot process (ugly) or windows states installed patches aren't installed.
5. "There app
Re: (Score:2)
In fact, I don't. I had three computers out of a couple hundred that barfed on SP2 when we finally rolled it out (over a year later, fwiw), and those were fixed with a repair install.
Re:way overblown (Score:5, Informative)
Please do your company a favor and tell your cluless IT support about the existence of this.
http://en.wikipedia.org/wiki/Windows_Server_Update_Services [wikipedia.org]
Windows Server Update Services 2.0 and above comprise a repository of update packages from Microsoft. It allows administrators to approve or decline updates before release, to force updates to install by a given date, and to obtain extensive reports on what updates each machine requires. System administrators can also configure WSUS to approve certain classes of updates automatically (critical updates, security updates, service packs, drivers, etc.). One can also approve updates for "detection" only, allowing an administrator to see what machines will require a given update without also installing that update.
Administrators can use WSUS with Group Policy for client-side configuration of the Automatic Updates client, ensuring that end-users can't disable or circumvent corporate update policies. WSUS does not require the use of Active Directory; client configuration can also be applied by local group policy or by modifying the Windows registry.
Re: (Score:2)
2) Why are you running updates during work hours?
He said the updates started at 3AM. Presumablly that is timed to be late enough that the night owls have gone home and early enough that under normal circumstances it would finish before the early birds get in.
The question would be why did it take 8 hours, was it something that MS screwed up, something his IT department screwed up or some combination of both.
Thought it was just me (Score:2)
Beta Is the New Gold Master (Score:5, Insightful)
Re: (Score:2)
And it's not just a Microsoft problem - I have also seen similar issues from Apple and Canonical.
I think the problem of hasty and bug-ridden updates is becoming endemic in the industry.
On my work computer, I have a detailed log of every piece of software and software update that has ever been manually installed since the very first time the machine was powered on, a lesson learned the hard way. Moreover, I am absolutely strict about installing only necessary software, no trials, install/uninstall cycles just to experiment, or anything like that.
Even so, among other applications to have become buggy or
Re: (Score:3)
Not sure what the fuck you're doing with a bunch of VMs on Win7, but just don't.
That's like trying to stuff a second engine into a Beetle.
Re: (Score:2)
That's like trying to stuff a second engine into a Beetle.
Which, thanks to you, I want to do now. Put an electric drive system in the front of the car, and a 1.6 liter subaru motor in the back. I wonder what would make a good donor for the front suspension and cross member.
Re: (Score:3)
God help you if you use the older win 7 rtm or worse XP without a single patch. I have financial data and hundreds of gigs of data and vms so a reimage due to a virus is unconscionable.
If you are so concerned about your data, your best option is to keep it on a server that is not connected to the Internet. What are you doing, trusting "hundreds of GB" to a few platters of spinning rust? As a minimum you need a RAID 1 or higher NAS, and ideally you need an offsite mirror.
Assuming that you are a typical
When is it too complex to maintain? (Score:3)
Given all the backward compatibility for legacy items and new OS items, how long can it go before it becomes virtually impossible to maintain reliable code?
Re: (Score:2)
I'd say up until about 5 years ago.
First rule with Microsoft patches (Score:3)
NEVER trust the odd numbers. The even number patch releases are where they fix the problems with the odd number patch releases.
Basically, Microsoft is dealing with multiple Operating Systems for which no complete design document exists. For any of them. Microsoft is highly departmentalized and, in consequence, it is impossible for Microsoft to compile a single design for the entire system. They simply don't have the structure.
This is not necessarily a bad thing - things tend to be worse when unrelated subsystems start making assumptions about internal design that they shouldn't. It simply means the Windows environment is now too big for a corporation to manage. Microsoft has exceeded its maximum stable size, and has done for some time. (Based on quality of products, I'd say somewhere around the DOS 4.0 level, but that would be mean. Accurate but mean.)
The only reason I use MS products at all is that application developers go out of their way to be burdensome to non-MS users. Wine has a terrible time with many Windows applications and that's about the only way to run them at all. I would truly love developers to push platform-specifics into a library. It can be done. They can then either write libraries for other OS' or provide the API to that library so that others can write a porting library. It's not like it would hurt sales and it won't affect the game because it's purely a support module.
But, no, game companies and solo writers prefer their 1970s approach to coding - damn the portability, even if all OS' are 99.5% the same, and damn the sales, we want absolute totalitarian power! Bwahahahahahahahaha! Even if it'll eventually kill the product and the company. Who cares, when you're rich, powerful and utterly FUBAR!
Very informative (Score:2)
This 'disaster' is much worse than the time my kids gave me a rotavirus and I had trouble sleeping for fear I might wake up without bowel control.
There were dozens of reports! DOZENS!
For my machine (Score:2)
Jesus Christ (Score:4, Insightful)
Did you used to write propaganda for the Nazis? Give the rhetoric a rest and just report the facts, please.
On the one patch that broke Outlook... (Score:3)
See this blog post:
http://blogs.technet.com/b/office_sustained_engineering/archive/2013/09/11/outlook-folder-pane-disappears-after-installing-september-2013-public-update.aspx [technet.com]
Affected software (Score:3)
Just in case you were worried about Windows updates, the defective patches are for Office 2007 and Office 2013. From the article:
Windows is a joke (Score:2)
Re: (Score:3)
The story where MSFT pulled some of the patches?
http://www.informationweek.com/security/management/microsoft-pulls-exchange-server-security/240160034 [informationweek.com]
Yeah, your *three* computers may not have been affected. But lots were.
Re: (Score:2)
Ummm.... I liked Vista just fine(I actually had the hardware to run it). I also like 8/8.1(oh no, my start menu looks different again).
People forget that when XP came out it had the exact same problems with hardware that Vista had at release(most PCs didn't have enough RAM and new driver model problems). XP also changed the start menu in a way that added an extra click to get to the "real start menu". I'll grant you that at least they gave you option of switching back to the old Win95/2K start menu. Eventua