Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Microsoft Security Windows

Microsoft Releases Replacement Patch With Two Known Bugs 140

snydeq writes Microsoft has re-released its botched MS14-045/KB 2982791 'Blue Screen 0x50' patch, only to introduce more problems, InfoWorld's Woody Leonhard reports. "Even by Microsoft standards, this month's botched Black Tuesday Windows 7/8/8.1 MS14-045 patch hit a new low. The original patch (KB 2982791) is now officially 'expired' and a completely different patch (KB 2993651) offered in its stead; there are barely documented revelations of new problems with old patches; patches that have disappeared; a 'strong' recommendation to manually uninstall a patch that went out via Automatic Update for several days; and an infuriating official explanation that raises serious doubts about Microsoft's ability to support Windows 9's expected rapid update pace."
This discussion has been archived. No new comments can be posted.

Microsoft Releases Replacement Patch With Two Known Bugs

Comments Filter:
  • Oh microsoft (Score:5, Insightful)

    by Anonymous Coward on Friday August 29, 2014 @07:10AM (#47783343)

    And people still come up to me and say they can't use free software cause they need enterprise-grade quality

    • Re: (Score:1, Insightful)

      by Anonymous Coward
      When free software comes with a sea of bugs without often no one taking responsibility of fixing them, I can understand those people's arguments. If we look at Linux desktop, usually the GUI does not stay in one piece, and is full of little glitches here and there. Compared to that, these Microsoft patches are a very minor worry.
      • by Anonymous Coward

        BSoD, boot failure... yeah very minor compared to GUI imperfections... pinhead. And i wonder which linux desktop you're talking about or are you still in 2007? Linux Mint to say one is very sound, functional and elegant.

      • Re: (Score:2, Informative)

        by Anonymous Coward

        The free software desktop's problems are a lack of polish. Microsoft's problems are outright neglect.

      • Re:Oh microsoft (Score:5, Informative)

        by phantomfive ( 622387 ) on Friday August 29, 2014 @01:21PM (#47786059) Journal
        I've written enterprise software, used by large banks and other corporations. Our software was so bad, I couldn't understand how it would help anyone, I'm sure the people who used it were slowed down by the process.

        Finally I realized they did get one thing from it: accountability. If you've never been there, it's hard to understand how corporations are shaped by SOX compliance, and general accounting problems. If a $2000 purchase disappears at a startup, it's a minor problem. But at a large company, accountants will be looking for weeks to find what happened to it.

        Those are the kinds of issues large companies deal with, and removing the accountability of the decision making process (of figuring out what software to use) and giving it to Microsoft is a real service for them. This is the same reason people use RedHat, even though RedHat gives their software away for free. It is one of those things that makes no sense to you until you've worked in that kind of environment.
    • by thieh ( 3654731 )
      What enterprise-grade quality?
      • Re:Oh microsoft (Score:4, Insightful)

        by Anonymous Coward on Friday August 29, 2014 @12:44PM (#47785789)

        What enterprise-grade quality?

        Software from a billion dollar plus company, which required a PO large enough to justify firing the person who approved it, not just the one who implemented it.

        If MS F's up, you can blame them as they yell at you to fix it. If your cobbled together, zero budget, but works 99% of the time solution fails, then it is 100% on you.
        It is completely unfair, but that's the way it is. If the Oracle DB blows up in a patch, you can point to not having a 2nd instance to use as a test system. The finance guys can point to the lack of an extra $100k to spend on a test system and the CEO can blame Oracle/budget to the board.

        If the same issue occurs on mysql, everyone points at you and you alone, since you could have just set up a second system for cheap - never mind that that would double the admin/patch/test time with no corresponding increase in headcount.

        Pendants: This is done in serial, not parallel, otherwise you are not staging it properly to test it.

    • by Anonymous Coward

      Actually, I tend to see IT departments making the argument that 'they need enterprise grade quality' when wanting to avoid Microsoft, these days. Such arguments _against_ open source software vanished years ago in my line of work, mostly when it became patently clear that job security for upper-mid level managerial mediocrities was not really achieved by being able to pay someone you can blame for IT failures. The more competent examples of upper management don't buy that argument any more. They actually wa

  • by RenHoek ( 101570 ) on Friday August 29, 2014 @07:10AM (#47783347) Homepage

    What pisses me off as a consumer is that Microsoft patches never come with any kind of useful information.

    "There are X patches available", and when you click a specific patch you get "This is a stability patch for Windows 8" or something generic like that.

    How can a consumer make an informed decision to go ahead and install patches or not without hours of looking up KB numbers?

    I'd like more info, so that unless a patch specifically fixes a security bug, I'd rather leave the rest of the patches uninstalled as long as my system runs ok.

    • by Anonymous Coward

      Click on the update and you should see a 'More Information' link on the right. Click it and your browser should open to a MS knowledge base page that explains what the patch does.

      • "Click on the update and you should see a 'More Information' link on the right. Click it and your browser should open to a MS knowledge base page that explains what the patch does".

        "To view this vulnerability as a standard entry in the Common Vulnerabilities and Exposures list, see CVE-2014-0318 [mitre.org]." ref [microsoft.com]

        'win32k.sys .. does not properly control access to thread-owned objects, which allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability ."'
    • by Anonymous Coward

      What pisses me off as a consumer is that Microsoft patches never come with any kind of useful information.

      "There are X patches available", and when you click a specific patch you get "This is a stability patch for Windows 8" or something generic like that.

      How can a consumer make an informed decision to go ahead and install patches or not without hours of looking up KB numbers?

      I'd like more info, so that unless a patch specifically fixes a security bug, I'd rather leave the rest of the patches uninstalled as long as my system runs ok.

      I completely agree, but that is a problem only shared by very few Windows users. A vast majority of users aren't going to care about anything more than "This is a stability patch for Windows 8". Most won't even care about that, they just install without reviewing.

      • by PopeRatzo ( 965947 ) on Friday August 29, 2014 @09:09AM (#47784101) Journal

        Most won't even care about that, they just install without reviewing.

        I doubt it's much different in other platforms. Mac OS or Android or Linux. When there is an update, most people don't have the time to carefully go over what it's doing. Nor should they.

        When the plumber comes to my house, as he did yesterday, all I care about is that the hot water is coming and the toilets flush. I don't crawl under the sink to see if he properly greased the pipes or whatever the hell it is plumbers do.

        I have met people who work for Microsoft and Apple and they are neat and earnest and are by all appearances proper and trustworthy citizens. I've also met people who contribute to open source OSs. They look like the guy who stands on the on-ramp with a sign asking for change. A little bit dangerous with greasy hair and a a psychotic glimmer in the eyes.

        I'm kidding of course, and just tweaking people who use Linux (like myself), but as Eclipse (played by Frank McRae) said to Sylvester Stallone upon his imprisonment in the classic American film Lock Up, "You gotta trust somebody. Let me hip you to the joint."

        • Apple pops up a notification (more annoying than Microsoft actually) that says "install these patches now or later?", and you have to click and open up before you can even see what you're clicking "now" or "later" for. Then it turns out it's just something stupid like itunes. So I ignore it. Then a few days later it repeats. Then a few days after that. And so on. It's basically the apple store window, even though I have zero software anywhere on or in the vicinity of the mac that even saw that store.

          • Apple pops up a notification (more annoying than Microsoft actually) that says "install these patches now or later?", and you have to click and open up before you can even see what you're clicking "now" or "later" for. Then it turns out it's just something stupid like itunes. So I ignore it. Then a few days later it repeats. Then a few days after that. And so on. It's basically the apple store window, even though I have zero software anywhere on or in the vicinity of the mac that even saw that store. So yes, I am indeed crawling under that sink to see what shit the plumber left there. At least be glad microsoft isn't merging their updates and patches with their store.

            While I must admit I liked the old Software Update system a bit better, overall I still find Microsoft's free-for-all pop ups during boot up to be far more annoying than the Growl-like notifications in OS X. For one thing, OS X NEVER says "I'm rebooting your system in x seconds" like Windows does, leaving you to scramble around to ask PERMISSION from your own computer to DELAY the Reboot.

            BTW, Apple isn't "mixing their software updates with the App Store"; they are just using the same secure distribution

            • I turned off Microsoft's automatic updating and such, after the first mistake. I've rarely seen any popups. I don't know what setting I have that enables/disables them. I never see anything on boot except for the ongoing patches that started when I shut down.

      • The thing is that most of those stability patches are no such thing. They are for cards you don't have on your computer, for a product you don't use, and in some cases have nothing to do with stability but instead added new features.

    • by MrL0G1C ( 867445 ) on Friday August 29, 2014 @07:38AM (#47783487) Journal

      You beat me to it, this page is what we need:
      https://technet.microsoft.com/... [microsoft.com]

      But of course that info should be right there on the windows update window.

    • by Anonymous Coward

      You are talking about the short summary in the windows update UI, but there is always a direct link to a Knowledge Base article with much more details.

      Are Slashdot posters really unable to follow a direct hyperlink to the information you are after without spending hours on it?? WTF??

    • by benjymouse ( 756774 ) on Friday August 29, 2014 @07:48AM (#47783523)

      Perhaps you should give it 3 secs investigation before you shout off.

      3 secs should be just enough to click the "more information" link.

      • by Anonymous Coward on Friday August 29, 2014 @07:55AM (#47783563)

        3 secs should be just enough to click the "more information" link.

        Every time I have clicked a "more information" link, I have been taken to a completely useless webpage that contains no information about the KB in question.

      • Re: (Score:3, Insightful)

        by Anonymous Coward

        Before you get too smug, please explain how clicking on "more information" would help explain the mystery of Windows Update Agent 7.6.7600.320 and all of the associated problems it causes? That's only one example of many over the last couple decades.

        There has always been *lots* of holes in the Microsoft KB and explanations of patches. Saying just click on more information implies that Microsoft has documented everything and the OP is simply an idiot and/or lazy. In this case he isn't.

      • 3 secs should be just enough to click the "more information" link.

        I'm pretty sure that unless he's suffering from the DTs, it won't take him 3 seconds to click a link.

      • 3 secs should be just enough to click the "more information" link.

        You apparently have never bothered to click the "more information" link. It is a pretty good approximation of useless unless you click several layers deep and shouldn't be necessary in the first place. A short description of what the patch actually is intended to do would not kill Microsoft. I shouldn't have to go hunting for that information if I want it. Yes I know how to find out what the patch is for but Microsoft has made it needlessly hard.

        Put bluntly, I shouldn't have to click ANY links to see a

        • A short description of what the patch actually is intended to do would not kill Microsoft. I shouldn't have to go hunting for that information if I want it.

          In addition, if you have set Windows Update to "download but not install", then it is possible that you don't have Internet access at the time you are thinking of applying the already-downloaded patch.

    • by MobyDisk ( 75490 ) on Friday August 29, 2014 @08:11AM (#47783667) Homepage

      How can a consumer make an informed decision to go ahead and install patches or not without hours of looking up KB numbers?

      Consumers don't make such decisions. If you want that level of control over your OS, don't use Windows. This isn't a knock against Windows or anything: it's just part of the closed-source model. You trust them. If they do a good job, then it saved you effort. If they do not, you get burned. That is the trade-off.

      • by msobkow ( 48369 )

        It has nothing to do with "closed source." Show me what info is available when you do an "apt get upgrade". :P

        • by rdnetto ( 955205 )

          It has nothing to do with "closed source." Show me what info is available when you do an "apt get upgrade". :P

          Install apt-listchanges, and you can see the entire changelog.

    • What pisses me off as a consumer is that Microsoft patches never come with any kind of useful information.

      "This patch makes Windows 8 a little more stable." states its purpose clearly and simply.

      The link to the KB --- which is always there --- implies a deeper understanding of the OS than most users are likely to have or need.

      It won't make their decision to install the patch any easier.

    • When you click for more details it tells you to visit a web page. Then on that web page, full of long boilerplating, there is some description. Useful description, but it takes you enough time that to follow that patch for every update is a tedious chore. It would indeed help if the patch description said something more useful than "stability pach" or the name was something other than "KB11878723".

      I think the rationale is that either the interns it would take to do this minimal work are costing too much,

  • by Anonymous Coward

    But how is this NEWS? MS has fallen into the shitcan for sure, mama!

  • by wbr1 ( 2538558 ) on Friday August 29, 2014 @07:31AM (#47783459)
    Yesterday in my repair shop I started getting a 0x80246002 error when checking for updates. Only on Win 7, (8 and vista were unaffected). This first occurred on a customer box that had a malware infection. The KB for this error simply states:

    This problem may occur if Windows Update or Microsoft Update determines there is a file hash mismatch when you try to search for available updates from the Windows Update Web site or from the Microsoft Update Web site.

    I spent a couple hours down the rabbit hole, thinking malware had broken updates on this box. Not unusual, and normally fixable by one of several means. When all attempts failed, and then another box presented the same error, I checked, every single windows 7 box would not check for updates.

    I found that it was not something strange in our router or firewall, and it even occurred on other building tenants computers using a separate internet connection. Everyone in the building is on Comcast. Even more interesting, if I connected a computer to another ISP (tethering on my phone in this instance), the update check would succeed. You could then reconnect to comcast and download and install the updates.

    Further all of these computers were running Windows Update Agent 7.6.7600.320, which is a recent (KB less and not able to be skipped) update to Windows update, that you cannot roll back easily. However, by going to a restore point prior to this update, checking for updates magically worked again, until this Agent updated itself and it was broken again.

    So somehow, for whatever reason, the way Windows Update on Win 7 with this version of the agent checks for updates was being blocked by Comcast (Business class). Try explaining that to a comcast support rep. Fortunately today it seems to be working again.

    • by Anonymous Coward on Friday August 29, 2014 @08:00AM (#47783593)

      Had the same problem yesterday on a newly patched Windows 7 laptop and then today on a Windows Server 2008 R2 server.

      Problems with Windows Update Agent 7.6.7600.320 and DNS [microsoft.com] seems to be where this is headed.

      But I'm holding off on KB 2993651 [microsoft.com] and Windows Update Agent 7.6.7600.320 [microsoft.com] until this one gets resolved too.

      • by wbr1 ( 2538558 )
        I did not see this thread. It (like many) seems to have a lot of useless info, but that DNS issues is probably key. We use open DNS here, and I did not even think to change DNS. If it recurs I will certainly check that. You sir deserve a +1.
    • Comcast blocking windows update?

      • by sjames ( 1099 )

        Perhaps if you call and ask them to turn off the malware filter for your connection...

    • My experience somewhat mirriors yours:
      On the 2nd Tuesday, I connected my Win7 box to the Internet to install the 2nd Tuesday patches.
      After reading a Slashdot article, I uninstalled two patches on the bad-patch list.

      Yesterday, I connected it to the Internet to install the August 27 patches.
      This was a no go. Windows Update was broken and the Windows Update Troubleshooter was no use.
      Only a rollback to a mid-July restore point got the machine going properly again.

      My Windows box (which is not my main box) is ge

    • Yesterday in my repair shop

      Wait, there are still computer repair people?

      Say, if I buy a new video card, you think you could come over to my house and install it before Assassin's Creed Unity comes out? There's $50 in it for you. I live in Chicago.

      • by wbr1 ( 2538558 )
        Yes there are. This shop mostly supports our business IT techs by setting up and rebuilding stuff that goes out to businesses. But the shop also picks up plenty of residential infections and failed hardware.

        I can go to Chicago to install your GPU, however, it will cost about $900-$1500 in travel expenses.

  • No Patch Info (Score:5, Informative)

    by MrL0G1C ( 867445 ) on Friday August 29, 2014 @07:35AM (#47783475) Journal

    What pigs me off is that when you use Windows Update and look at a patch it gives you no info, so you click the patch and still no info', you click the link given but that pretty much just says it's a patch and you should install it, finally after following another link, scrolling down and expanding a section of page you get to find out whether or not the patch is actually relevant to your installation and not just a fix for something you will never use.

    I don't use and don't need patches for One-Note, IE, Windows Media Centre, SQL Server. Privilege escalation bugs don't bother me, if you've been compromised that far then you're probably f**ked anyway.

    The only bugs that look half-dangerous this month are MS14-046 and MS14-047 because they can lead to you being rooted when joined with browser etc bugs

    For future use: https://technet.microsoft.com/... [microsoft.com]

    • by phorm ( 591458 )

      Yeah, no kidding. If half the patches are for "issues when entering text with the Klingon language when your locale is set to Alpha Centuri" then I don't need the farging patch. Give me useful information, and don't load me up with patches that frankly don't apply.

    • Well, the IE patches should matter. They might affect the rendering engine, which is used everywhere.
    • I don't use and don't need patches for One-Note, IE, Windows Media Centre, SQL Server. Privilege escalation bugs don't bother me, if you've been compromised that far then you're probably f**ked anyway.

      Uh you don't have to be compromised initially to fall victim to a privilege escalation bug. And you should care about bugs in IE or any other piece of software that is installed (and cannot be removed) from your system. Gone are the simple days of black hats using a single bug to take control of your system. They will chain together vulnerabilities until they can get to your unimportant privilege escalation, and that could very well take advantage of some bug in IE that you neglected to patch because it

      • by MrL0G1C ( 867445 )

        In the last decade I've ran my PC as Admin, in that time I've had zero viruses because I know what not to do, take a range of security measures and have been lucky... So privilege escalation bugs don't count because I'm already running as admin. And whilst Microsoft has found these privilege escalation bugs, I expect there are many more zero-days out there.

        If I don't surf the web with IE then the chances of getting an infection due to a IE bug is extremely low. Even though I don't use it, I set the security

        • by Anonymous Coward

          I do all that stuff, too, and still got my LAN hacked through the open port used for security cameras on my Synology NAS. (Which runs Linux, of all things.)

          Defense in depth is the only defense. The bad guys only have to guess right once.

  • by Anonymous Coward

    was after the forced reboot (wonderful design, you leave for lunch and you lose everything), Firefox lost all my tab history.

    What's the connection between the two things? In an era of multigigabyte RAM and terabyte storage, we can't store a few kilobytes of text to remember what URLs were open in a dozen tabs?

    • And this has what to do with the topic?
    • Usually, Firefox remembers the URLs that were open. Thing is, it only appears to remember for the last closed window. If I'm going to reboot, I close Firefox myself, making sure to close the window with all the tabs last.

      This may be a Firefox issue rather than a Microsoft one.

  • by Anonymous Coward

    Dear Microsoft,

    I, and possibly many others, would like to offer our services. We charge $200+/hour, and don't move very fast because we like to think about our solutions. We dislike cargo programming a lot. I understand that the prospect of hiring us shakes some CEO's yacht more than the waves of the South Indian ocean displace the ships mapping the seabed in search for MH370, but we're not going to drop our costs and standards, even though you will. Even more so, considering the predicament you find yourse

    • Re: (Score:3, Funny)

      by Anonymous Coward
      Dear AC,

      Thank you for expressing your interest in a position at Microsoft. Unfortunately we are not currently hiring developers who test their code.

      Sincerely,
      Microsoft
  • There are so many ACs who post in response to MS-centric articles. It's almost as if you can feel the shame and terror as you read your way through.

  • about Microsoft's ability to support Windows 9's expected rapid update pace."

    I don't think this stuff is expected to go any faster. To be fair to microsoft, the frequency of updates is already pretty respectable (latency and quality on the other hand...). The rumors are that MS will start mixing in functional changes more. Of course this seems like a mistake, their competitors really aren't mixing it up much on the fundamental level anymore (Google churned pretty hard because they needed too, but Jelly Bean seems to have marked where they broke out the functcion).

    Microsoft is onl

    • How often will Windows 9 receive updates? I heard on the TWIT podcast that it would be once a month.

      ***NEWS FLASH***

      Windows is ALREADY updated once a month, so I don't see how that is any more frequent.
  • by Anonymous Coward

    ..don't use Windows.

  • Is this mess possibly the long-term result of Microsoft's previous embrace of stack ranking? Too much cultural focus on back-stabbing and ladder-climbing instead of writing solid code and testing it properly?
  • by QuietLagoon ( 813062 ) on Friday August 29, 2014 @09:56AM (#47784493)
    Microsoft has lost control of the monster it created in Windows.

    .
    It now appears that Windows has taken on a life of its own, and is now roaming the countryside, harassing the villagers.

    Where is Dr. Frankenstein when you really need him?

    • by lgw ( 121541 )

      He was laid off with all the QA guys. He got a nice severance package though.

  • Hopefully this will change Nadella's mind. QA is part of the process, and has to be independent of engineering...

  • Was working on the computer late on the 27th and I saw there were new Windows updates available (8.1 Pro, x64). I'd heard about the update issues two weeks ago but figured that had all been taken care of and the updates were pulled so this was fine.

    Big mistake.

    Machine BSOD'ing after launch and none of Microsoft's fixes worked.
    1) If I tried to boot into safe mode, which is still supposed to work -- BSOD
    2) There is a font cache file that supposedly is causing the crash. You're supposed to boot into safe mode

Life is a whim of several billion cells to be you for a while.

Working...