Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft to Patch Problem Patch

Posted by ryuzaki0 on from the just-don't-screw-up-the-repatch dept.

slowroller writes to mention an eWeek article about a new patch to fix issues raised in their most recent release. From the article: "The company's plan is to target the rerelease only to Windows users who are affected. In a blog entry, Toulouse said the company's patch deployment technologies will have "detection logic" built into them to only offer the revised update to customers who don't have MS06-015 or are having the problem. The glitches, which Microsoft claims affect only a tiny fraction of the 120 million installations of the patch, stem from a new binary called VERCLSID.EXE that validates shell extensions before they are instantiated by the Windows Shell or Windows Explorer. On systems running Hewlett-Packard's Share-to-Web software, Sunbelt's Kerio Personal Firewall and some NVIDIA Drivers, users complained that the new binary stopped responding."

1 of 156 comments (clear)

  1. Re:Make your own decisions by swmccracken · · Score: 5, Informative

    How about Corporate: Microsoft provide a server program that you can install that downloads the updates and stores them locally.

    Your corporate administrator then configures that server and manually approves and rejects updates to be deployed though the Automatic Update clients connected to your server. (Optionally approving a patch for deployment to only certain groups of computers, say the IT Department could be beta testers.)

    It's called Windows Software Update Services, and has been out for quite some time. In other words, all you're asking for in the first half already exists. :-)

    The second part you're talking about is deployment of patches that aren't released through automatic updates - and yes, I agree, they're often problematic. It sounds like you manually installed a non-security hotfix, which was then clobbered by a later security patch (and the bugfix wasn't included in the security patch).

    Microsoft seem to believe that non-security bugfixes don't belong in security patches unless a lot of people are affected, but it means that for people that need those security patches and bugfixes, it becomes quite a mess trying to maintain them (and may require manual management, as you've found the hard way. :-( ) I think they're tryng to be cautious, which I can understand (although they've in theory fixed this for XPSP2 and 2K3, as those patches are supposed to include "general distribution release" and "quick fix engineering" versions, automatically installing the QFE version if there already is a QFE hotfix installed, otherwise installing the GDR version.)

    A classic example of all this is that there's a registry key you can set that causes IE patches to install bugfixed versions. (I'm not kidding.)