Microsoft to Patch Problem Patch

slowroller writes to mention an eWeek article about a new patch to fix issues raised in their most recent release. From the article: "The company's plan is to target the rerelease only to Windows users who are affected. In a blog entry, Toulouse said the company's patch deployment technologies will have "detection logic" built into them to only offer the revised update to customers who don't have MS06-015 or are having the problem. The glitches, which Microsoft claims affect only a tiny fraction of the 120 million installations of the patch, stem from a new binary called VERCLSID.EXE that validates shell extensions before they are instantiated by the Windows Shell or Windows Explorer. On systems running Hewlett-Packard's Share-to-Web software, Sunbelt's Kerio Personal Firewall and some NVIDIA Drivers, users complained that the new binary stopped responding."

yay!

[bensafrickingenius]

Recursive patching at last!

Millions of different system configurations.

[headkase]

Everyone complains that Microsoft does not release their patches fast enough or that they don't do adequate testing. They can't win either way.

Re:Millions of different system configurations.

[MustardMan]

No - Microsoft doesn't release patches fast enough and they don't do adequate testing. They don't win on either count.

Re:Millions of different system configurations.

[aussersterne]

Microsoft is a multibillion dollar corporation stuffed full of multibillion dollar men. They have a monopoly on the marketplace, power half of the world, and want to power the rest.

They can, will, and had better do both:

- Release patches quickly
- Release patches with adequate testing

If they don't, they should be punished.

Re:Millions of different system configurations.

[Tim+C]

They can, will, and had better do both:

- Release patches quickly
- Release patches with adequate testing

You do realise that some things simply take a certain amount of time and no matter how much money or how many people you throw at the problem they will not get done any quicker, don't you?

You also realise that the reason that MS release patches on a monthly schedule is that the corporate IT world demanded it, don't you?

What you are asking for, in effet, is that they a) solve problems in a certain amount of time regardless of how long it actually requires, b) do so without affecting quality and c) go against the express wishes of a large proportion of their customers.

Now, I'm not saying that they're perfect by any means, and I accept that I'm probably lucky in that I've used half a dozen machines over the last few years running Windows 2k and XP and have suffered no problems that weren't entirely hardware related, but from where I'm sat they're doing an ok job.

Re:Millions of different system configurations.

[Splab]

You do realise that some things simply take a certain amount of time and no matter how much money or how many people you throw at the problem they will not get done any quicker, don't you?

If only people would realize that, especially managers. "Ohh so you need x hours to do that? Well I'll just go call this helper for y hours, then you only need x-y hours, so we'll ship on friday"... Glad I'm not doing that anymore. Incidently, we did have a few issues with the patch, but what it revealed for us isn't that there might be a problem with MS patches, but that theres a big problem with testing at our facility before rolling out patches.

MS might screw up, but it's our job to make sure that what they give us works before we roll it out.

Re:Again? What?

[i.of.the.storm]

No, the patch was simply conflicting with a few pieces of software. If you aren't affected, you won't get the patched patch. The original bug was fixed with the original patch. This patch's patch simply whitelists a couple of programs known to cause issues with the patch.

Two Patch Tuesdays

[Vskye]

For some Windows users, there will be two Patch Tuesdays in April.
 
So, you can get two patchs and two tacos on the same day? Wow, now if MS can do the pizza deal, I might just install their OS! ;)

Here is the problem

[dick+pubes]

The big problem when they do this is compatibility testing. I work at numerous companies where we need to read through each patch to see what they 'fix'. Now when Microsoft does this we will just have to guess what they might break in a legacy application deployed across the world.

Re:Affected

[AuMatar]

HP doesn't even write half their own crap anymore. When I worked in HP firmware (last year), the software teams were a joke in our division. No matter what we did, we knew our stuff was better than software.

My Patch

[Cobralisk]

del c:\windows\system32\verclsid.exe

It works.

Apple users are nervous about updates

[nordicfrost]

I'm an Apple user, and it always struck me as odd that they are nervous about upgrades. Each time there's an update, some brave person will install it and report as to how it behaves on that specific Mac. Is it the Firewire-delete-external-harddrive-bug from many years ago that still lives on in memory? Or is it that Apple breaks things in their updates? I have a Powerbook and have not yet experienced that updates hav broken anything on it or my familys Macs. See this forum for more info...

Re:Apple users are nervous about updates

[Cobralisk]

All users of any system should be wary of updates. Granted, most updates are security fixes that keep your b0xen from being pwned and as such are vital to keeping a more secure system, but all software contains bugs. Sometimes the bug is in the patch, sometimes it's in the application that breaks because it makes an incorrect assumption about the OS that is changed by an otherwise valid bugfix. Either way, every patch to any running system has the potential to break functionality that end-users or sysadmins depend on. In reality the best thing you can do is probably just remove your system from the network. Barring that maybe just keep thorough backups.

Re:Apple users are nervous about updates

[fact0r]

Apple updates do not have an uninstall feature. Almost every windows update does.

Mac users should be much more wary of updates for that reason alone.

Apple also is a lot less interested in enterprise customers than Microsoft. Enterprise customers are the ones that demand extensive testing and will seriously crack the shits if some funny legacy application that is absolutely critical for their business fails to run following an update.

Apple isn't too fussed by backwards compatability either. So certainly an OS upgrade (10.3 -> 10.4) is expected to break things on OS X. Pre-Vista Microsoft pretty much guaranteed that if it worked on the old version it would work on the new version of Windows.

Re:Apple users are nervous about updates

[Cheaty]

Hell, at least Apple machines ask you if you want to update; this latest Windows XP patch was pushed to my singular Windows XP without me even knowing about it, installed itself, and rebooted itself. It could have at least asked me if I wanted it or told me what the update was even for...

Try changing your Automatic Updates settings to: 'Download updates for me, but let me choose when to install them.' or 'Notify me but don't automatically download or install them' You can't really blame it for working the way you have it configured.

Re:Apple users are nervous about updates

[Blakey+Rat]

I let the update go a couple days and look for stories about it on Slashdot. If the problems with it aren't big enough to show up on Slashdot, I usually install it.

Yeah, it's funny, but it's true.

Re:Again? What?

[swmccracken]

The detection logic is (almost certainly) simply the logic built into Windows Update and the automatic update feature that works out whether you need this patch or not. This is nothing new. Microsoft just updates the XML file to contain the relevant "if this dll exists with this version number then offer this patch" information.

It's the same logic that works out whether you need an Office patch or if your computer infected with a certain piece of spyware and offers a special "patch" to get rid of it before offering to install XP SP2 or if a particular patch is already installed so you don't need it again.

It's quite well established code that's been used for quite some time.

Those who have been sacked . . .

[Dausha]

I have a friend in law school who was a victim of this last patch. She was complaining that attempting to use the menubar of any IE-based interface caused her system to lock up. She could double click on an icon to open a document, but she could not save it without locking up. (I don't know if she could use CTRL-S.)

I noticed that my laptop's touchpad started acting the way the little markings said it should (i.e., the scroll part of the pad finally scrolls). This is quite annoying after having gotten used to it _not_ working.

This is the patch that never ends

[Hawthorne01]

yes it goes on and on my friend. Some people started using it, not knowing what it was, and they'll continue using it forever just because...This is the patch that never ends, yes it goes on and on my friend... :-)

Annoying Problem

I've already encountered two computers on my companies network that were having this annoying problem. There are probably other systems that will pop up with this problem next week. Here's a few different temporary fixes, but I'm not sure how effective they are for more than a few days (or atleast until Microsoft offers a patch):

1. Directly from MS.

2. Rename C:\WINDOWS\SYSTEM32\VERCLSID.EXE to something else (i.e. VERCLSID.OLD) and turn off automatic updates.. otherwise it will try to update Windows again and re-add the executable.

3. Reinstall the HP application. I didn't think that this would work since it appears to reinstall Share-to-Web software, but everything seemed fine afterwards.. so far for one day atleast.

The real annoying thing about this bug is that I think it effects everything using the explorer shell. Click on the arrow at the end of your address bar in IE? Locks the app. Click on arrow to expand your drives while trying to attach a file to email? Locks the app. I'm sure it does the same thing all over the OS when you are trying to do the same function, but those are the only two I really came across before I wanted to fix the problem ASAP.

Heh - "tiny" fraction could still be "lots"

[NotQuiteReal]

Many product vendors would love to have a tiny fraction of the 120 million installations - it would be more than their entire market!

I know this is not a popular opinion here, but MSFT really does have a tough job, if you are objective about it, from an engineering point of view.

Re:Heh - "tiny" fraction could still be "lots"

[mcrbids]

I know this is not a popular opinion here, but MSFT really does have a tough job, if you are objective about it, from an engineering point of view.

Hear here!

I agree 100%!

As a software engineer of a rapidly growing company, it's amazing to me how much higher the standard of testing and accountability has to be with each major product release. Our company has been growing exponentially, at least 2x annually. Just a year or two ago, a bug meant a few phone calls, but in the last year or so, it's gotten to where a single bug (even a minor one) can easily swamp our telephones!

The first release was like, a proof of concept more than not. It wasn't even feature complete at release - we relied on an update mechanism built in at the last minute to cover for the fact that not all the features were completed!

Not many phone calls from that issue, I might add. But, in the last year or two, a single bug affecting a relatively small percentage of our users still loads us down with dozens of issues ticketed in a single morning.

Ugh!

Since our deliverable is web-based, fixing a bug is still very fast, but we're working furiously to improve quality control testing prior to release. I can only imagine what a company with the market size of Microsoft has to deal with - when the vast majority of computing resources are in your hands, the task of dealing with bugs and updates must be simply gargantuan.

How do they do it with such a shoddy codebase?

Re:Heh - "tiny" fraction could still be "lots"

[cyber-vandal]

Considering that position was obtained and has been maintained illegally, I have zero sympathy.

Re:Heh - "tiny" fraction could still be "lots"

[malelder]

They make no profit from their own bugs. If the problem is caused by a bug in their software, the charges for that support request are reversed.

Re:Heh - "tiny" fraction could still be "lots"

[Jeremi]

What aspects in particular are shoddy?

I haven't seen the codebase, but from using the Win32 API a bit, I noticed the following:

1. "Fill in a struct and pass it to the function" interfaces, which are very error prone (forget to fill in a field? Oops, now you have a program that works 80% of the time and does something weird the other 20%, due to uninitialized memory reads)
2. Hungarian notation used everywhere, making things hard to read
3. Unnecessary obfuscation of types (e.g. DWORD instead of long or int32)
4. Focus on backwards compatibility to the point where there are often five or six APIs for every function (granted there are some valid business reasons for doing that, but it still makes for an extremely messy and hard-to-validate interface)
5. Functions that are broken, and instead of fixing them, Microsoft simply publishes a http://support.microsoft.com/default.aspx?scid=kb; en-us;274323, forcing every Win32 developer in the known universe to have to hack up their code with an ugly band-aid instead
6. A tendency to create Yet Another New API for everything, instead of re-using existing interfaces. For example: you have a program that communicates over a TCP stream, and you want to make it communicate the same data over a serial port instead: Under MacOS/X or Linux, this is trivial: just pass in the file descriptor to the serial device instead of to the TCP socket, and you're done. Under Win32, you'll have to completely redesign your program with a custom event loop, because there is no way to select() on a HANDLE.

Anyway, those are my observations... hopefully things are better in .net land or whatever the new thing is these days.

Oh Thank Heaven

[keith134]

...that Microsoft doesn't make cars.

Re:Make your own decisions

[swmccracken]

How about Corporate: Microsoft provide a server program that you can install that downloads the updates and stores them locally.

Your corporate administrator then configures that server and manually approves and rejects updates to be deployed though the Automatic Update clients connected to your server. (Optionally approving a patch for deployment to only certain groups of computers, say the IT Department could be beta testers.)

It's called Windows Software Update Services, and has been out for quite some time. In other words, all you're asking for in the first half already exists. :-)

The second part you're talking about is deployment of patches that aren't released through automatic updates - and yes, I agree, they're often problematic. It sounds like you manually installed a non-security hotfix, which was then clobbered by a later security patch (and the bugfix wasn't included in the security patch).

Microsoft seem to believe that non-security bugfixes don't belong in security patches unless a lot of people are affected, but it means that for people that need those security patches and bugfixes, it becomes quite a mess trying to maintain them (and may require manual management, as you've found the hard way. :-( ) I think they're tryng to be cautious, which I can understand (although they've in theory fixed this for XPSP2 and 2K3, as those patches are supposed to include "general distribution release" and "quick fix engineering" versions, automatically installing the QFE version if there already is a QFE hotfix installed, otherwise installing the GDR version.)

A classic example of all this is that there's a registry key you can set that causes IE patches to install bugfixed versions. (I'm not kidding.)

Re:Instantiated???

[arkhan_jg]

From: http://en.wikipedia.org/wiki/Instance_(programming )

In a language where each object is created from a class, an object is called an instance of that class. If each object has a type, two objects with the same class would have the same datatype. Creating an instance of a class is sometimes referred to as instantiating the class.

Funny one...

[Viraptor]

Ok. This patch is really funny - just RTFA:
"What the new [re-engineered] update essentially does is simply add the affected third-party software to an 'exception list' so that the problem does not occur."

So what they did? Made a patch, that breaks some functionality and then added some exceptions not to use it, where it breaks things.
I've got no idea how did they let it happen... patch is basically broken, they know it, some applications don't use that patch, because it breaks them and old bugs normally corrected by ver1 patch are still present there. What was the point of releasing patches again?
Worst support ever...

Re:Again? What?

[Rosco+P.+Coltrane]

No, the patch was simply conflicting with a few pieces of software. If you aren't affected, you won't get the patched patch. The original bug was fixed with the original patch. This patch's patch simply whitelists a couple of programs known to cause issues with the patch.

man: Well, what've you got?

Waitress: Well, there's egg and bacon; egg sausage and bacon; egg and patch; egg bacon and patch; egg bacon sausage and patch; patch bacon sausage and patch; patch egg patch patch bacon and patch; patch sausage patch patch bacon patch tomato and patch;

Vikings: Patch patch patch patch...

Waitress: ...patch patch patch egg and patch; patch patch patch patch patch patch baked beans patch patch patch...

Vikings: Patch! Lovely patch! Lovely patch!

Waitress: ...or Lobster Thermidor a Crevette with a mornay sauce served in a Provencale manner with shallots and aubergines garnished with truffle pate, brandy and with a fried egg on top and patch.

How did it come to this? The answer is here...

[rtssmkn]

Steve: Ok, guys, I love this company...repeat...I looove this company (throws chair around). Bill: And remember, if it compiles, it ships... Dev-Team: But we're already special casing here... Steve: (looking angry) Bill: If it compiles, it is good enough for shipping, let the active user basis sort it out... Dev-Team: Well, look this special case here, where it says that all of Microsoft is GOOD and everything else is BAD, it might cause systems to go awry... Bill: It's awry in the first place, so don't care on fixing this until it is required to be fixed, we definetly can introduce more special casing if required...does it compile already? Dev-Team: Well, er, yes, a few errors and a few warnings, but no black box testing was done yet... Bill: Testing? Steve: (whispering into Bill's ear) you know that sort of thing that would prevent us from shipping early... Bill: Ah, erm, yes, ok. It compiles. Comment out the lines that produce the errors and re-compile. Ignore the warnings...and ship that damn patch. We have this initiative running, you know, security it was called, I believe. Ah, I love this company. Steve: (remember Dim from the Clockwork Orange?) Ah, I love this company... Dev-Team: Bill, you are genius, after commenting out the faulty lines and setting the compiler flag to ignore all warnings, it compiles just fine. Thanks for your great insight...a pleasure to be working for you! Ah, we love this company (even more so like Dim). SCNR. Carsten

Re:URL For Patch

[MobileTatsu-NJG]

"Click here for the patch."

GRRR they didn't finish testing this patch, either! Office looks funny and none of my games work!

That's last as in "Most recent"

[symbolset]

All these articles are dupes. See it again the evening of June 30, as that's when the next semi-annual 0-day festival kicks off in time for the major holiday weekend. It's almost as if these hackers are tormenting you on your holidays for a purpose. Oh, wait...

The two keys to recovering from malware / a botched patch / user error are: 1. Have an image that's known to be clean without doubt. A fresh install with no network connection will usually suffice, Novell historical trivia notwithstanding. A system with absolutely anything installed and then uninstalled, no matter how carefully, just won't work. One that's touched a LAN, even behind a NAT router, isn't "known to be clean". 2. When you blow out your system image, don't corrupt your data files. Obviously if your data is on a drive that's been removed, it's safe. Not everyone is willing to go that far -- all data stored somewhere besides on your system (C:\) drive is a must.

You will need "Drive Image" software. Examples include PowerQuest DriveImage, Altiris RapidDeploy, Norton Ghost. This software list is not a recommendation -- do your own homework on what suits your needs. Maybe someone will reply with suggestions. This software takes a point-in-time snapshot of the data on your system drive, called an "image". You're going to need access to a drive to store your system images. A basic XP image is about 1.5GB compressed, with applications will vary. I've seen with Office and Photoshop with common options go to 6GB, multiple massive games go as high as 30GB. Plan ahead, especially if you want to take periodic backup images or application rollback images. Some people take drive images of their data file drives now and then for backups also.

You're going to need to move your data files someplace safe, like a server or a separate partition. A dedicated drive works well. You're going to need installation CD's for the OS and all your applications, and all of the patches you can get on convenient media. Pendrive or cd work well usually.

Before installing Windows, disconnect from the network. If you're imaging to a network drive, know what you're doing. If your system starts to boot to Windows while connected before your working image is taken, start over.

Install Windows. During install, do not connect to the network. Use the telephone activation option. Get all your updates from the technet executables on local media as previously mentioned. Get the firewall up and running. Don't connect to the network. Point your My Documents folder to the place your datafiles are. Do your base security configuration --firewall settings, replace all the pages in Explorer with about:blank, etc. Do NOT connect to the network.

Take a system image. This is what you recover to if you need a major application overhaul, the "Base" image. If you are storing the image on the network you must make great care while doing this that the system does not boot to the installed OS with the network connected. Your OS install is in a very vulnerable state. If you have to restore to this image, you won't have to re-validate Windows.

If you connected the network during the previous step for network imaging, disconnect it before rebooting.

If you have other applications that require activation and allow telephone activation, you might want to install them now and take an "activated but still network clean" image.

All the software that will install without the network, install and update it. Install Spybot Search & Destroy, with the Tea Timer option. Don't connect to the network. Install Ad-aware or whatever else you're using. Don't connect to the network. Take a system image. This is your "Working" image.

Now you can connect to the network. Immediately go to Windows update and get the latest patches, and their patches, and the patches for those patches. If any of the patched patches' patches have updates, get those too. During this step you'll probably reboot over and over. In Spybot Search & Destroy ge

Re:Affected

[AuMatar]

Yup, we printer firmware folks kept saying that the software team needed to add a drivers only option. No go :(

Re:Affected

[baadger]

Oooo ooo I want to slam HP too.

The HP 'drivers' for my all-in-one machine come in at 180 megabytes! The interface is sheer bloat, it installs a handful of totally unnecessary (Disabling them has little consequence) services and startup processes, and there is still no x64 driver!

The HP sponsored linux drivers (HPLIP) work well on Linux 64, and it is nice to see Linux up on Windows for once in terms of hardware support.

That felt good.

A bob each way

[Grim+Leaper]

Hear here!

Couldn't decide if it was "Here, here!" or "Hear, hear!", huh?

Re:Affected

[robogun]

The HP 'drivers' for my all-in-one machine come in at 180 megabytes! The interface is sheer bloat, it installs a handful of totally unnecessary (Disabling them has little consequence) services and startup processes, and there is still no x64 driver!

I beta'd for them, told them that in no uncertain terms, they changed nothing. I sold the printer they gave me.