Slashdot Mirror
Microsoft Releases Replacement Patch With Two Known Bugs
snydeq writes Microsoft has re-released its botched MS14-045/KB 2982791 'Blue Screen 0x50' patch, only to introduce more problems, InfoWorld's Woody Leonhard reports. "Even by Microsoft standards, this month's botched Black Tuesday Windows 7/8/8.1 MS14-045 patch hit a new low. The original patch (KB 2982791) is now officially 'expired' and a completely different patch (KB 2993651) offered in its stead; there are barely documented revelations of new problems with old patches; patches that have disappeared; a 'strong' recommendation to manually uninstall a patch that went out via Automatic Update for several days; and an infuriating official explanation that raises serious doubts about Microsoft's ability to support Windows 9's expected rapid update pace."
And people still come up to me and say they can't use free software cause they need enterprise-grade quality
What pisses me off as a consumer is that Microsoft patches never come with any kind of useful information.
"There are X patches available", and when you click a specific patch you get "This is a stability patch for Windows 8" or something generic like that.
How can a consumer make an informed decision to go ahead and install patches or not without hours of looking up KB numbers?
I'd like more info, so that unless a patch specifically fixes a security bug, I'd rather leave the rest of the patches uninstalled as long as my system runs ok.
But how is this NEWS? MS has fallen into the shitcan for sure, mama!
"People are aware that Windows has bad security but they are underestimating the problem because they are thinking about third parties. What about security against Microsoft? Every non-free program is a 'just trust me program'. 'Trust me, we're a big corporation. Big corporations would never mistreat anybody, would we?' Of course they would! They do all the time, that's what they are known for. So basically you mustn't trust a non free programme."
"There are three kinds: those that spy on the user, those that restrict the user, and back doors. Windows has all three. Microsoft can install software changes without asking permission. Flash Player has malicious features, as do most mobile phones."
"Digital handcuffs are the most common malicious features. They restrict what you can do with the data in your own computer. Apple certainly has the digital handcuffs that are the tightest in history. The i-things, well, people found two spy features and Apple says it removed them and there might be more""
From:
Richard Stallman: 'Apple has tightest digital handcuffs in history'
www.newint.org/features/web-exclusive/2012/12/05/richard-stallman-interview/
This problem may occur if Windows Update or Microsoft Update determines there is a file hash mismatch when you try to search for available updates from the Windows Update Web site or from the Microsoft Update Web site.
I spent a couple hours down the rabbit hole, thinking malware had broken updates on this box. Not unusual, and normally fixable by one of several means. When all attempts failed, and then another box presented the same error, I checked, every single windows 7 box would not check for updates.
I found that it was not something strange in our router or firewall, and it even occurred on other building tenants computers using a separate internet connection. Everyone in the building is on Comcast. Even more interesting, if I connected a computer to another ISP (tethering on my phone in this instance), the update check would succeed. You could then reconnect to comcast and download and install the updates.
Further all of these computers were running Windows Update Agent 7.6.7600.320, which is a recent (KB less and not able to be skipped) update to Windows update, that you cannot roll back easily. However, by going to a restore point prior to this update, checking for updates magically worked again, until this Agent updated itself and it was broken again.
So somehow, for whatever reason, the way Windows Update on Win 7 with this version of the agent checks for updates was being blocked by Comcast (Business class). Try explaining that to a comcast support rep. Fortunately today it seems to be working again.
Silence is a state of mime.
What pigs me off is that when you use Windows Update and look at a patch it gives you no info, so you click the patch and still no info', you click the link given but that pretty much just says it's a patch and you should install it, finally after following another link, scrolling down and expanding a section of page you get to find out whether or not the patch is actually relevant to your installation and not just a fix for something you will never use.
I don't use and don't need patches for One-Note, IE, Windows Media Centre, SQL Server. Privilege escalation bugs don't bother me, if you've been compromised that far then you're probably f**ked anyway.
The only bugs that look half-dangerous this month are MS14-046 and MS14-047 because they can lead to you being rooted when joined with browser etc bugs
For future use: https://technet.microsoft.com/...
Waterfox - a Firefox fork with legacy extension support, security updates and better privacy by default.
You are talking about the short summary in the windows update UI, but there is always a direct link to a Knowledge Base article with much more details.
Are Slashdot posters really unable to follow a direct hyperlink to the information you are after without spending hours on it?? WTF??
Perhaps you should give it 3 secs investigation before you shout off.
3 secs should be just enough to click the "more information" link.
Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*
was after the forced reboot (wonderful design, you leave for lunch and you lose everything), Firefox lost all my tab history.
What's the connection between the two things? In an era of multigigabyte RAM and terabyte storage, we can't store a few kilobytes of text to remember what URLs were open in a dozen tabs?
Dear Microsoft,
I, and possibly many others, would like to offer our services. We charge $200+/hour, and don't move very fast because we like to think about our solutions. We dislike cargo programming a lot. I understand that the prospect of hiring us shakes some CEO's yacht more than the waves of the South Indian ocean displace the ships mapping the seabed in search for MH370, but we're not going to drop our costs and standards, even though you will. Even more so, considering the predicament you find yourselves in (no, we do not love you one bit, Microsoft).
Cheers,
The Real Developers
Actually not two days ago someone was complaining about the quality of Ubuntu - new surprise with every upgrade, let alone dist-upgrade. As opposed to the experience with RHEL where everything works forever and ever.
"Click on the update and you should see a 'More Information' link on the right. Click it and your browser should open to a MS knowledge base page that explains what the patch does".
.. does not properly control access to thread-owned objects, which allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability ."'
"To view this vulnerability as a standard entry in the Common Vulnerabilities and Exposures list, see CVE-2014-0318." ref
'win32k.sys
Yesterday in my repair shop I started getting a 0x80246002 error when checking for updates. Only on Win 7, (8 and vista were unaffected). This first occurred on a customer box that had a malware infection. The KB for this error simply states:
This problem may occur if Windows Update or Microsoft Update determines there is a file hash mismatch when you try to search for available updates from the Windows Update Web site or from the Microsoft Update Web site.
I spent a couple hours down the rabbit hole, thinking malware had broken updates on this box. Not unusual, and normally fixable by one of several means. When all attempts failed, and then another box presented the same error, I checked, every single windows 7 box would not check for updates.
I found that it was not something strange in our router or firewall, and it even occurred on other building tenants computers using a separate internet connection. Everyone in the building is on Comcast. Even more interesting, if I connected a computer to another ISP (tethering on my phone in this instance), the update check would succeed. You could then reconnect to comcast and download and install the updates.
Further all of these computers were running Windows Update Agent 7.6.7600.320, which is a recent (KB less and not able to be skipped) update to Windows update, that you cannot roll back easily. However, by going to a restore point prior to this update, checking for updates magically worked again, until this Agent updated itself and it was broken again.
So somehow, for whatever reason, the way Windows Update on Win 7 with this version of the agent checks for updates was being blocked by Comcast (Business class). Try explaining that to a comcast support rep. Fortunately today it seems to be working again.
I live in a time warner sector. Our primary hardware distributor uses TWC for internet, and the same thing was happening yesterday, but they have a ATT DSL backup line that when switched over to was able to update the machine.
I have a feeling we are seeing the same issues, additionally I think that TWC and comcast are already crossing their streams.
Great. FCC needs to stop this nonsense cold (even though I know they won't).
There are so many ACs who post in response to MS-centric articles. It's almost as if you can feel the shame and terror as you read your way through.
There are two types of people in the world; those who believe there are two types of people, and those who don't.
about Microsoft's ability to support Windows 9's expected rapid update pace."
I don't think this stuff is expected to go any faster. To be fair to microsoft, the frequency of updates is already pretty respectable (latency and quality on the other hand...). The rumors are that MS will start mixing in functional changes more. Of course this seems like a mistake, their competitors really aren't mixing it up much on the fundamental level anymore (Google churned pretty hard because they needed too, but Jelly Bean seems to have marked where they broke out the functcion).
Microsoft is only bested on the 'faster' (latency and frequency) front by Linux Desktop distros, and see how much that has made people in the wider market care. It's a shame because Android updates are pretty infrequent *and* get deployed extremely slowly. This means a great deal of mobile Chrome browsers continue to have SSL vulnerabilities, mitigated somewhat by most reputable servers having addressed it on their end. If MS was botching a security update that badly the community would be all over them. Though again, the wider market doesn't really care except to be pissed at having to deal with frequent update related interruptions (where again I think linux desktop distros seem to have the right balance of availability but not being so heavy handed).
XML is like violence. If it doesn't solve the problem, use more.
Even in their OWN apps e.g. IE11, MS Security Essentials, & others in the OS (trayicon & popup menus not working & of all kinds) - which causes me difficulty using them (there isn't always a main menubar alternate either, especially nowadays with the stupid ribbon one vs. classic menus). Heck - I had to go to commandline for Explorer.exe itself (just IE front now too) to change filenames &/or attributes, for Pete's sake!
* Microsoft: When you "F" up? You *really* "F-UP", now don't you?
(WTF were your devs thinking changing "Z-order" on windows?)
APK
P.S.=> Unbelievable - FIX THIS!!! apk
Per my last post I replied to, see subject-line: "WTF!!!", & here is the EXACT problem I am experiencing (known issue? STUPID creation of a huge problem is what this is knocking out rightclick menus & trayicon popup menus too) -> https://support.microsoft.com/...
PERTINENT QUOTE/EXCERPT:
"Known issue 2
After you install this update, the z-order of the windows is changed. (The z-order calls the SetWindowPos function together with the HWND_TOP parameter.) Therefore, the windows of certain applications may become invisible or may be incorrectly displayed behind other windows.
Status
We are currently working on a resolution for this issue.
Notes
This issue also occurs after you install the following updates:
2965768 Stop error 0x3B when an application changes the z-order of a window in Windows 7 SP1 and Windows Server 2008 R2 SP1
2970228 Update to support the new currency symbol for the Russian ruble in Windows
2973201 MS14-039: Description of the security update for Windows on-screen keyboard: July 8, 2014
2975719 August 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2"
---
* Lastly, per my subject-line: I *tried* to UNINSTALL it, to go back to the previous GDI32.DLL & Win32k.sys files, & it's a "no go" on that too... wtf!
APK
P.S.=> "We are currently working on a resolution for this issue." ? HURRY THE HELL UP & FIX THIS since this IS an UNACCEPTABLE "fix" that breaks more than it fixes... imo @ least! That, is all I can say... apk
Learn a DE or Window manager you're comfortable with, learn the package manager for the distro of your choice, and learn the administration tools necessary to maintain your needed level of customization (for most people it's display settings, i8n, and network settings). Given those 5 needs fullfilled the distro itself usually doesn't matter, unless you happen to choose one that makes installing/updating your chosen packages difficult (Which honestly Microsoft is no better about since the XP->Vista transition, and the Win9x to NT transition prior.
..don't use Windows.
Is this mess possibly the long-term result of Microsoft's previous embrace of stack ranking? Too much cultural focus on back-stabbing and ladder-climbing instead of writing solid code and testing it properly?
3 secs should be just enough to click the "more information" link.
You apparently have never bothered to click the "more information" link. It is a pretty good approximation of useless unless you click several layers deep and shouldn't be necessary in the first place. A short description of what the patch actually is intended to do would not kill Microsoft. I shouldn't have to go hunting for that information if I want it. Yes I know how to find out what the patch is for but Microsoft has made it needlessly hard.
Put bluntly, I shouldn't have to click ANY links to see a summary of what a patch is supposed to do.
.
It now appears that Windows has taken on a life of its own, and is now roaming the countryside, harassing the villagers.
Where is Dr. Frankenstein when you really need him?
How often will Windows 9 receive updates? I heard on the TWIT podcast that it would be once a month.
***NEWS FLASH***
Windows is ALREADY updated once a month, so I don't see how that is any more frequent.
That's what I love about MS: its reliability. You know that when there is something stupid to be done, they'll do it.
Hopefully this will change Nadella's mind. QA is part of the process, and has to be independent of engineering...
dunno why geo-location is tied to what DNServer is used instead of the source ip. ... go figure : //
srsly it would make more sense to assign a local CDN by looking at the source/requesting/client computers IP instead of by looking at the DNSserver being used by the client computer.
i have found that some "heavy" sites like steam, microsoft (updates), youtube have country or region specific caches, and that they assign the "correct" cache not by my Ip address but by the dns server i have configured.
so assume i'm in india using a netherland dns server i get a CDN in netherland even thou i'm not hidding my IP address at all
Hardcoding fav. sites in hosts (see "B" & "D3" below) - My FREE program for hosts adds speed, security, reliability, & more doing more, more efficiently vs. addons + fixes DNS' issues:
APK Hosts File Engine 9.0++ 32/64-bit:
http://start64.com/index.php?o...
---
A.) Hosts do more than:
1.) AdBlock ("souled-out" 2 Google/Crippled by default http://techcrunch.com/2013/07/... )
2.) Ghostery (Advertiser owned) - "Fox guards henhouse" http://en.wikipedia.org/wiki/G...
3.) Request Policy -> http://yro.slashdot.org/commen...
B.) Hosts add reliability vs. downed/redirected dns (& overcome site redirects e.g. /. beta).
C.) Hosts secure vs. malicious domains too -> http://tech.slashdot.org/comme... w/ less "moving parts" complexity
D.) Hosts files yield more:
1.) Speed (adblock & hardcodes fav sites - faster than remote dns)
2.) Security (vs. malicious domains serving malcontent + block spam/phish & trackers)
3.) Reliability (vs. downed or Kaminsky redirect vulnerable dns, 99% = unpatched vs. it & worst @ isp level + weak vs Fastflux + dynamic dns botnets)
4.) Anonymity (vs. dns request logs + dnsbl's).
---
* Hosts do more w/ less (1 file) @ faster levels (ring 0) vs redundant inefficient addons (slowing slower ring 3 browsers) via filtering 4 the IP stack (coded in C, loads w/ os, & 1st net resolver queried w\ 45++ yrs.of optimization).
* Addons = more complex + slow browsers in messagepassing (use a few concurrently & see) & are nullified by native browser methods - It's how Clarityray's destroying Adblock.
* Addons slowup slower usermode browsers layering on more - & bloat RAM consumption + excessive cpu use too(4++gb extra in FireFox https://blog.mozilla.org/nneth...)
Instead, work w/ a native kernelmode part - hosts (An integrated part of the ip stack)
APK
P.S.=> Hardcodes wouldn't help others' complaints regarding "Windows Update" though (MS bypasses HOSTS it - DIRECT hardcoded 4 update servers) but would have on yours for DNS
...apk
Was working on the computer late on the 27th and I saw there were new Windows updates available (8.1 Pro, x64). I'd heard about the update issues two weeks ago but figured that had all been taken care of and the updates were pulled so this was fine.
Big mistake.
Machine BSOD'ing after launch and none of Microsoft's fixes worked.
1) If I tried to boot into safe mode, which is still supposed to work -- BSOD
2) There is a font cache file that supposedly is causing the crash. You're supposed to boot into safe mode to remove it. Okay, I boot into a Mint from a thumb drive and delete the file from out of my C:\Windows\System32 folder, unmounted the drive manually to make sure changes were written back, and rebooted -- Still BSOD.
3) Tried using system restore points. Windows set one just before these updates. Windows was not able to restore to that point. Tried the previous one from an update to OpenOffice three days before this. That one was also no good. Tried the last one, one from the 20th -- when the previous set of Windows updates had been applied. Success. Now, straight from the horse's mouth, my Windows should now be rolled back to a time before the Windows Updates before the problematic updates were installed.
Rebooted... BSOD at the exact same place in the process. No change at all.
I can't uninstall the updates if I can't boot into the actual WIndows install it seems. There's no way to remove the updates from the recovery console (found a blog entry on how to do this in XP, but the updates aren't kept in the same folder structure and my ability to run things on the effected install seems much more limited in these later versions).
As I'm typing this I'm running on the Mint flash drive and have Grsync doing a verified copy of my user folder from my C drive to one of my other internal disks, so I can do a reformat and reinstall of all my programs. Just what I wanted to do on my weekend!
Do not update immediately after the patches are released. Wait weeks and months and let the guinea pigs update first.
Microsoft doesn't give a rat's ass. I bet many of the software testers have been laid off and/or outsourced to third world IT sweatshops.
Doesn't change a thing: We know sockpuppeteers kissass to the *NIX hivemind to farm karma/get upmod points to abuse (upmodding their regular/normal account, AND, downmodding opponents they can't get the best of... period).
APK
P.S.=> That *IS* slashdot, to a tee - no doubt about it... apk
This update (KB2993651) and the original one (KB2982791) also impact XP/POS2009. Installing the original causes eventual system instability and spontaneous reboots (no BSODs) every few days - the "re-released" version does the same at a much faster rate (every few hours).
I suspect a kernel heap/memory leak caused by GDI usage (exhaustion?) based upon anecdotal experience/testing. (Win32K.sys and GDI32.DLL are updated in XP/POS2009)
I highly recommend all XP/POS2009 users avoid installing (or uninstalling) both KB2982791 and KB2993651 and hiding these updates at Windows Update.
Also, the initial failure of Windows Update (as reported by some users) after uninstalling either of these updates is also seen (of course in XP/POS2009 it uses IE directed to a Windows Update URL), but again seems to correct itself once the user manually directs IE to update.microsoft.com.
For the record, this is not the first time a kernel/GDI update has caused these instability issues and based upon the historical pattern of released patches, wont be the last.
Hardcoding fav. sites in hosts (see "B" & "D3" below) - My FREE program for hosts adds speed, security, reliability, & more doing more, more efficiently vs. addons + fixes DNS' issues:
APK Hosts File Engine 9.0++ 32/64-bit:
http://start64.com/index.php?o...
---
A.) Hosts do more than:
1.) AdBlock ("souled-out" 2 Google/Crippled by default http://techcrunch.com/2013/07/... )
2.) Ghostery (Advertiser owned) - "Fox guards henhouse" http://en.wikipedia.org/wiki/G...
3.) Request Policy -> http://yro.slashdot.org/commen...
B.) Hosts add reliability vs. downed/redirected dns (& overcome site redirects e.g. /. beta).
C.) Hosts secure vs. malicious domains too -> http://tech.slashdot.org/comme... w/ less "moving parts" complexity
D.) Hosts files yield more:
1.) Speed (adblock & hardcodes fav sites - faster than remote dns)
2.) Security (vs. malicious domains serving malcontent + block spam/phish & trackers)
3.) Reliability (vs. downed or Kaminsky redirect vulnerable dns, 99% = unpatched vs. it & worst @ isp level + weak vs DGA, & Fastflux + dynDNS botnets)
4.) Anonymity (vs. dns request logs + dnsbl's).
---
* Hosts do more w/ less (1 file) @ faster levels (ring 0) vs redundant inefficient addons (slowing slower ring 3 browsers) via filtering 4 the IP stack (coded in C, loads w/ os, & 1st net resolver queried w\ 45++ yrs.of optimization).
* Addons = more complex + slow browsers in messagepassing (use a few concurrently & see) & are nullified by native browser methods - It's how Clarityray's destroying Adblock.
* Addons slowup slower usermode browsers layering on more - & bloat RAM consumption + excessive cpu use too(4++gb extra in FireFox https://blog.mozilla.org/nneth...)
Instead, work w/ a native kernelmode part - hosts (An integrated part of the ip stack)
APK
P.S.=> Hardcodes wouldn't help others' complaints regarding "Windows Update" (MS bypasses HOSTS it - DIRECT hardcoded 4 update servers) but would on DNS, if dns is @ fault.
... apk
I have all my rightclick menus back: I did this fix by manually opening older previous hotfixes myself for a previous build of GDI32.DLL & WIN32K.SYS + registering the lib/dll with the system (even if not needed as in non-OLE related classic "oldschool" DLL, ActiveX, etc.-et al files, or drivers really (.sys)).
* Anyhow/anyways:
All right-click menus/popup menus & trayicon apps working again - like I knew they would be, lol!
(Good Enough for me...)
APK
P.S.=> "I Rule the WasteLand: Whatever exists here, is MINE!" - The Lord Humungous from "The Road Warrior"
(Especially on Windows - I can create, + tune as I like to be BETTER, by far, vs. "stock oem" setups - hotrodding it in software & setup, by easily 25% + 200% online)... apk