Slashdot Mirror
Microsoft Releases Replacement Patch With Two Known Bugs
snydeq writes Microsoft has re-released its botched MS14-045/KB 2982791 'Blue Screen 0x50' patch, only to introduce more problems, InfoWorld's Woody Leonhard reports. "Even by Microsoft standards, this month's botched Black Tuesday Windows 7/8/8.1 MS14-045 patch hit a new low. The original patch (KB 2982791) is now officially 'expired' and a completely different patch (KB 2993651) offered in its stead; there are barely documented revelations of new problems with old patches; patches that have disappeared; a 'strong' recommendation to manually uninstall a patch that went out via Automatic Update for several days; and an infuriating official explanation that raises serious doubts about Microsoft's ability to support Windows 9's expected rapid update pace."
And people still come up to me and say they can't use free software cause they need enterprise-grade quality
What pisses me off as a consumer is that Microsoft patches never come with any kind of useful information.
"There are X patches available", and when you click a specific patch you get "This is a stability patch for Windows 8" or something generic like that.
How can a consumer make an informed decision to go ahead and install patches or not without hours of looking up KB numbers?
I'd like more info, so that unless a patch specifically fixes a security bug, I'd rather leave the rest of the patches uninstalled as long as my system runs ok.
But how is this NEWS? MS has fallen into the shitcan for sure, mama!
This problem may occur if Windows Update or Microsoft Update determines there is a file hash mismatch when you try to search for available updates from the Windows Update Web site or from the Microsoft Update Web site.
I spent a couple hours down the rabbit hole, thinking malware had broken updates on this box. Not unusual, and normally fixable by one of several means. When all attempts failed, and then another box presented the same error, I checked, every single windows 7 box would not check for updates.
I found that it was not something strange in our router or firewall, and it even occurred on other building tenants computers using a separate internet connection. Everyone in the building is on Comcast. Even more interesting, if I connected a computer to another ISP (tethering on my phone in this instance), the update check would succeed. You could then reconnect to comcast and download and install the updates.
Further all of these computers were running Windows Update Agent 7.6.7600.320, which is a recent (KB less and not able to be skipped) update to Windows update, that you cannot roll back easily. However, by going to a restore point prior to this update, checking for updates magically worked again, until this Agent updated itself and it was broken again.
So somehow, for whatever reason, the way Windows Update on Win 7 with this version of the agent checks for updates was being blocked by Comcast (Business class). Try explaining that to a comcast support rep. Fortunately today it seems to be working again.
Silence is a state of mime.
What pigs me off is that when you use Windows Update and look at a patch it gives you no info, so you click the patch and still no info', you click the link given but that pretty much just says it's a patch and you should install it, finally after following another link, scrolling down and expanding a section of page you get to find out whether or not the patch is actually relevant to your installation and not just a fix for something you will never use.
I don't use and don't need patches for One-Note, IE, Windows Media Centre, SQL Server. Privilege escalation bugs don't bother me, if you've been compromised that far then you're probably f**ked anyway.
The only bugs that look half-dangerous this month are MS14-046 and MS14-047 because they can lead to you being rooted when joined with browser etc bugs
For future use: https://technet.microsoft.com/...
Waterfox - a Firefox fork with legacy extension support, security updates and better privacy by default.
You are talking about the short summary in the windows update UI, but there is always a direct link to a Knowledge Base article with much more details.
Are Slashdot posters really unable to follow a direct hyperlink to the information you are after without spending hours on it?? WTF??
Perhaps you should give it 3 secs investigation before you shout off.
3 secs should be just enough to click the "more information" link.
Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*
was after the forced reboot (wonderful design, you leave for lunch and you lose everything), Firefox lost all my tab history.
What's the connection between the two things? In an era of multigigabyte RAM and terabyte storage, we can't store a few kilobytes of text to remember what URLs were open in a dozen tabs?
Dear Microsoft,
I, and possibly many others, would like to offer our services. We charge $200+/hour, and don't move very fast because we like to think about our solutions. We dislike cargo programming a lot. I understand that the prospect of hiring us shakes some CEO's yacht more than the waves of the South Indian ocean displace the ships mapping the seabed in search for MH370, but we're not going to drop our costs and standards, even though you will. Even more so, considering the predicament you find yourselves in (no, we do not love you one bit, Microsoft).
Cheers,
The Real Developers
"Click on the update and you should see a 'More Information' link on the right. Click it and your browser should open to a MS knowledge base page that explains what the patch does".
.. does not properly control access to thread-owned objects, which allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability ."'
"To view this vulnerability as a standard entry in the Common Vulnerabilities and Exposures list, see CVE-2014-0318." ref
'win32k.sys
There are so many ACs who post in response to MS-centric articles. It's almost as if you can feel the shame and terror as you read your way through.
There are two types of people in the world; those who believe there are two types of people, and those who don't.
about Microsoft's ability to support Windows 9's expected rapid update pace."
I don't think this stuff is expected to go any faster. To be fair to microsoft, the frequency of updates is already pretty respectable (latency and quality on the other hand...). The rumors are that MS will start mixing in functional changes more. Of course this seems like a mistake, their competitors really aren't mixing it up much on the fundamental level anymore (Google churned pretty hard because they needed too, but Jelly Bean seems to have marked where they broke out the functcion).
Microsoft is only bested on the 'faster' (latency and frequency) front by Linux Desktop distros, and see how much that has made people in the wider market care. It's a shame because Android updates are pretty infrequent *and* get deployed extremely slowly. This means a great deal of mobile Chrome browsers continue to have SSL vulnerabilities, mitigated somewhat by most reputable servers having addressed it on their end. If MS was botching a security update that badly the community would be all over them. Though again, the wider market doesn't really care except to be pissed at having to deal with frequent update related interruptions (where again I think linux desktop distros seem to have the right balance of availability but not being so heavy handed).
XML is like violence. If it doesn't solve the problem, use more.
Learn a DE or Window manager you're comfortable with, learn the package manager for the distro of your choice, and learn the administration tools necessary to maintain your needed level of customization (for most people it's display settings, i8n, and network settings). Given those 5 needs fullfilled the distro itself usually doesn't matter, unless you happen to choose one that makes installing/updating your chosen packages difficult (Which honestly Microsoft is no better about since the XP->Vista transition, and the Win9x to NT transition prior.
..don't use Windows.
Is this mess possibly the long-term result of Microsoft's previous embrace of stack ranking? Too much cultural focus on back-stabbing and ladder-climbing instead of writing solid code and testing it properly?
3 secs should be just enough to click the "more information" link.
You apparently have never bothered to click the "more information" link. It is a pretty good approximation of useless unless you click several layers deep and shouldn't be necessary in the first place. A short description of what the patch actually is intended to do would not kill Microsoft. I shouldn't have to go hunting for that information if I want it. Yes I know how to find out what the patch is for but Microsoft has made it needlessly hard.
Put bluntly, I shouldn't have to click ANY links to see a summary of what a patch is supposed to do.
.
It now appears that Windows has taken on a life of its own, and is now roaming the countryside, harassing the villagers.
Where is Dr. Frankenstein when you really need him?
How often will Windows 9 receive updates? I heard on the TWIT podcast that it would be once a month.
***NEWS FLASH***
Windows is ALREADY updated once a month, so I don't see how that is any more frequent.
Hopefully this will change Nadella's mind. QA is part of the process, and has to be independent of engineering...
Was working on the computer late on the 27th and I saw there were new Windows updates available (8.1 Pro, x64). I'd heard about the update issues two weeks ago but figured that had all been taken care of and the updates were pulled so this was fine.
Big mistake.
Machine BSOD'ing after launch and none of Microsoft's fixes worked.
1) If I tried to boot into safe mode, which is still supposed to work -- BSOD
2) There is a font cache file that supposedly is causing the crash. You're supposed to boot into safe mode to remove it. Okay, I boot into a Mint from a thumb drive and delete the file from out of my C:\Windows\System32 folder, unmounted the drive manually to make sure changes were written back, and rebooted -- Still BSOD.
3) Tried using system restore points. Windows set one just before these updates. Windows was not able to restore to that point. Tried the previous one from an update to OpenOffice three days before this. That one was also no good. Tried the last one, one from the 20th -- when the previous set of Windows updates had been applied. Success. Now, straight from the horse's mouth, my Windows should now be rolled back to a time before the Windows Updates before the problematic updates were installed.
Rebooted... BSOD at the exact same place in the process. No change at all.
I can't uninstall the updates if I can't boot into the actual WIndows install it seems. There's no way to remove the updates from the recovery console (found a blog entry on how to do this in XP, but the updates aren't kept in the same folder structure and my ability to run things on the effected install seems much more limited in these later versions).
As I'm typing this I'm running on the Mint flash drive and have Grsync doing a verified copy of my user folder from my C drive to one of my other internal disks, so I can do a reformat and reinstall of all my programs. Just what I wanted to do on my weekend!