Microsoft Releases Replacement Patch With Two Known Bugs

← Back to Stories (view on slashdot.org)

Microsoft Releases Replacement Patch With Two Known Bugs

Posted by samzenpus on Friday August 29, 2014 @12:04AM from the second-time-is-usually-a-charm dept.

snydeq writes Microsoft has re-released its botched MS14-045/KB 2982791 'Blue Screen 0x50' patch, only to introduce more problems, InfoWorld's Woody Leonhard reports. "Even by Microsoft standards, this month's botched Black Tuesday Windows 7/8/8.1 MS14-045 patch hit a new low. The original patch (KB 2982791) is now officially 'expired' and a completely different patch (KB 2993651) offered in its stead; there are barely documented revelations of new problems with old patches; patches that have disappeared; a 'strong' recommendation to manually uninstall a patch that went out via Automatic Update for several days; and an infuriating official explanation that raises serious doubts about Microsoft's ability to support Windows 9's expected rapid update pace."

28 of 140 comments (clear)

Oh microsoft by Anonymous Coward · 2014-08-29 00:10 · Score: 5, Insightful

And people still come up to me and say they can't use free software cause they need enterprise-grade quality
1. Re:Oh microsoft by thieh · 2014-08-29 01:07 · Score: 2
  
  What enterprise-grade quality?
2. Re:Oh microsoft by Anonymous Coward · 2014-08-29 03:48 · Score: 2, Informative
  
  The free software desktop's problems are a lack of polish. Microsoft's problems are outright neglect.
3. Re:Oh microsoft by Anonymous Coward · 2014-08-29 05:44 · Score: 4, Insightful
  
  What enterprise-grade quality?
  Software from a billion dollar plus company, which required a PO large enough to justify firing the person who approved it, not just the one who implemented it.
  If MS F's up, you can blame them as they yell at you to fix it. If your cobbled together, zero budget, but works 99% of the time solution fails, then it is 100% on you.
  It is completely unfair, but that's the way it is. If the Oracle DB blows up in a patch, you can point to not having a 2nd instance to use as a test system. The finance guys can point to the lack of an extra $100k to spend on a test system and the CEO can blame Oracle/budget to the board.
  If the same issue occurs on mysql, everyone points at you and you alone, since you could have just set up a second system for cheap - never mind that that would double the admin/patch/test time with no corresponding increase in headcount.
  Pendants: This is done in serial, not parallel, otherwise you are not staging it properly to test it.
4. Re:Oh microsoft by phantomfive · 2014-08-29 06:21 · Score: 4, Informative
  
  I've written enterprise software, used by large banks and other corporations. Our software was so bad, I couldn't understand how it would help anyone, I'm sure the people who used it were slowed down by the process.
  
  Finally I realized they did get one thing from it: accountability. If you've never been there, it's hard to understand how corporations are shaped by SOX compliance, and general accounting problems. If a $2000 purchase disappears at a startup, it's a minor problem. But at a large company, accountants will be looking for weeks to find what happened to it.
  
  Those are the kinds of issues large companies deal with, and removing the accountability of the decision making process (of figuring out what software to use) and giving it to Microsoft is a real service for them. This is the same reason people use RedHat, even though RedHat gives their software away for free. It is one of those things that makes no sense to you until you've worked in that kind of environment.
  
  --
  "First they came for the slanderers and i said nothing."
5. Re:Oh microsoft by hairyfeet · 2014-08-29 09:23 · Score: 2
  
  That is because that bullshit excuse is soooo damned old it has its own meme .
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
6. Re:Oh microsoft by phantomfive · 2014-08-29 10:29 · Score: 2
  
  There is no accountability.
  
  That's not important. Really.
  
  --
  "First they came for the slanderers and i said nothing."
Never useful info given with patches by RenHoek · 2014-08-29 00:10 · Score: 5, Insightful

What pisses me off as a consumer is that Microsoft patches never come with any kind of useful information.
"There are X patches available", and when you click a specific patch you get "This is a stability patch for Windows 8" or something generic like that.
How can a consumer make an informed decision to go ahead and install patches or not without hours of looking up KB numbers?
I'd like more info, so that unless a patch specifically fixes a security bug, I'd rather leave the rest of the patches uninstalled as long as my system runs ok.
1. Re:Never useful info given with patches by MrL0G1C · 2014-08-29 00:38 · Score: 4, Informative
  
  You beat me to it, this page is what we need:
  https://technet.microsoft.com/...
  But of course that info should be right there on the windows update window.
  
  --
  Waterfox - a Firefox fork with legacy extension support, security updates and better privacy by default.
2. Re:Never useful info given with patches by MobyDisk · 2014-08-29 01:11 · Score: 4, Insightful
  
  How can a consumer make an informed decision to go ahead and install patches or not without hours of looking up KB numbers?
  Consumers don't make such decisions. If you want that level of control over your OS, don't use Windows. This isn't a knock against Windows or anything: it's just part of the closed-source model. You trust them. If they do a good job, then it saved you effort. If they do not, you get burned. That is the trade-off.
3. Re:Never useful info given with patches by PopeRatzo · 2014-08-29 02:09 · Score: 3, Insightful
  
  Most won't even care about that, they just install without reviewing.
  I doubt it's much different in other platforms. Mac OS or Android or Linux. When there is an update, most people don't have the time to carefully go over what it's doing. Nor should they.
  When the plumber comes to my house, as he did yesterday, all I care about is that the hot water is coming and the toilets flush. I don't crawl under the sink to see if he properly greased the pipes or whatever the hell it is plumbers do.
  I have met people who work for Microsoft and Apple and they are neat and earnest and are by all appearances proper and trustworthy citizens. I've also met people who contribute to open source OSs. They look like the guy who stands on the on-ramp with a sign asking for change. A little bit dangerous with greasy hair and a a psychotic glimmer in the eyes.
  I'm kidding of course, and just tweaking people who use Linux (like myself), but as Eclipse (played by Frank McRae) said to Sylvester Stallone upon his imprisonment in the classic American film Lock Up, "You gotta trust somebody. Let me hip you to the joint."
  
  --
  You are welcome on my lawn.
4. Re:Never useful info given with patches by TubeSteak · 2014-08-29 04:16 · Score: 4, Insightful
  
  But of course that info should be right there on the windows update window.
  It was there in WinXp.
  Microsoft seems to think that dumbing down all their user interfaces = the future of computing.
  
  --
  [Fuck Beta]
  o0t!
5. Re:Never useful info given with patches by Darinbob · 2014-08-29 13:22 · Score: 2
  
  When you click for more details it tells you to visit a web page. Then on that web page, full of long boilerplating, there is some description. Useful description, but it takes you enough time that to follow that patch for every update is a tedious chore. It would indeed help if the patch description said something more useful than "stability pach" or the name was something other than "KB11878723".
  I think the rationale is that either the interns it would take to do this minimal work are costing too much, or they want customers to blindly install everything shoved at them.
6. Re: Never useful info given with patches by macs4all · 2014-08-30 00:32 · Score: 2
  
  Apple pops up a notification (more annoying than Microsoft actually) that says "install these patches now or later?", and you have to click and open up before you can even see what you're clicking "now" or "later" for. Then it turns out it's just something stupid like itunes. So I ignore it. Then a few days later it repeats. Then a few days after that. And so on. It's basically the apple store window, even though I have zero software anywhere on or in the vicinity of the mac that even saw that store. So yes, I am indeed crawling under that sink to see what shit the plumber left there. At least be glad microsoft isn't merging their updates and patches with their store.
  While I must admit I liked the old Software Update system a bit better, overall I still find Microsoft's free-for-all pop ups during boot up to be far more annoying than the Growl-like notifications in OS X. For one thing, OS X NEVER says "I'm rebooting your system in x seconds" like Windows does, leaving you to scramble around to ask PERMISSION from your own computer to DELAY the Reboot.
  
  BTW, Apple isn't "mixing their software updates with the App Store"; they are just using the same secure distribution method. It's not like they dump you at the front door of the App Store, hoping you'll get distracted by teh Shiny and buy something. And frankly, for the few apps I have that I have purchase through the Mac App Store, I kinda like the fact that their updates are announced/distributed in the same way, rather than having the Windows method of having the blizzard of pop ups each time I boot. With the OS X system, it's only ONE pop up, which can simply be dragged off the edge of the screen to dismiss.
  
  By the way, you can customize plenty of things about how Updates and their notifications happen (or don't)
Other strange update issues.. by wbr1 · 2014-08-29 00:31 · Score: 5, Informative

Yesterday in my repair shop I started getting a 0x80246002 error when checking for updates. Only on Win 7, (8 and vista were unaffected). This first occurred on a customer box that had a malware infection. The KB for this error simply states:

This problem may occur if Windows Update or Microsoft Update determines there is a file hash mismatch when you try to search for available updates from the Windows Update Web site or from the Microsoft Update Web site.
I spent a couple hours down the rabbit hole, thinking malware had broken updates on this box. Not unusual, and normally fixable by one of several means. When all attempts failed, and then another box presented the same error, I checked, every single windows 7 box would not check for updates.
I found that it was not something strange in our router or firewall, and it even occurred on other building tenants computers using a separate internet connection. Everyone in the building is on Comcast. Even more interesting, if I connected a computer to another ISP (tethering on my phone in this instance), the update check would succeed. You could then reconnect to comcast and download and install the updates.
Further all of these computers were running Windows Update Agent 7.6.7600.320, which is a recent (KB less and not able to be skipped) update to Windows update, that you cannot roll back easily. However, by going to a restore point prior to this update, checking for updates magically worked again, until this Agent updated itself and it was broken again.
So somehow, for whatever reason, the way Windows Update on Win 7 with this version of the agent checks for updates was being blocked by Comcast (Business class). Try explaining that to a comcast support rep. Fortunately today it seems to be working again.

--
Silence is a state of mime.
1. Re:Other strange update issues.. by Anonymous Coward · 2014-08-29 01:00 · Score: 5, Informative
  
  Had the same problem yesterday on a newly patched Windows 7 laptop and then today on a Windows Server 2008 R2 server.
  Problems with Windows Update Agent 7.6.7600.320 and DNS seems to be where this is headed.
  But I'm holding off on KB 2993651 and Windows Update Agent 7.6.7600.320 until this one gets resolved too.
No Patch Info by MrL0G1C · 2014-08-29 00:35 · Score: 4, Informative

What pigs me off is that when you use Windows Update and look at a patch it gives you no info, so you click the patch and still no info', you click the link given but that pretty much just says it's a patch and you should install it, finally after following another link, scrolling down and expanding a section of page you get to find out whether or not the patch is actually relevant to your installation and not just a fix for something you will never use.
I don't use and don't need patches for One-Note, IE, Windows Media Centre, SQL Server. Privilege escalation bugs don't bother me, if you've been compromised that far then you're probably f**ked anyway.
The only bugs that look half-dangerous this month are MS14-046 and MS14-047 because they can lead to you being rooted when joined with browser etc bugs
For future use: https://technet.microsoft.com/...

--
Waterfox - a Firefox fork with legacy extension support, security updates and better privacy by default.
1. Re:No Patch Info by jittles · 2014-08-29 06:44 · Score: 2
  
  I don't use and don't need patches for One-Note, IE, Windows Media Centre, SQL Server. Privilege escalation bugs don't bother me, if you've been compromised that far then you're probably f**ked anyway.
  Uh you don't have to be compromised initially to fall victim to a privilege escalation bug. And you should care about bugs in IE or any other piece of software that is installed (and cannot be removed) from your system. Gone are the simple days of black hats using a single bug to take control of your system. They will chain together vulnerabilities until they can get to your unimportant privilege escalation, and that could very well take advantage of some bug in IE that you neglected to patch because it is unimportant to you.
How is this insightful? Are links difficult now? by Anonymous Coward · 2014-08-29 00:40 · Score: 2, Insightful

You are talking about the short summary in the windows update UI, but there is always a direct link to a Knowledge Base article with much more details.
Are Slashdot posters really unable to follow a direct hyperlink to the information you are after without spending hours on it?? WTF??
Don't know what you are talking about by benjymouse · 2014-08-29 00:48 · Score: 3, Insightful

Perhaps you should give it 3 secs investigation before you shout off.
3 secs should be just enough to click the "more information" link.

--
Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*
1. Re:Don't know what you are talking about by Anonymous Coward · 2014-08-29 00:55 · Score: 5, Insightful
  
  3 secs should be just enough to click the "more information" link.
  Every time I have clicked a "more information" link, I have been taken to a completely useless webpage that contains no information about the KB in question.
2. Re:Don't know what you are talking about by Anonymous Coward · 2014-08-29 01:06 · Score: 3, Insightful
  
  Before you get too smug, please explain how clicking on "more information" would help explain the mystery of Windows Update Agent 7.6.7600.320 and all of the associated problems it causes? That's only one example of many over the last couple decades.
  There has always been *lots* of holes in the Microsoft KB and explanations of patches. Saying just click on more information implies that Microsoft has documented everything and the OP is simply an idiot and/or lazy. In this case he isn't.
3. Re:Don't know what you are talking about by Anonymous Coward · 2014-08-29 05:37 · Score: 2, Insightful
  
  I just ran updates on my Win7 box because of this comment, and I can verify this: The more information link does NOT take you to a related KB article. In fact three of the links timed out, the rest went to pages with zero information about what the update did, and no further information can be found.
  I can, however, Google the patch to find the exact KB article I need. There is no way to find that page from any line of clicking that starts from Windows Update though.
Seems perfectly clear to me :) by lippydude · 2014-08-29 00:59 · Score: 3, Interesting

"Click on the update and you should see a 'More Information' link on the right. Click it and your browser should open to a MS knowledge base page that explains what the patch does".

"To view this vulnerability as a standard entry in the Common Vulnerabilities and Exposures list, see CVE-2014-0318." ref

'win32k.sys .. does not properly control access to thread-owned objects, which allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability ."'
Re:Need developers? by Anonymous Coward · 2014-08-29 02:12 · Score: 3, Funny

Dear AC,

Thank you for expressing your interest in a position at Microsoft. Unfortunately we are not currently hiring developers who test their code.

Sincerely,
Microsoft
Why are they hiding information? by sjbe · 2014-08-29 02:21 · Score: 2

3 secs should be just enough to click the "more information" link.
You apparently have never bothered to click the "more information" link. It is a pretty good approximation of useless unless you click several layers deep and shouldn't be necessary in the first place. A short description of what the patch actually is intended to do would not kill Microsoft. I shouldn't have to go hunting for that information if I want it. Yes I know how to find out what the patch is for but Microsoft has made it needlessly hard.
Put bluntly, I shouldn't have to click ANY links to see a summary of what a patch is supposed to do.
1. Re:Why are they hiding information? by nabsltd · 2014-08-29 05:01 · Score: 2
  
  A short description of what the patch actually is intended to do would not kill Microsoft. I shouldn't have to go hunting for that information if I want it.
  In addition, if you have set Windows Update to "download but not install", then it is possible that you don't have Internet access at the time you are thinking of applying the already-downloaded patch.
Microsoft has lost control of the monster... by QuietLagoon · 2014-08-29 02:56 · Score: 4, Funny

Microsoft has lost control of the monster it created in Windows.
.
It now appears that Windows has taken on a life of its own, and is now roaming the countryside, harassing the villagers.
Where is Dr. Frankenstein when you really need him?