Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Releases Replacement Patch With Two Known Bugs

Posted by samzenpus on from the second-time-is-usually-a-charm dept.

snydeq writes Microsoft has re-released its botched MS14-045/KB 2982791 'Blue Screen 0x50' patch, only to introduce more problems, InfoWorld's Woody Leonhard reports. "Even by Microsoft standards, this month's botched Black Tuesday Windows 7/8/8.1 MS14-045 patch hit a new low. The original patch (KB 2982791) is now officially 'expired' and a completely different patch (KB 2993651) offered in its stead; there are barely documented revelations of new problems with old patches; patches that have disappeared; a 'strong' recommendation to manually uninstall a patch that went out via Automatic Update for several days; and an infuriating official explanation that raises serious doubts about Microsoft's ability to support Windows 9's expected rapid update pace."

17 of 140 comments (clear)

  1. Oh microsoft by Anonymous Coward · · Score: 5, Insightful

    And people still come up to me and say they can't use free software cause they need enterprise-grade quality

    1. Re:Oh microsoft by Anonymous Coward · · Score: 4, Insightful

      What enterprise-grade quality?

      Software from a billion dollar plus company, which required a PO large enough to justify firing the person who approved it, not just the one who implemented it.

      If MS F's up, you can blame them as they yell at you to fix it. If your cobbled together, zero budget, but works 99% of the time solution fails, then it is 100% on you.
      It is completely unfair, but that's the way it is. If the Oracle DB blows up in a patch, you can point to not having a 2nd instance to use as a test system. The finance guys can point to the lack of an extra $100k to spend on a test system and the CEO can blame Oracle/budget to the board.

      If the same issue occurs on mysql, everyone points at you and you alone, since you could have just set up a second system for cheap - never mind that that would double the admin/patch/test time with no corresponding increase in headcount.

      Pendants: This is done in serial, not parallel, otherwise you are not staging it properly to test it.

    2. Re:Oh microsoft by phantomfive · · Score: 4, Informative

      I've written enterprise software, used by large banks and other corporations. Our software was so bad, I couldn't understand how it would help anyone, I'm sure the people who used it were slowed down by the process.

      Finally I realized they did get one thing from it: accountability. If you've never been there, it's hard to understand how corporations are shaped by SOX compliance, and general accounting problems. If a $2000 purchase disappears at a startup, it's a minor problem. But at a large company, accountants will be looking for weeks to find what happened to it.

      Those are the kinds of issues large companies deal with, and removing the accountability of the decision making process (of figuring out what software to use) and giving it to Microsoft is a real service for them. This is the same reason people use RedHat, even though RedHat gives their software away for free. It is one of those things that makes no sense to you until you've worked in that kind of environment.

      --
      "First they came for the slanderers and i said nothing."
  2. Never useful info given with patches by RenHoek · · Score: 5, Insightful

    What pisses me off as a consumer is that Microsoft patches never come with any kind of useful information.

    "There are X patches available", and when you click a specific patch you get "This is a stability patch for Windows 8" or something generic like that.

    How can a consumer make an informed decision to go ahead and install patches or not without hours of looking up KB numbers?

    I'd like more info, so that unless a patch specifically fixes a security bug, I'd rather leave the rest of the patches uninstalled as long as my system runs ok.

    1. Re:Never useful info given with patches by MrL0G1C · · Score: 4, Informative

      You beat me to it, this page is what we need:
      https://technet.microsoft.com/...

      But of course that info should be right there on the windows update window.

      --
      Waterfox - a Firefox fork with legacy extension support, security updates and better privacy by default.
    2. Re:Never useful info given with patches by MobyDisk · · Score: 4, Insightful

      How can a consumer make an informed decision to go ahead and install patches or not without hours of looking up KB numbers?

      Consumers don't make such decisions. If you want that level of control over your OS, don't use Windows. This isn't a knock against Windows or anything: it's just part of the closed-source model. You trust them. If they do a good job, then it saved you effort. If they do not, you get burned. That is the trade-off.

    3. Re:Never useful info given with patches by PopeRatzo · · Score: 3, Insightful

      Most won't even care about that, they just install without reviewing.

      I doubt it's much different in other platforms. Mac OS or Android or Linux. When there is an update, most people don't have the time to carefully go over what it's doing. Nor should they.

      When the plumber comes to my house, as he did yesterday, all I care about is that the hot water is coming and the toilets flush. I don't crawl under the sink to see if he properly greased the pipes or whatever the hell it is plumbers do.

      I have met people who work for Microsoft and Apple and they are neat and earnest and are by all appearances proper and trustworthy citizens. I've also met people who contribute to open source OSs. They look like the guy who stands on the on-ramp with a sign asking for change. A little bit dangerous with greasy hair and a a psychotic glimmer in the eyes.

      I'm kidding of course, and just tweaking people who use Linux (like myself), but as Eclipse (played by Frank McRae) said to Sylvester Stallone upon his imprisonment in the classic American film Lock Up, "You gotta trust somebody. Let me hip you to the joint."

      --
      You are welcome on my lawn.
    4. Re:Never useful info given with patches by TubeSteak · · Score: 4, Insightful

      But of course that info should be right there on the windows update window.

      It was there in WinXp.
      Microsoft seems to think that dumbing down all their user interfaces = the future of computing.

      --
      [Fuck Beta]
      o0t!
  3. Other strange update issues.. by wbr1 · · Score: 5, Informative
    Yesterday in my repair shop I started getting a 0x80246002 error when checking for updates. Only on Win 7, (8 and vista were unaffected). This first occurred on a customer box that had a malware infection. The KB for this error simply states:

    This problem may occur if Windows Update or Microsoft Update determines there is a file hash mismatch when you try to search for available updates from the Windows Update Web site or from the Microsoft Update Web site.

    I spent a couple hours down the rabbit hole, thinking malware had broken updates on this box. Not unusual, and normally fixable by one of several means. When all attempts failed, and then another box presented the same error, I checked, every single windows 7 box would not check for updates.

    I found that it was not something strange in our router or firewall, and it even occurred on other building tenants computers using a separate internet connection. Everyone in the building is on Comcast. Even more interesting, if I connected a computer to another ISP (tethering on my phone in this instance), the update check would succeed. You could then reconnect to comcast and download and install the updates.

    Further all of these computers were running Windows Update Agent 7.6.7600.320, which is a recent (KB less and not able to be skipped) update to Windows update, that you cannot roll back easily. However, by going to a restore point prior to this update, checking for updates magically worked again, until this Agent updated itself and it was broken again.

    So somehow, for whatever reason, the way Windows Update on Win 7 with this version of the agent checks for updates was being blocked by Comcast (Business class). Try explaining that to a comcast support rep. Fortunately today it seems to be working again.

    --
    Silence is a state of mime.
    1. Re:Other strange update issues.. by Anonymous Coward · · Score: 5, Informative

      Had the same problem yesterday on a newly patched Windows 7 laptop and then today on a Windows Server 2008 R2 server.

      Problems with Windows Update Agent 7.6.7600.320 and DNS seems to be where this is headed.

      But I'm holding off on KB 2993651 and Windows Update Agent 7.6.7600.320 until this one gets resolved too.

  4. No Patch Info by MrL0G1C · · Score: 4, Informative

    What pigs me off is that when you use Windows Update and look at a patch it gives you no info, so you click the patch and still no info', you click the link given but that pretty much just says it's a patch and you should install it, finally after following another link, scrolling down and expanding a section of page you get to find out whether or not the patch is actually relevant to your installation and not just a fix for something you will never use.

    I don't use and don't need patches for One-Note, IE, Windows Media Centre, SQL Server. Privilege escalation bugs don't bother me, if you've been compromised that far then you're probably f**ked anyway.

    The only bugs that look half-dangerous this month are MS14-046 and MS14-047 because they can lead to you being rooted when joined with browser etc bugs

    For future use: https://technet.microsoft.com/...

    --
    Waterfox - a Firefox fork with legacy extension support, security updates and better privacy by default.
  5. Don't know what you are talking about by benjymouse · · Score: 3, Insightful

    Perhaps you should give it 3 secs investigation before you shout off.

    3 secs should be just enough to click the "more information" link.

    --
    Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*
    1. Re:Don't know what you are talking about by Anonymous Coward · · Score: 5, Insightful

      3 secs should be just enough to click the "more information" link.

      Every time I have clicked a "more information" link, I have been taken to a completely useless webpage that contains no information about the KB in question.

    2. Re:Don't know what you are talking about by Anonymous Coward · · Score: 3, Insightful

      Before you get too smug, please explain how clicking on "more information" would help explain the mystery of Windows Update Agent 7.6.7600.320 and all of the associated problems it causes? That's only one example of many over the last couple decades.

      There has always been *lots* of holes in the Microsoft KB and explanations of patches. Saying just click on more information implies that Microsoft has documented everything and the OP is simply an idiot and/or lazy. In this case he isn't.

  6. Seems perfectly clear to me :) by lippydude · · Score: 3, Interesting

    "Click on the update and you should see a 'More Information' link on the right. Click it and your browser should open to a MS knowledge base page that explains what the patch does".

    "To view this vulnerability as a standard entry in the Common Vulnerabilities and Exposures list, see CVE-2014-0318." ref

    'win32k.sys .. does not properly control access to thread-owned objects, which allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability ."'

  7. Re:Need developers? by Anonymous Coward · · Score: 3, Funny

    Dear AC,

    Thank you for expressing your interest in a position at Microsoft. Unfortunately we are not currently hiring developers who test their code.

    Sincerely,
    Microsoft

  8. Microsoft has lost control of the monster... by QuietLagoon · · Score: 4, Funny
    Microsoft has lost control of the monster it created in Windows.

    .
    It now appears that Windows has taken on a life of its own, and is now roaming the countryside, harassing the villagers.

    Where is Dr. Frankenstein when you really need him?