Windows 10 Update Broke DHCP, Knocked Users Off the Internet

Microsoft has quietly fixed a software update it released last week, which effectively prevented Windows 10 users from connecting to the Internet or joining a local network. From a report on ArsTechnica: It's unclear exactly which automatic update caused the problem or exactly when it was released -- current (unconfirmed) signs point to KB3201845 released on December 9 -- but whatever it was appeared to break DHCP (Dynamic Host Configuration Protocol), preventing Windows 10 from automatically acquiring an IP address from the network. There's also little detail on how many people were affected or why, but multiple cases have been confirmed across Europe by many ISPs. A Microsoft spokesperson has meanwhile confirmed that "some customers" had been experiencing "difficulties" getting online, but that's about it for public statements at present. However, a moderator on the company's forums has said the fix was included in a patch released on Tuesday called KB3206632.

Satnav

Having fun in Satnav's involuntary public beta testing program?

Re:Satnav

I have to wonder about this specific bug. They fucked up DHCP? Doing what to it? The DHCP stack isn't something that needs regular tweaking; it's not like there are new features being introduced to DHCP all the time. The protocol is mature and relatively static, and the DHCP client in Windows has been robust for years. Even XP's DHCP client was rock solid, fully IPv6 aware, etc. There's nothing to be making changes to in that codebase. Just as I wouldn't expect CALC.EXE to get updated (and suddenly quit working) unless there's some major new discovery in mathematics that redefines how a calculator should operate, I wouldn't expect the DHCP client to be getting buggered when there haven't been any breakthroughs in IP lease assignment.

So what the hell they were mucking around with - adding more spying? Everybody gets a persistent route to FBI HQ in their config?

Re:Satnav

[thegarbz]

You don't need to touch a specific part of a stack to ruin something. Calc.exe would be equally screwed if you did something that broke the Win32API.

Likewise the change could have been completely unrelated to DHCP. Did anyone confirm if the rest of the network stack was okay or did they just conclude that Microsoft broke a very specific part of DHCP?

I once broke DHCP on my linux machine with a typo in an iptables script. That annoyed my especially since it was one of those bugs that was fine until the next reboot and the machine was headless.

Re:Satnav

[fuzzyfuzzyfungus]

Reports mention that the failure to acquire an address is, at least sometimes, tied to the "Connected Devices Platform Service" crashing. Apparently this service is "used for Connected Devices and Universal Glass scenarios", which really clears things up.

Nobody seems to have much to say on what exactly the 'connected devices platform' is; but it sounds like the problem isn't with the DHCP client itself; but with some questionably sensible abstraction layer failing at automagic above it, in the service of some windows-everywhere-in-the-connected-home fever dream.

Sort of like the time they broke all those webcams, not by monkeying with UVC support; but by quietly inserting a poorly thought out frameserver without telling anyone because being able to log in with your face is obviously more important than Directshow working as expected.

Re:Satnav

[nmb3000]

Having fun in Satnav's involuntary public beta testing program?

No worries, I'll just disable automatic updates until they sort it out.

Wait, I can't do that anymore? Oh.

Okay then, I'll just not install the optional KB3206632 update.

Wait, the only option is the December Rollup Update package? I can't disable single updates anymore? Oh.

Okay then, I'll just look for my Windows 7 installation DVD and abandon this Windows 10 shit.

Wait, they forced the same update model onto Windows 7 users? Oh.

Okay then, so Microsoft changed their update model to take away all customer control, fired most of their QA department, and now releases update after update with bugs and problems?

Well, fuck Microsoft.

Re: Satnav

[jxander]

Linux on the metal. Windows in a VM.

Took a little tweaking (you can google it) and it works perfectly for the vast majority of applications. I only found a slight degradation in the latest and greatest AAA vidya games. And even then, it's around a 10% loss in frame rate, or turning the graphics down from Ultra to Very High.

I tried to get the patch

But I couldn't get online.

Re:I tried to get the patch

[Anon-Admin]

I'm sure some people probably thought their computers were broken and took them in for service,but since they couldn't get on the internet, most people probably called their ISPs, who have technicians in India who have no troubleshooting skills beyond asking them to reboot.

I fixed that sentence for you.

Re:I tried to get the patch

[Immerman]

Yeah. Seems to me an awful lot of affected people ought to bill Microsoft for having a tech guy come set things right for them. Even accidentally breaking the means of acquiring repairs is a special sort of evil.

I know it's not exactly difficult to manually assign an IP, but only if you know what you're doing.

Re:I tried to get the patch

[JustAnotherOldGuy]

I know it's not exactly difficult to manually assign an IP, but only if you know what you're doing.

I know what ya mean- for some reason my grandma just never got the hang of configuring DHCP or assigning static IPs.

I tried to email with instructions her but she never responded.

Re:I tried to get the patch

I had this happen to 1 machine at work, and did this to fix it:

netsh winsock reset catalog (Reset WINSOCK entries to installation defaults)
netsh int ipv4 reset reset.log (Reset IPv4 TCP/IP stack to installation defaults)

All of that cryptic command-line mumbo-jumbo just proves it: Windows is not yet ready for the desktop.

Networking.....Windows Update?

[segedunum]

Always on updates................ How do people get the update fixing the update when you've broken their fucking network you dumbasses?

Re:Networking.....Windows Update?

[arth1]

Always on updates................ How do people get the update fixing the update when you've broken their fucking network you dumbasses?

Simple. You buy and install a server that can feed a pxe environment through bootp, and install the patches that way...

Re:Networking.....Windows Update?

[thegarbz]

How do people get the update fixing the update when you've broken their fucking network you dumbasses?

I'm sure the Microsoft people never thought of this and the Slashdot people are smarter. After all we only ran a story a few days ago about how this problem is transient and doesn't persist through a full restart, which is precisely what Microsoft is telling people to do. (It was also mentioned in TFA)

This is one of those issues which will affect some Slashdot users more than mum and dad's, not because the Slashdot users are more technically minded and mess with their machines, but because they seem incapable of doing something as simple as reading.

Re:Having fun yet?

[arth1]

Is there anyone out there that is not yet aware that this is basically one giant beta test?

Yes, me. A beta test means that there is a plan to release a finished product. I see no such plan.

Re:VMs for Windows

[rickb928]

Yeah, I had my Windows 10 machines go down a few weeks ago for bad WiFi driver updates. Rolling back solved it, and this one I fixed by rolling back also. Sadly, Windows gets network problems more often than ever few decades.

If you meant something else, hey, throw it against the wall.

Re:Yet another result of decimated QA

[UnknowingFool]

OpenSSL has a serious vulnerability for 2 years and nobody bats an eye.

I assume you are referring to HeartBleed.

Let's start with the obvious: OpenSSL had a vulnerability which no one knew about for 2 years. As soon as it was discovered, a fix was issued 6 days after the bug was discovered.

Now let's talk about the details: Heartbleed was a vulnerability which would allow someone to undermine security of OpenSSL. It didn't stop computers from functioning outright.

Lastly, EVERYONE treated Heartbleed as serious. Your assertion that "nobody bats an eye." is an outright lie.

Microsoft has a network issue for a week and the Linux fags line up to crucify people. What a community of hypocritical fuckwits.

Way to downplay the problem which is not entirely accurate: MS released an update which borks their customer's internet connection.

Re:Windows 10

[freeze128]

Dude, 1996 called and wants its joke back, but you missed the call because you were on the modem.

Re:Update available!

[subanark]

Uninstall patch, then update?

Re:Yet another result of decimated QA

[Motherfucking+Shit]

Proving (yet again) that the claim made by open source advocates of "many eyes make bugs shallow" is bullshit. The reason that the bug went unnoticed for 2 years is that nobody was looking at the source code. Not even the people who wrote it.

Except someone did find it, even if it took awhile. How does that work with a closed-source product like Windows? How many critical vulnerabilities are lurking in there, perhaps bugs or perhaps intentionally introduced at the behest of governments, and simply cannot be discovered because the source isn't available?

We badly need a Software Consumers Bill of Rights

[LeftCoastThinker]

There are a lot of states where damaging someone's property is a crime and makes you both criminally and civilly liable. Unfortunately all the normal ambulance chasers who would quite rightly file class action lawsuits are scared of the MS legal team and deep pockets. We badly need a software consumers bill of rights to cover all for profit software. In this day and age computers are a mature field where people spend much of their lives. It is about time that the government enact some legislation recognizing this and protecting the citizens from predatory and/or fraudulent software companies. Among those rights:

- Convert all software to be covered by copyright instead of patent law.
- Limit software copyright to 20 years or 5 years after it is no longer for sale or the day and date when it is no longer supported, whichever is first.
- Any software purchased by a consumer is covered by a standard set of rights that parallel ownership of a physical item where applicable or are spelled out in the bill of rights. EULAs are all illegal except between business entities.
- Right of resale is retained by consumer for the physical copy or license key of the purchased software.
- Consumer purchases allow unlimited installs by consumer on equipment they own or use. (Software must be removed from hardware prior to sale/donation).
- Software must function offline unless that functionality requires an online connection.
- Make it illegal for companies to remove functionality previously contained in software/hardware via update, except as a temporary security measure.
- Developers are legally required to provide security and functionality patches to fix bugs and security holes discovered either internally or by security researchers for 5 years minimum after date of final sale without any strings attached. (Failure to do so implies that they intended to defraud the consumer by selling a broken/unfinished/dangerous product and could require refunding all customers and criminal fraud liability.)
- Software updates should not be mandatory unless there is a clear, urgent reason for them to be. If a mandatory update causes the software to become unusable, the company must pay affected users $150/h spent dealing with the problem, cover cost of repairs, pay $60,000/year of lost documents (i.e. if it was 4 weeks since my last backup and all data since that backup is lost, developer is on the hook for $5000), and/or replace affected hardware, the combination of which is based on what it takes to get the system completely restored in a timely fashion.
- Online software licenses/keys/virtual goods and the like have value to the customers who hold them and can be traded/bought/sold/transferred/inherited etc. If a consumer pays actual money either directly or indirectly for a virtual commodity, it can be handled in this way.
- Source code for any and all software and back end servers for sale in the US must be provided to the library of congress in order to enjoy copyright protection. 5 years after that software is no longer for sale or the day that it is no longer supported, LOC should publish source code and the software becomes open domain.

Note this only affects consumer software. Businesses can still do all the licensing and other more flexible arrangements.