Microsoft to Patch Problem Patch

slowroller writes to mention an eWeek article about a new patch to fix issues raised in their most recent release. From the article: "The company's plan is to target the rerelease only to Windows users who are affected. In a blog entry, Toulouse said the company's patch deployment technologies will have "detection logic" built into them to only offer the revised update to customers who don't have MS06-015 or are having the problem. The glitches, which Microsoft claims affect only a tiny fraction of the 120 million installations of the patch, stem from a new binary called VERCLSID.EXE that validates shell extensions before they are instantiated by the Windows Shell or Windows Explorer. On systems running Hewlett-Packard's Share-to-Web software, Sunbelt's Kerio Personal Firewall and some NVIDIA Drivers, users complained that the new binary stopped responding."

Re:Again? What?

[i.of.the.storm]

No, the patch was simply conflicting with a few pieces of software. If you aren't affected, you won't get the patched patch. The original bug was fixed with the original patch. This patch's patch simply whitelists a couple of programs known to cause issues with the patch.

Re:Apple users are nervous about updates

[Cobralisk]

All users of any system should be wary of updates. Granted, most updates are security fixes that keep your b0xen from being pwned and as such are vital to keeping a more secure system, but all software contains bugs. Sometimes the bug is in the patch, sometimes it's in the application that breaks because it makes an incorrect assumption about the OS that is changed by an otherwise valid bugfix. Either way, every patch to any running system has the potential to break functionality that end-users or sysadmins depend on. In reality the best thing you can do is probably just remove your system from the network. Barring that maybe just keep thorough backups.

Annoying Problem

[Anonymous Coward]

I've already encountered two computers on my companies network that were having this annoying problem. There are probably other systems that will pop up with this problem next week. Here's a few different temporary fixes, but I'm not sure how effective they are for more than a few days (or atleast until Microsoft offers a patch):

1. Directly from MS. [microsoft.com]

2. Rename C:\WINDOWS\SYSTEM32\VERCLSID.EXE to something else (i.e. VERCLSID.OLD) and turn off automatic updates.. otherwise it will try to update Windows again and re-add the executable.

3. Reinstall the HP application. I didn't think that this would work since it appears to reinstall Share-to-Web software, but everything seemed fine afterwards.. so far for one day atleast.

The real annoying thing about this bug is that I think it effects everything using the explorer shell. Click on the arrow at the end of your address bar in IE? Locks the app. Click on arrow to expand your drives while trying to attach a file to email? Locks the app. I'm sure it does the same thing all over the OS when you are trying to do the same function, but those are the only two I really came across before I wanted to fix the problem ASAP.

Re:Make your own decisions

[swmccracken]

How about Corporate: Microsoft provide a server program that you can install that downloads the updates and stores them locally.

Your corporate administrator then configures that server and manually approves and rejects updates to be deployed though the Automatic Update clients connected to your server. (Optionally approving a patch for deployment to only certain groups of computers, say the IT Department could be beta testers.)

It's called Windows Software Update Services [microsoft.com], and has been out for quite some time. In other words, all you're asking for in the first half already exists. :-)

The second part you're talking about is deployment of patches that aren't released through automatic updates - and yes, I agree, they're often problematic. It sounds like you manually installed a non-security hotfix, which was then clobbered by a later security patch (and the bugfix wasn't included in the security patch).

Microsoft seem to believe that non-security bugfixes don't belong in security patches unless a lot of people are affected, but it means that for people that need those security patches and bugfixes, it becomes quite a mess trying to maintain them (and may require manual management, as you've found the hard way. :-( ) I think they're tryng to be cautious, which I can understand (although they've in theory fixed this for XPSP2 and 2K3, as those patches are supposed to include "general distribution release" and "quick fix engineering" versions, automatically installing the QFE version if there already is a QFE hotfix installed, otherwise installing the GDR version.)

A classic example of all this is that there's a registry key you can set that causes IE patches to install bugfixed versions. (I'm not kidding [microsoft.com].)

Mod Parent down for reposting identical comment

[quokkapox]

In Soviet Russia, duplicate comments repost YOU [slashdot.org].

Re:Instantiated???

[arkhan_jg]

From: http://en.wikipedia.org/wiki/Instance_(programming ) [wikipedia.org]

In a language where each object is created from a class, an object is called an instance of that class. If each object has a type, two objects with the same class would have the same datatype. Creating an instance of a class is sometimes referred to as instantiating the class.

That's last as in "Most recent"

[symbolset]

All these articles are dupes. See it again the evening of June 30, as that's when the next semi-annual 0-day festival kicks off in time for the major holiday weekend. It's almost as if these hackers are tormenting you on your holidays for a purpose. Oh, wait...

The two keys to recovering from malware / a botched patch / user error are: 1. Have an image that's known to be clean without doubt. A fresh install with no network connection will usually suffice, Novell historical trivia notwithstanding. A system with absolutely anything installed and then uninstalled, no matter how carefully, just won't work. One that's touched a LAN, even behind a NAT router, isn't "known to be clean". 2. When you blow out your system image, don't corrupt your data files. Obviously if your data is on a drive that's been removed, it's safe. Not everyone is willing to go that far -- all data stored somewhere besides on your system (C:\) drive is a must.

You will need "Drive Image" software. Examples include PowerQuest DriveImage, Altiris RapidDeploy, Norton Ghost. This software list is not a recommendation -- do your own homework on what suits your needs. Maybe someone will reply with suggestions. This software takes a point-in-time snapshot of the data on your system drive, called an "image". You're going to need access to a drive to store your system images. A basic XP image is about 1.5GB compressed, with applications will vary. I've seen with Office and Photoshop with common options go to 6GB, multiple massive games go as high as 30GB. Plan ahead, especially if you want to take periodic backup images or application rollback images. Some people take drive images of their data file drives now and then for backups also.

You're going to need to move your data files someplace safe, like a server or a separate partition. A dedicated drive works well. You're going to need installation CD's for the OS and all your applications, and all of the patches you can get on convenient media. Pendrive or cd work well usually.

Before installing Windows, disconnect from the network. If you're imaging to a network drive, know what you're doing. If your system starts to boot to Windows while connected before your working image is taken, start over.

Install Windows. During install, do not connect to the network. Use the telephone activation option. Get all your updates from the technet executables on local media as previously mentioned. Get the firewall up and running. Don't connect to the network. Point your My Documents folder to the place your datafiles are. Do your base security configuration --firewall settings, replace all the pages in Explorer with about:blank, etc. Do NOT connect to the network.

Take a system image. This is what you recover to if you need a major application overhaul, the "Base" image. If you are storing the image on the network you must make great care while doing this that the system does not boot to the installed OS with the network connected. Your OS install is in a very vulnerable state. If you have to restore to this image, you won't have to re-validate Windows.

If you connected the network during the previous step for network imaging, disconnect it before rebooting.

If you have other applications that require activation and allow telephone activation, you might want to install them now and take an "activated but still network clean" image.

All the software that will install without the network, install and update it. Install Spybot Search & Destroy, with the Tea Timer option. Don't connect to the network. Install Ad-aware or whatever else you're using. Don't connect to the network. Take a system image. This is your "Working" image.

Now you can connect to the network. Immediately go to Windows update and get the latest patches, and their patches, and the patches for those patches. If any of the patched patches' patches have updates, get those too. During this step you'll probably reboot over and over. In Spybot Search & Destroy ge

Re:Affected

[AuMatar]

Yup, we printer firmware folks kept saying that the software team needed to add a drivers only option. No go :(

Re:Affected

[Anonymous Coward]

Finally someone who realizes the real source of the problem.

HP have a history of poorly written drivers, so I assume that their other software won't be better.

Two of the worst cases I had to deal with:
(1) A memory leak that can run up to more than a hundred megabytes in a week's time if you never reboot (and you don't have to print large graphics for that one, plain text is enough).

(2) A security hole you can drive a truck through. That one affected accounts with restricted rights, by giving them full "local system" access: if the printer ran out of paper on a system with a custom shell (i.e. not running explorer), the morons opened a dialog from which online help and the windows control panel could be opened in the security context of a driver process.

Neither of these has ever been fixed AFAIK, although HP confirmed that they were already aware of it when I reported the second one.

Re:Apple users are nervous about updates

[Cheaty]

Hell, at least Apple machines ask you if you want to update; this latest Windows XP patch was pushed to my singular Windows XP without me even knowing about it, installed itself, and rebooted itself. It could have at least asked me if I wanted it or told me what the update was even for...

Try changing your Automatic Updates settings to: 'Download updates for me, but let me choose when to install them.' or 'Notify me but don't automatically download or install them' You can't really blame it for working the way you have it configured.

Re:Affected

[robogun]

The HP 'drivers' for my all-in-one machine come in at 180 megabytes! The interface is sheer bloat, it installs a handful of totally unnecessary (Disabling them has little consequence) services and startup processes, and there is still no x64 driver!

I beta'd for them, told them that in no uncertain terms, they changed nothing. I sold the printer they gave me.

Re:Apple users are nervous about updates

[Blakey Rat]

I let the update go a couple days and look for stories about it on Slashdot. If the problems with it aren't big enough to show up on Slashdot, I usually install it.

Yeah, it's funny, but it's true.