Microsoft to Patch Problem Patch 156
slowroller writes to mention an eWeek article about a new patch to fix issues raised in their most recent release. From the article: "The company's plan is to target the rerelease only to Windows users who are affected. In a blog entry, Toulouse said the company's patch deployment technologies will have "detection logic" built into them to only offer the revised update to customers who don't have MS06-015 or are having the problem. The glitches, which Microsoft claims affect only a tiny fraction of the 120 million installations of the patch, stem from a new binary called VERCLSID.EXE that validates shell extensions before they are instantiated by the Windows Shell or Windows Explorer. On systems running Hewlett-Packard's Share-to-Web software, Sunbelt's Kerio Personal Firewall and some NVIDIA Drivers, users complained that the new binary stopped responding."
yay! (Score:5, Funny)
That's last as in "Most recent" (Score:4, Informative)
The two keys to recovering from malware / a botched patch / user error are: 1. Have an image that's known to be clean without doubt. A fresh install with no network connection will usually suffice, Novell historical trivia notwithstanding. A system with absolutely anything installed and then uninstalled, no matter how carefully, just won't work. One that's touched a LAN, even behind a NAT router, isn't "known to be clean". 2. When you blow out your system image, don't corrupt your data files. Obviously if your data is on a drive that's been removed, it's safe. Not everyone is willing to go that far -- all data stored somewhere besides on your system (C:\) drive is a must.
You will need "Drive Image" software. Examples include PowerQuest DriveImage, Altiris RapidDeploy, Norton Ghost. This software list is not a recommendation -- do your own homework on what suits your needs. Maybe someone will reply with suggestions. This software takes a point-in-time snapshot of the data on your system drive, called an "image". You're going to need access to a drive to store your system images. A basic XP image is about 1.5GB compressed, with applications will vary. I've seen with Office and Photoshop with common options go to 6GB, multiple massive games go as high as 30GB. Plan ahead, especially if you want to take periodic backup images or application rollback images. Some people take drive images of their data file drives now and then for backups also.
You're going to need to move your data files someplace safe, like a server or a separate partition. A dedicated drive works well. You're going to need installation CD's for the OS and all your applications, and all of the patches you can get on convenient media. Pendrive or cd work well usually.
Before installing Windows, disconnect from the network. If you're imaging to a network drive, know what you're doing. If your system starts to boot to Windows while connected before your working image is taken, start over.
Install Windows. During install, do not connect to the network. Use the telephone activation option. Get all your updates from the technet executables on local media as previously mentioned. Get the firewall up and running. Don't connect to the network. Point your My Documents folder to the place your datafiles are. Do your base security configuration --firewall settings, replace all the pages in Explorer with about:blank, etc. Do NOT connect to the network.
Take a system image. This is what you recover to if you need a major application overhaul, the "Base" image. If you are storing the image on the network you must make great care while doing this that the system does not boot to the installed OS with the network connected. Your OS install is in a very vulnerable state. If you have to restore to this image, you won't have to re-validate Windows.
If you connected the network during the previous step for network imaging, disconnect it before rebooting.
If you have other applications that require activation and allow telephone activation, you might want to install them now and take an "activated but still network clean" image.
All the software that will install without the network, install and update it. Install Spybot Search & Destroy, with the Tea Timer option. Don't connect to the network. Install Ad-aware or whatever else you're using. Don't connect to the network. Take a system image. This is your "Working" image.
Now you can connect to the network. Immediately go to Windows update and get the latest patches, and their patches, and the patches for those patches. If any of the patched patches' patches have updates, get those too. During this step you'll probably reboot over and over. In Spybot Search & Destroy ge
Millions of different system configurations. (Score:4, Insightful)
Re:Millions of different system configurations. (Score:5, Insightful)
Re:Millions of different system configurations. (Score:2)
Re:Millions of different system configurations. (Score:2)
Re:Millions of different system configurations. (Score:2)
Re:Millions of different system configurations. (Score:2)
But you have to admit... they at least get their press releases [com.com] about their upcoming patches out in time.
Re:Millions of different system configurations. (Score:5, Insightful)
They can, will, and had better do both:
- Release patches quickly
- Release patches with adequate testing
If they don't, they should be punished.
Re:Millions of different system configurations. (Score:1, Insightful)
Re:Millions of different system configurations. (Score:4, Insightful)
- Release patches quickly
- Release patches with adequate testing
You do realise that some things simply take a certain amount of time and no matter how much money or how many people you throw at the problem they will not get done any quicker, don't you?
You also realise that the reason that MS release patches on a monthly schedule is that the corporate IT world demanded it, don't you?
What you are asking for, in effet, is that they a) solve problems in a certain amount of time regardless of how long it actually requires, b) do so without affecting quality and c) go against the express wishes of a large proportion of their customers.
Now, I'm not saying that they're perfect by any means, and I accept that I'm probably lucky in that I've used half a dozen machines over the last few years running Windows 2k and XP and have suffered no problems that weren't entirely hardware related, but from where I'm sat they're doing an ok job.
Re:Millions of different system configurations. (Score:1)
Re:Millions of different system configurations. (Score:5, Insightful)
You do realise that some things simply take a certain amount of time and no matter how much money or how many people you throw at the problem they will not get done any quicker, don't you?
If only people would realize that, especially managers. "Ohh so you need x hours to do that? Well I'll just go call this helper for y hours, then you only need x-y hours, so we'll ship on friday"... Glad I'm not doing that anymore. Incidently, we did have a few issues with the patch, but what it revealed for us isn't that there might be a problem with MS patches, but that theres a big problem with testing at our facility before rolling out patches.
MS might screw up, but it's our job to make sure that what they give us works before we roll it out.
Re:Millions of different system configurations. (Score:1, Interesting)
With this particular patch, I'm not sure how I'd have tested for this problem with it. It only happens sometimes on some computers. At my office, my computer is the only one affected, everyone else has no problems at all. My IE will just stop going to websites (I type addresses in the bar, and nothing happens when I hit enter. Not even an hourglass or a change in the status bar), "My Computer" displays folders for all the icons in the tree view, and closing the window causes the entire explorer shell to exit and reload. Occasionally alt-tabbing into putty makes putty think the mouse button is being held down. And of course killing the 10 or so processes i've accumulated during all of this makes everything go back to normal for a few hours.
Hopefully this "detection logic" will detect that I've got a problem here, since I'm 99% sure (wouldn't put it past dell to install nvidia drivers for my ati card) I don't have any of the software mentioned in the article.
Re:Millions of different system configurations. (Score:2)
Re:Millions of different system configurations. (Score:2)
Microsoft should be held financially, if not criminally, liable for every bug, just like any engineering company, construction company, or medical practitioner. So should other software companies, true, but in particular anyone in Microsoft's position should be held liable.
Saying "there's only so much they can do so fast" belies the fact that they're the ones who have manipulated the marketplace and risked others time, safety, and investments by releasing the broken software to begin with. When they've been negligent in doing so, it's time to punish them, not to pretend that buggy software is some sort of natural disaster and say "well, there's only so much they can do so fast."
The crime has already been committed.
Re:Millions of different system configurations. (Score:2)
It is precisely because Microsoft has accepted (or demanded, often virtually at gunpoint) billions from society, both public and private sector, that they should be liable for their mistakes. A corporation's ability to be sued for damages should correlate directly to the amount of profit they take in. To each according to need, from each according to ability. (Yes, I know where the quote comes from).
Harassing companies? Hardly. Or, if you like, it is our just demand in exchange for the harassment that they visit upon us. It is merely asserting that with the undeniably leveraged demand for rights (EULAs, extortion-quantity monies through intellectual property and leverage, government support and contracts) come responsibilities and liabilities that should (and sooner or later will) be buoyed by the force of law and that will sooner or later be buoyed by the force of popular will and anger if nothing is done before that.
You expect too much (Score:1)
- Release patches quickly
- Release patches with adequate testing
Yeah...and while they're at it, why don't you lobby them to open source Windows. Not that I'm surprised to see this comment from someone who's calling for Bush to go on trial for war crimes in their sig, but billions of dollars aside you might want to actually think about the logistics of testing patches. If they didn't test them "adequately" I imagine we'd see this kind of problem on a much larger scale and more often.
Re:Millions of different system configurations. (Score:1)
This is basic business computing theory. You get to a certain point where adding in extra personnel actually slows down the process.
Re:Millions of different system configurations. (Score:2)
Re:Millions of different system configurations. (Score:2)
Re:Millions of different system configurations. (Score:1)
Re:Millions of different system configurations. (Score:1)
Microsoft has a responsibility to its OS users (Score:2)
They have the capability and certainly the choice. Instead of bringing out WinXP, they could have shored up Win2k; or instead of WinFS, they could have shored up WinXP. And did they *have to* branch out into the Xbox market when they needed more work on their OS?
But if they don't want the responsibility, that's fine, they don't have to maintain it; let the people use some other OS, and they don't have to be responsible for it. Open up the formats for MS Word or MS Exchange, and we'll make our own Eudora for BeOS or AbiWord for OS X. Instead, they jealously guard their position as king of the dungheap, and keep making noises about "Yeah, this is the *last* patch you'll need, because *next* time, you'll be running Vista!" (and then, "Ooops, that last patch you got? Here's a patch for it.")
So, we don't need to apologize at all for demanding sufficient and timely patching, because the two really go hand-in-hand. Next thing you know, we might shock you by demanding an OS that's actually reliable.
[1] "their system": no, not yours. You don't own MS Windows; they simply deign to allow you to use it, per their EULA.
Affected (Score:2)
Re:Affected (Score:5, Interesting)
Re:Affected (Score:3, Informative)
Re:Affected (Score:2)
Re:Affected (Score:2)
Re:Affected (Score:2)
Re:Affected (Score:2)
640x480? (Score:1)
Re:640x480? (Score:2)
Re:Affected (Score:5, Insightful)
The HP 'drivers' for my all-in-one machine come in at 180 megabytes! The interface is sheer bloat, it installs a handful of totally unnecessary (Disabling them has little consequence) services and startup processes, and there is still no x64 driver!
The HP sponsored linux drivers (HPLIP) work well on Linux 64, and it is nice to see Linux up on Windows for once in terms of hardware support.
That felt good.
Re:Affected (Score:3, Informative)
I beta'd for them, told them that in no uncertain terms, they changed nothing. I sold the printer they gave me.
Re:Affected (Score:1, Informative)
HP have a history of poorly written drivers, so I assume that their other software won't be better.
Two of the worst cases I had to deal with:
(1) A memory leak that can run up to more than a hundred megabytes in a week's time if you never reboot (and you don't have to print large graphics for that one, plain text is enough).
(2) A security hole you can drive a truck through. That one affected accounts with restricted rights, by giving them full "local system" access: if the printer ran out of paper on a system with a custom shell (i.e. not running explorer), the morons opened a dialog from which online help and the windows control panel could be opened in the security context of a driver process.
Neither of these has ever been fixed AFAIK, although HP confirmed that they were already aware of it when I reported the second one.
Re:Affected (Score:2)
Their hardware is really nice.. does its job, easy to setup.
Their drivers? Forget it. The drivers for my printer won't install on Win2003 because it's a 'server OS' and HP don't support it. They won't install on XP 64bit because HP don't support it. If you do install on XP the driver is 100mb+ and has software in it that phones home every couple of minutes that *cannot be removed* without breaking the printer.
On top of that it works by modifying the hosts file, which means if the printer is DHCP it breaks every time the printer IP address changes & you have to manually edit it. For months I was reinstalling the driver every time it 'broke' until I found out what the problem was.
If they had decent software I'd buy HP with no issues, but their software is *so* bad I won't have it around any more.
Two Patch Tuesdays (Score:5, Funny)
So, you can get two patchs and two tacos on the same day? Wow, now if MS can do the pizza deal, I might just install their OS!
Re:Two Patch Tuesdays (Score:1)
Here is the problem (Score:4, Insightful)
My Patch (Score:3, Funny)
It works.
Re:My Patch (Score:1)
It goes like this:
First, boot your pc from a linux live cd. I recommend Ubuntu.
Next, make sure your windows hard drive is mounted properly (at, say
Now, open up a terminal window (logged in as root, natch) and type:
"rs -rf
After this, all your windows woes are at an end......
Re:My Patch (Score:2)
#umount
#mkfs.reiserfs
If you want to be sure, you could also do
#dd if=/dev/zero of=/dev/hda2
Re:My Patch (Score:1)
Re:My Patch (Score:2)
Re:My Patch (Score:2)
Apple users are nervous about updates (Score:4, Interesting)
Re:Apple users are nervous about updates (Score:3, Informative)
It does happen sometimes (Score:2)
So it's easily possible to go on with your life and never experience a problem with an update, but it does happen sometimes. It can really make peopel skittish too, unfortunately. People don't want to do something that could break their computer (understandibly) and the thought process is along the lines of "Well it works now, and an update might break it, so I should just not update."
At work we don't let our servers auto install patches for just this reason. We want to test them on less critical systems first. Now 999 times out of 1000, they work just fine. However, every so often we have something break. Happened not to long ago with a Solaris 10 patch. I never found out what went wrong precisely, but our Sun guy commented he'd messed up our 10 test box.
Re:Apple users are nervous about updates (Score:2, Insightful)
Re:Apple users are nervous about updates (Score:2, Informative)
Re:Apple users are nervous about updates (Score:2, Insightful)
Mac users should be much more wary of updates for that reason alone.
Apple also is a lot less interested in enterprise customers than Microsoft. Enterprise customers are the ones that demand extensive testing and will seriously crack the shits if some funny legacy application that is absolutely critical for their business fails to run following an update.
Apple isn't too fussed by backwards compatability either. So certainly an OS upgrade (10.3 -> 10.4) is expected to break things on OS X. Pre-Vista Microsoft pretty much guaranteed that if it worked on the old version it would work on the new version of Windows.
Re:Apple users are nervous about updates (Score:3, Informative)
Yeah, it's funny, but it's true.
Microsoft also lies in its knowledgebase articles. (Score:1, Interesting)
Nowhere did Microsoft identify WHAT disks, WHY, or HOW. It was a "throwaway line" like that referenced in the present article. Microsoft was happy to say that LBA48 was supported by Windows 2000 Service Pack 4, but NOT that if you installed it first WITHOUT Service Pack 4 and then installed SP4, that Windows 2000 would silently wait until you actually tried to use the larger partitions before trashing your hard drive.
Mod Parent down for reposting identical comment (Score:2, Informative)
Re:Microsoft also lies in its knowledgebase articl (Score:1)
XP without SP1 will do this as well. I once reinstalled XP onto a machine that had an 80GB system drive and a 200GB data drive. It installed onto the smaller drive properly, but the disk manager cheerfully and silently altered the partition on the 200GB drive to fit within 137GB.
It looked like all the data had been wiped, but I shut down, disconnected the big drive, installed SP1 and reattached the drive. The partition was still hosed, but Partition Rescue got it back again. Not what you need on a Friday afternoon...
Make your own decisions (Score:1)
Re:Make your own decisions (Score:5, Informative)
Your corporate administrator then configures that server and manually approves and rejects updates to be deployed though the Automatic Update clients connected to your server. (Optionally approving a patch for deployment to only certain groups of computers, say the IT Department could be beta testers.)
It's called Windows Software Update Services [microsoft.com], and has been out for quite some time. In other words, all you're asking for in the first half already exists.
The second part you're talking about is deployment of patches that aren't released through automatic updates - and yes, I agree, they're often problematic. It sounds like you manually installed a non-security hotfix, which was then clobbered by a later security patch (and the bugfix wasn't included in the security patch).
Microsoft seem to believe that non-security bugfixes don't belong in security patches unless a lot of people are affected, but it means that for people that need those security patches and bugfixes, it becomes quite a mess trying to maintain them (and may require manual management, as you've found the hard way.
A classic example of all this is that there's a registry key you can set that causes IE patches to install bugfixed versions. (I'm not kidding [microsoft.com].)
Re:Make your own decisions (Score:1)
SUS, the first version (prior to WUS WSUS or whatever they slightly re branded it to) was good I used it with AD integration to good effect most of the time, but there were still a few issues regarding reboots, and the fact that you could only dole out OS patches, as I understand it the later version allowed more granular control and was supposed to provide Other MS Patch support, so this is the way to go, if you can.
So I agree with your post, mostly.
I would like to see Microsoft simplifying their patch system though, and I would like to see them providing free support for people who hit issues after applying one.
Those who have been sacked . . . (Score:3, Interesting)
I noticed that my laptop's touchpad started acting the way the little markings said it should (i.e., the scroll part of the pad finally scrolls). This is quite annoying after having gotten used to it _not_ working.
WSUS (Score:2)
MS may make buggy insecure software, but at least WSUS lets you keep decent tabs on how insecure your boxes are.
Anyone else? (Score:2)
All of my Visual Studio versions (2003, 2005 express) have stopped working. They display a message of "unknown error" when starting. I can only get them to run if I shut down explorer.exe before launching them.
I've been using a ux theme patch for years to be able to use unsigned themes.
Has anyone experienced similar problems? Can anyone suggest a solution?
This is the patch that never ends (Score:5, Funny)
Re:This is the patch that never ends (Score:2)
Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.
Your sig makes total sense to me now.
Annoying Problem (Score:4, Informative)
1. Directly from MS. [microsoft.com]
2. Rename C:\WINDOWS\SYSTEM32\VERCLSID.EXE to something else (i.e. VERCLSID.OLD) and turn off automatic updates.. otherwise it will try to update Windows again and re-add the executable.
3. Reinstall the HP application. I didn't think that this would work since it appears to reinstall Share-to-Web software, but everything seemed fine afterwards.. so far for one day atleast.
The real annoying thing about this bug is that I think it effects everything using the explorer shell. Click on the arrow at the end of your address bar in IE? Locks the app. Click on arrow to expand your drives while trying to attach a file to email? Locks the app. I'm sure it does the same thing all over the OS when you are trying to do the same function, but those are the only two I really came across before I wanted to fix the problem ASAP.
Heh - "tiny" fraction could still be "lots" (Score:5, Insightful)
I know this is not a popular opinion here, but MSFT really does have a tough job, if you are objective about it, from an engineering point of view.
Re:Heh - "tiny" fraction could still be "lots" (Score:5, Insightful)
Hear here!
I agree 100%!
As a software engineer of a rapidly growing company, it's amazing to me how much higher the standard of testing and accountability has to be with each major product release. Our company has been growing exponentially, at least 2x annually. Just a year or two ago, a bug meant a few phone calls, but in the last year or so, it's gotten to where a single bug (even a minor one) can easily swamp our telephones!
The first release was like, a proof of concept more than not. It wasn't even feature complete at release - we relied on an update mechanism built in at the last minute to cover for the fact that not all the features were completed!
Not many phone calls from that issue, I might add. But, in the last year or two, a single bug affecting a relatively small percentage of our users still loads us down with dozens of issues ticketed in a single morning.
Ugh!
Since our deliverable is web-based, fixing a bug is still very fast, but we're working furiously to improve quality control testing prior to release. I can only imagine what a company with the market size of Microsoft has to deal with - when the vast majority of computing resources are in your hands, the task of dealing with bugs and updates must be simply gargantuan.
How do they do it with such a shoddy codebase?
Re:Heh - "tiny" fraction could still be "lots" (Score:2)
Re:Heh - "tiny" fraction could still be "lots" (Score:2, Interesting)
Re:Heh - "tiny" fraction could still be "lots" (Score:1)
You've seen it then? What aspects in particular are shoddy?
Re:Heh - "tiny" fraction could still be "lots" (Score:3, Insightful)
I haven't seen the codebase, but from using the Win32 API a bit, I noticed the following:
Anyway, those are my observations... hopefully things are better in
A bob each way (Score:2, Funny)
Re:A bob each way (Score:2)
Since you're the critic, you think it should be.... ???
Re:Heh - "tiny" fraction could still be "lots" (Score:3, Insightful)
Re:Heh - "tiny" fraction could still be "lots" (Score:1)
Yes, it is made worse by their own bad engineering practices.
No, they are no match for the task.
Bloody odd... (Score:2)
Re:Bloody odd... (Score:2)
Application of this patch MS06-015 may break: (Score:1)
Oh Thank Heaven (Score:2, Funny)
Bwahhh!! Media Player quit working (Score:1)
The worst of it is that even when you uninstall the damn patches, your system remains screwed up. Have to reinstall Windows jus so I can get my HP Scanner & Cameras working again, screwed up my Nvidia drivers, have to wipe and reinstall windows to get it working right, screwed up DX9, have to wipe and reinstall due to other patches. Thanks MSFT, I guess I'll go back to using Gentoo once the damn semester ends and I don't need your buggy patches.
The funniest thing about it is my scanner and camera work better under linux, while the xorg nv driver is only 200 fps slower in glxgears then the Nvidia closed source driver.
Instantiated??? (Score:1)
Re:Instantiated??? (Score:2)
Re:Instantiated??? (Score:2)
Re:Instantiated??? (Score:3, Informative)
In a language where each object is created from a class, an object is called an instance of that class. If each object has a type, two objects with the same class would have the same datatype. Creating an instance of a class is sometimes referred to as instantiating the class.
Erase Windows XP and re-install OS X? (Score:1)
Ver1 or Ver2 or Ver? (Score:1)
Funny one... (Score:3, Interesting)
"What the new [re-engineered] update essentially does is simply add the affected third-party software to an 'exception list' so that the problem does not occur."
So what they did? Made a patch, that breaks some functionality and then added some exceptions not to use it, where it breaks things.
I've got no idea how did they let it happen... patch is basically broken, they know it, some applications don't use that patch, because it breaks them and old bugs normally corrected by ver1 patch are still present there. What was the point of releasing patches again?
Worst support ever...
How did it come to this? The answer is here... (Score:2, Funny)
What If.. (Score:1)
we'd need a patch to patch the problem patch that patched the problem patch..
Old habits never die... (Score:2)
Note that they still use 8.3 ALL-CAPS names for their files
Logitech Quickcam Notebook Pro (Score:2)
Re:Again? What? (Score:4, Informative)
Re:Again? What? (Score:2, Funny)
Re:Again? What? (Score:5, Funny)
man: Well, what've you got?
Waitress: Well, there's egg and bacon; egg sausage and bacon; egg and patch; egg bacon and patch; egg bacon sausage and patch; patch bacon sausage and patch; patch egg patch patch bacon and patch; patch sausage patch patch bacon patch tomato and patch;
Vikings: Patch patch patch patch...
Waitress:
Vikings: Patch! Lovely patch! Lovely patch!
Waitress:
Re:Again? What? (Score:2)
Just curious...
Re:Again? What? (Score:1, Troll)
Re:Again? What? (Score:2)
Re:Again? What? (Score:3, Interesting)
It's the same logic that works out whether you need an Office patch or if your computer infected with a certain piece of spyware and offers a special "patch" to get rid of it before offering to install XP SP2 or if a particular patch is already installed so you don't need it again.
It's quite well established code that's been used for quite some time.
Detection Logic (Score:2)
Re:URL For Patch (Score:3, Insightful)
GRRR they didn't finish testing this patch, either! Office looks funny and none of my games work!