Microsoft to Patch Problem Patch

slowroller writes to mention an eWeek article about a new patch to fix issues raised in their most recent release. From the article: "The company's plan is to target the rerelease only to Windows users who are affected. In a blog entry, Toulouse said the company's patch deployment technologies will have "detection logic" built into them to only offer the revised update to customers who don't have MS06-015 or are having the problem. The glitches, which Microsoft claims affect only a tiny fraction of the 120 million installations of the patch, stem from a new binary called VERCLSID.EXE that validates shell extensions before they are instantiated by the Windows Shell or Windows Explorer. On systems running Hewlett-Packard's Share-to-Web software, Sunbelt's Kerio Personal Firewall and some NVIDIA Drivers, users complained that the new binary stopped responding."

yay!

[bensafrickingenius]

Recursive patching at last!

That's last as in "Most recent"

[symbolset]

All these articles are dupes. See it again the evening of June 30, as that's when the next semi-annual 0-day festival kicks off in time for the major holiday weekend. It's almost as if these hackers are tormenting you on your holidays for a purpose. Oh, wait...

The two keys to recovering from malware / a botched patch / user error are: 1. Have an image that's known to be clean without doubt. A fresh install with no network connection will usually suffice, Novell historical trivia notwithstanding. A system with absolutely anything installed and then uninstalled, no matter how carefully, just won't work. One that's touched a LAN, even behind a NAT router, isn't "known to be clean". 2. When you blow out your system image, don't corrupt your data files. Obviously if your data is on a drive that's been removed, it's safe. Not everyone is willing to go that far -- all data stored somewhere besides on your system (C:\) drive is a must.

You will need "Drive Image" software. Examples include PowerQuest DriveImage, Altiris RapidDeploy, Norton Ghost. This software list is not a recommendation -- do your own homework on what suits your needs. Maybe someone will reply with suggestions. This software takes a point-in-time snapshot of the data on your system drive, called an "image". You're going to need access to a drive to store your system images. A basic XP image is about 1.5GB compressed, with applications will vary. I've seen with Office and Photoshop with common options go to 6GB, multiple massive games go as high as 30GB. Plan ahead, especially if you want to take periodic backup images or application rollback images. Some people take drive images of their data file drives now and then for backups also.

You're going to need to move your data files someplace safe, like a server or a separate partition. A dedicated drive works well. You're going to need installation CD's for the OS and all your applications, and all of the patches you can get on convenient media. Pendrive or cd work well usually.

Before installing Windows, disconnect from the network. If you're imaging to a network drive, know what you're doing. If your system starts to boot to Windows while connected before your working image is taken, start over.

Install Windows. During install, do not connect to the network. Use the telephone activation option. Get all your updates from the technet executables on local media as previously mentioned. Get the firewall up and running. Don't connect to the network. Point your My Documents folder to the place your datafiles are. Do your base security configuration --firewall settings, replace all the pages in Explorer with about:blank, etc. Do NOT connect to the network.

Take a system image. This is what you recover to if you need a major application overhaul, the "Base" image. If you are storing the image on the network you must make great care while doing this that the system does not boot to the installed OS with the network connected. Your OS install is in a very vulnerable state. If you have to restore to this image, you won't have to re-validate Windows.

If you connected the network during the previous step for network imaging, disconnect it before rebooting.

If you have other applications that require activation and allow telephone activation, you might want to install them now and take an "activated but still network clean" image.

All the software that will install without the network, install and update it. Install Spybot Search & Destroy, with the Tea Timer option. Don't connect to the network. Install Ad-aware or whatever else you're using. Don't connect to the network. Take a system image. This is your "Working" image.

Now you can connect to the network. Immediately go to Windows update and get the latest patches, and their patches, and the patches for those patches. If any of the patched patches' patches have updates, get those too. During this step you'll probably reboot over and over. In Spybot Search & Destroy ge

Millions of different system configurations.

[headkase]

Everyone complains that Microsoft does not release their patches fast enough or that they don't do adequate testing. They can't win either way.

Re:Millions of different system configurations.

[MustardMan]

No - Microsoft doesn't release patches fast enough and they don't do adequate testing. They don't win on either count.

Re:Millions of different system configurations.

[Skuld-Chan]

Releasing patches on a monthly basis involves a massive QA effort - no matter what size company you are. And to be honest I've only ever had problems with one patch they've sent out. I was not affected by the issue mentioned in this article (even though I have an nvidia 7800 video card).

Re:Millions of different system configurations.

[MustardMan]

Your anecdotal evidence intrigues me, and I would like to subscribe to your newsletter.

Re:Millions of different system configurations.

[rapidweather]

That might explain why some of the problems my users have had with XP did not exactly match the documentation Microsoft provided about the patch. The lockups were big-time, and the screen was smeared in some areas. They did report that Powerpoint was being used. Then I was called to witness a locked-up screen as AOL was being used. To determine if the hardware was going bad, I rebooted using my livecd linux, a knoppix 3.4 remaster, known to work perfectly on the Dell P4 HT before. Everything looked good, no problems. I booted XP up the next day, and stayed away from Powerpoint, as I don't use it, and strangely, XP seemed fine. Do have a HP 750 PCS printer, however, to I did meet the criteria for having a "HP Printer" in the Microsoft report. Didn't turn it on, but the drivers are there. Don't know if the specific HP driver they were talking about (MS) was present on the box. I suppose the reworked patch will be applied by the update system, I'll take another look at the machine on XP soon.

Re:Millions of different system configurations.

[rbochan]

Microsoft doesn't release patches fast enough and they don't do adequate testing. They don't win on either count.

But you have to admit... they at least get their press releases [com.com] about their upcoming patches out in time.

Re:Millions of different system configurations.

[aussersterne]

Microsoft is a multibillion dollar corporation stuffed full of multibillion dollar men. They have a monopoly on the marketplace, power half of the world, and want to power the rest.

They can, will, and had better do both:

- Release patches quickly
- Release patches with adequate testing

If they don't, they should be punished.

Re:Millions of different system configurations.

[Anonymous Coward]

Yes - they should be punished - by users not buying their support contracts for following years.

Re:Millions of different system configurations.

[Tim C]

They can, will, and had better do both:

- Release patches quickly
- Release patches with adequate testing

You do realise that some things simply take a certain amount of time and no matter how much money or how many people you throw at the problem they will not get done any quicker, don't you?

You also realise that the reason that MS release patches on a monthly schedule is that the corporate IT world demanded it, don't you?

What you are asking for, in effet, is that they a) solve problems in a certain amount of time regardless of how long it actually requires, b) do so without affecting quality and c) go against the express wishes of a large proportion of their customers.

Now, I'm not saying that they're perfect by any means, and I accept that I'm probably lucky in that I've used half a dozen machines over the last few years running Windows 2k and XP and have suffered no problems that weren't entirely hardware related, but from where I'm sat they're doing an ok job.

Re:Millions of different system configurations.

[simonjp]

Just because the IT corporate world demanded it, doesnt mean that the IT consumer world shouldn't get access to patches quickly.

Re:Millions of different system configurations.

[Splab]

You do realise that some things simply take a certain amount of time and no matter how much money or how many people you throw at the problem they will not get done any quicker, don't you?

If only people would realize that, especially managers. "Ohh so you need x hours to do that? Well I'll just go call this helper for y hours, then you only need x-y hours, so we'll ship on friday"... Glad I'm not doing that anymore. Incidently, we did have a few issues with the patch, but what it revealed for us isn't that there might be a problem with MS patches, but that theres a big problem with testing at our facility before rolling out patches.

MS might screw up, but it's our job to make sure that what they give us works before we roll it out.

Re:Millions of different system configurations.

[Anonymous Coward]

but that theres a big problem with testing at our facility before rolling out patches.

With this particular patch, I'm not sure how I'd have tested for this problem with it. It only happens sometimes on some computers. At my office, my computer is the only one affected, everyone else has no problems at all. My IE will just stop going to websites (I type addresses in the bar, and nothing happens when I hit enter. Not even an hourglass or a change in the status bar), "My Computer" displays folders for all the icons in the tree view, and closing the window causes the entire explorer shell to exit and reload. Occasionally alt-tabbing into putty makes putty think the mouse button is being held down. And of course killing the 10 or so processes i've accumulated during all of this makes everything go back to normal for a few hours.

Hopefully this "detection logic" will detect that I've got a problem here, since I'm 99% sure (wouldn't put it past dell to install nvidia drivers for my ati card) I don't have any of the software mentioned in the article.

Re:Millions of different system configurations.

[Splab]

Well milage may vary, but here it took out all machines with HP products (Share-to-web). Theres more info about it here [microsoft.com].

Re:Millions of different system configurations.

[aussersterne]

It's Microsoft's liability for having released buggy software to begin with. There are responsibilities that come with dominating the marketplace and being granted a foundational position for a great deal of society's infrastructure.

Microsoft should be held financially, if not criminally, liable for every bug, just like any engineering company, construction company, or medical practitioner. So should other software companies, true, but in particular anyone in Microsoft's position should be held liable.

Saying "there's only so much they can do so fast" belies the fact that they're the ones who have manipulated the marketplace and risked others time, safety, and investments by releasing the broken software to begin with. When they've been negligent in doing so, it's time to punish them, not to pretend that buggy software is some sort of natural disaster and say "well, there's only so much they can do so fast."

The crime has already been committed.

Re:Millions of different system configurations.

[aussersterne]

Absolutely not. Open Source developers see zero profit, and thus should have zero civil liability. Criminal liability on the other hand, should apply to everyone. Naturally, willfully malicious or intentionally destructive code should be prosecuted regardless of who writes it. But anyone who contributes generously should not be penalized for their contribution, even if it is poor. Those who demand tribute, on the other hand, must be prepared to justify (and later to defend in retrospect) that demand, and to pay the consequences if they have overreached.

It is precisely because Microsoft has accepted (or demanded, often virtually at gunpoint) billions from society, both public and private sector, that they should be liable for their mistakes. A corporation's ability to be sued for damages should correlate directly to the amount of profit they take in. To each according to need, from each according to ability. (Yes, I know where the quote comes from).

Harassing companies? Hardly. Or, if you like, it is our just demand in exchange for the harassment that they visit upon us. It is merely asserting that with the undeniably leveraged demand for rights (EULAs, extortion-quantity monies through intellectual property and leverage, government support and contracts) come responsibilities and liabilities that should (and sooner or later will) be buoyed by the force of law and that will sooner or later be buoyed by the force of popular will and anger if nothing is done before that.

You expect too much

[Vlad2.0]

They can, will, and had better do both:

- Release patches quickly
- Release patches with adequate testing

Yeah...and while they're at it, why don't you lobby them to open source Windows. Not that I'm surprised to see this comment from someone who's calling for Bush to go on trial for war crimes in their sig, but billions of dollars aside you might want to actually think about the logistics of testing patches. If they didn't test them "adequately" I imagine we'd see this kind of problem on a much larger scale and more often.

Re:Millions of different system configurations.

[Jesapoo]

Certain tasks take a certain amount of time, and you can't just throw more money at a problem and expect the time they take to decrease in a linear fashion.
This is basic business computing theory. You get to a certain point where adding in extra personnel actually slows down the process.

Re:Millions of different system configurations.

[From A Far Away Land]

How they could release a Rollup Update patch into the wild and not even test it with Microsoft Word XP is beyond reason. After applying Version 1 of that patch, you'd no longer be able to save files to floppy disks, and if you try it pretty much hangs the computer up.

Re:Millions of different system configurations.

[From A Far Away Land]

AC you misunderstood. Windows 2000 Rollup Update 1 from a few months ago broke Office XP.

Re:Millions of different system configurations.

[Overly Critical Guy]

I fail to see how those are mutually exclusive, especially for the #1 software company in the world. It's not my fault they broke their own operating system while patching a flaw in it.

Re:Millions of different system configurations.

[cranbers]

They make billions of dollars a year to do this, are you saying they are not capable of supporting their own products. Maybe they should just issue the shutdown command that they already have embedded in the Windows auto update service and end it early, so everyone can finally switch to Linux and the I.T. industry can finally move forward and profits can finally be spread around.

Microsoft has a responsibility to its OS users

[KWTm]

Microsoft is a corporation with enormous resources, which they leveraged to dominate the worldwide personal computer market. Now we want them to release their patches: a) on time, AND b) with sufficient testing. What are you saying, they don't have enough resources to do this? They want to be remembered for bringing MS Windows to every man, woman and child, but don't want the responsibility of maintaining *their*[1] systems now that everyone is using it?

They have the capability and certainly the choice. Instead of bringing out WinXP, they could have shored up Win2k; or instead of WinFS, they could have shored up WinXP. And did they *have to* branch out into the Xbox market when they needed more work on their OS?

But if they don't want the responsibility, that's fine, they don't have to maintain it; let the people use some other OS, and they don't have to be responsible for it. Open up the formats for MS Word or MS Exchange, and we'll make our own Eudora for BeOS or AbiWord for OS X. Instead, they jealously guard their position as king of the dungheap, and keep making noises about "Yeah, this is the *last* patch you'll need, because *next* time, you'll be running Vista!" (and then, "Ooops, that last patch you got? Here's a patch for it.")

So, we don't need to apologize at all for demanding sufficient and timely patching, because the two really go hand-in-hand. Next thing you know, we might shock you by demanding an OS that's actually reliable.

[1] "their system": no, not yours. You don't own MS Windows; they simply deign to allow you to use it, per their EULA.

Affected

[From A Far Away Land]

I was affected by the problem and figured it out since someone else I knew had mentioned that Windows Update broke their computer too. Lousy Microsoft works badly with HP crap programming these days. HP's programs really stink. They ignore attempts to stop software upgrade checks, crash with some deep freeze products, and don't work on small resolution screens like 640X480.

Re:Affected

[AuMatar]

HP doesn't even write half their own crap anymore. When I worked in HP firmware (last year), the software teams were a joke in our division. No matter what we did, we knew our stuff was better than software.

Re:Affected

[AuMatar]

Yup, we printer firmware folks kept saying that the software team needed to add a drivers only option. No go :(

Re:Affected

[phoenix.bam!]

Why the hell not? I hate having to install 256 megs of software to run my printer.

Re:Affected

[AuMatar]

Because the management thought the full software package "gave a better customer experience".

Re:Affected

[phoenix.bam!]

It did give me a better experience. I said fuck buying another $100 piece of crap and I went with Lexmark.

Re:Affected

[AuMatar]

I can't speak to any of those, I was in the printer division.

640x480?

[Tavor]

People still use 640x480? I know when my Win98 box got fubar'd and I had to reboot in safe mode, 640x480 wouldn't even display half my desktop. =(

Re:640x480?

[From A Far Away Land]

It's not common, but people who have trouble seeing like it better than 800x600, and HP has trouble with 800x600 even.

Re:Affected

[baadger]

Oooo ooo I want to slam HP too.

The HP 'drivers' for my all-in-one machine come in at 180 megabytes! The interface is sheer bloat, it installs a handful of totally unnecessary (Disabling them has little consequence) services and startup processes, and there is still no x64 driver!

The HP sponsored linux drivers (HPLIP) work well on Linux 64, and it is nice to see Linux up on Windows for once in terms of hardware support.

That felt good.

Re:Affected

[robogun]

The HP 'drivers' for my all-in-one machine come in at 180 megabytes! The interface is sheer bloat, it installs a handful of totally unnecessary (Disabling them has little consequence) services and startup processes, and there is still no x64 driver!

I beta'd for them, told them that in no uncertain terms, they changed nothing. I sold the printer they gave me.

Re:Affected

[Anonymous Coward]

Finally someone who realizes the real source of the problem.

HP have a history of poorly written drivers, so I assume that their other software won't be better.

Two of the worst cases I had to deal with:
(1) A memory leak that can run up to more than a hundred megabytes in a week's time if you never reboot (and you don't have to print large graphics for that one, plain text is enough).

(2) A security hole you can drive a truck through. That one affected accounts with restricted rights, by giving them full "local system" access: if the printer ran out of paper on a system with a custom shell (i.e. not running explorer), the morons opened a dialog from which online help and the windows control panel could be opened in the security context of a driver process.

Neither of these has ever been fixed AFAIK, although HP confirmed that they were already aware of it when I reported the second one.

Re:Affected

[Tony Hoyle]

Their software and driver support is the reason I will not be buying another HP printer.

Their hardware is really nice.. does its job, easy to setup.

Their drivers? Forget it. The drivers for my printer won't install on Win2003 because it's a 'server OS' and HP don't support it. They won't install on XP 64bit because HP don't support it. If you do install on XP the driver is 100mb+ and has software in it that phones home every couple of minutes that *cannot be removed* without breaking the printer.

On top of that it works by modifying the hosts file, which means if the printer is DHCP it breaks every time the printer IP address changes & you have to manually edit it. For months I was reinstalling the driver every time it 'broke' until I found out what the problem was.

If they had decent software I'd buy HP with no issues, but their software is *so* bad I won't have it around any more.

Two Patch Tuesdays

[Vskye]

For some Windows users, there will be two Patch Tuesdays in April.
 
So, you can get two patchs and two tacos on the same day? Wow, now if MS can do the pizza deal, I might just install their OS! ;)

Re:Two Patch Tuesdays

[onlysolution]

don't forget the cheap two-scoop tuesday at Baskin Robins and two-for-tuesday items at Woot.com!

Here is the problem

[dick pubes]

The big problem when they do this is compatibility testing. I work at numerous companies where we need to read through each patch to see what they 'fix'. Now when Microsoft does this we will just have to guess what they might break in a legacy application deployed across the world.

My Patch

[Cobralisk]

del c:\windows\system32\verclsid.exe

It works.

Re:My Patch

[Wizard Drongo]

I have a patch that gets rid of virtually every single problem in Windows.
It goes like this:

First, boot your pc from a linux live cd. I recommend Ubuntu.
Next, make sure your windows hard drive is mounted properly (at, say /mnt/windows).
Now, open up a terminal window (logged in as root, natch) and type:
"rs -rf /mnt/windows"
After this, all your windows woes are at an end......

Re:My Patch

[colinrichardday]

You'd have to have /mnt/windows mounted read/write, as opposed to read-only. Rather, find the partition (let's say /dev/hda2), and run

#umount /mnt/windows
#mkfs.reiserfs /dev/hda2

If you want to be sure, you could also do

#dd if=/dev/zero of=/dev/hda2

Re:My Patch

[ComaVN]

follow it with mkdir c:\windows\system32\verclsid.exe then.

Re:My Patch

[fbjon]

Damn, I didn't know mkdir worked in windows these days. I've always used md.

Re:My Patch

[cbiltcliffe]

SFP will remove the directory and replace it with the bin.

How about if you made it read only? Or made a 0 byte file with that name, but read only? Will SFP replace read only files?

Apple users are nervous about updates

[nordicfrost]

I'm an Apple user, and it always struck me as odd that they are nervous about upgrades. Each time there's an update, some brave person will install it and report as to how it behaves on that specific Mac. Is it the Firewire-delete-external-harddrive-bug from many years ago that still lives on in memory? Or is it that Apple breaks things in their updates? I have a Powerbook and have not yet experienced that updates hav broken anything on it or my familys Macs. See this forum [apple.com] for more info...

Re:Apple users are nervous about updates

[Cobralisk]

All users of any system should be wary of updates. Granted, most updates are security fixes that keep your b0xen from being pwned and as such are vital to keeping a more secure system, but all software contains bugs. Sometimes the bug is in the patch, sometimes it's in the application that breaks because it makes an incorrect assumption about the OS that is changed by an otherwise valid bugfix. Either way, every patch to any running system has the potential to break functionality that end-users or sysadmins depend on. In reality the best thing you can do is probably just remove your system from the network. Barring that maybe just keep thorough backups.

It does happen sometimes

[Sycraft-fu]

Try as they might, companies can't validate everything. Apple has a much easier time of it since they largely control the hardware, but there's still a ton of devices one can add to a Mac, and then of course the software. This one on Windows conflicts with certian 3rd party software... But only in some situations. I run Kerio and have an nVidia card, yet have no problems.

So it's easily possible to go on with your life and never experience a problem with an update, but it does happen sometimes. It can really make peopel skittish too, unfortunately. People don't want to do something that could break their computer (understandibly) and the thought process is along the lines of "Well it works now, and an update might break it, so I should just not update."

At work we don't let our servers auto install patches for just this reason. We want to test them on less critical systems first. Now 999 times out of 1000, they work just fine. However, every so often we have something break. Happened not to long ago with a Solaris 10 patch. I never found out what went wrong precisely, but our Sun guy commented he'd messed up our 10 test box.

Re:Apple users are nervous about updates

[ciroknight]

Hell, at least Apple machines ask you if you want to update; this latest Windows XP patch was pushed to my singular Windows XP without me even knowing about it, installed itself, and rebooted itself. It could have at least asked me if I wanted it or told me what the update was even for...

Re:Apple users are nervous about updates

[Cheaty]

Hell, at least Apple machines ask you if you want to update; this latest Windows XP patch was pushed to my singular Windows XP without me even knowing about it, installed itself, and rebooted itself. It could have at least asked me if I wanted it or told me what the update was even for...

Try changing your Automatic Updates settings to: 'Download updates for me, but let me choose when to install them.' or 'Notify me but don't automatically download or install them' You can't really blame it for working the way you have it configured.

Re:Apple users are nervous about updates

[fact0r]

Apple updates do not have an uninstall feature. Almost every windows update does.

Mac users should be much more wary of updates for that reason alone.

Apple also is a lot less interested in enterprise customers than Microsoft. Enterprise customers are the ones that demand extensive testing and will seriously crack the shits if some funny legacy application that is absolutely critical for their business fails to run following an update.

Apple isn't too fussed by backwards compatability either. So certainly an OS upgrade (10.3 -> 10.4) is expected to break things on OS X. Pre-Vista Microsoft pretty much guaranteed that if it worked on the old version it would work on the new version of Windows.

Re:Apple users are nervous about updates

[Blakey Rat]

I let the update go a couple days and look for stories about it on Slashdot. If the problems with it aren't big enough to show up on Slashdot, I usually install it.

Yeah, it's funny, but it's true.

Microsoft also lies in its knowledgebase articles.

[dick pubes]

Last year when I had my problem with Windows 2000 hosing my system's partition table because installing it with Service Pack 3 on, THEN installing Service Pack 4 was insufficient to prevent it from hosing the partition table on a big disk when the outer portions of the disk eventually ended up being used, I finally dug up a Microsoft Knowledgebase article that admitted that "some disks" geometry wouldn't be read correctly in that situation.

Nowhere did Microsoft identify WHAT disks, WHY, or HOW. It was a "throwaway line" like that referenced in the present article. Microsoft was happy to say that LBA48 was supported by Windows 2000 Service Pack 4, but NOT that if you installed it first WITHOUT Service Pack 4 and then installed SP4, that Windows 2000 would silently wait until you actually tried to use the larger partitions before trashing your hard drive.

Mod Parent down for reposting identical comment

[quokkapox]

In Soviet Russia, duplicate comments repost YOU [slashdot.org].

Re:Microsoft also lies in its knowledgebase articl

[ozmanjusri]

Windows 2000 would silently wait until you actually tried to use the larger partitions before trashing your hard drive.

XP without SP1 will do this as well. I once reinstalled XP onto a machine that had an 80GB system drive and a 200GB data drive. It installed onto the smaller drive properly, but the disk manager cheerfully and silently altered the partition on the 200GB drive to fit within 137GB.

It looked like all the data had been wiped, but I shut down, disconnected the big drive, installed SP1 and reattached the drive. The partition was still hosed, but Partition Rescue got it back again. Not what you need on a Friday afternoon...

Make your own decisions

[Ajehals]

Is it just me or wouldnt it make more sense to just have three options for updates, 1) On (or Make me safe please) Deault for all OEM and Home versions 2) Off (or I Dont Care, and whilst your at it get me on one of those botnet things) 3) Corporate (or Same as Off, - We have at least one tech who will check the patches and apply them as he sees fit) Default for corporates (VLK Media users) That way your average user will just get the patches unless they decide otherwise, and your corporates can do the sensible thing of checking their own systems first. What I am trying to say is that the logic should be with the consumer, a corporate user might not want to patch something that (they think) will not impact them, whilst home users should get every patch available just in case. The logic element of only applying patches in certain circumstances is a bit off as you end up with even more possible system configurations. Ive been down this route before with MS patches for MS SQL Server, we had an issue that MS KB listed as requiring a patch that you had to ask for, (apparently it was a rare issue that was somehow setup / hardware specific). We were 100% up to date with our patching on all our servers and then had to do this install manually on a load of boxes, about 6 months later the origional problem occured again on our test systems when another patch patched our current patch.... That little shenanigan cost me my 95% uptime record (we didnt bother with 99.999% because in a mixed environment it wasnt attainable if we were patching our Windows boxes...) I hope that there is a point in this post somewhere, Ive not slept for about 60 hours so if there isnt, well hey. (Oh and the good news is Ive set up my own company since this little story and now I have a 100% security and uptime record with MS software, I have achieved this by not using any....)

Re:Make your own decisions

[swmccracken]

How about Corporate: Microsoft provide a server program that you can install that downloads the updates and stores them locally.

Your corporate administrator then configures that server and manually approves and rejects updates to be deployed though the Automatic Update clients connected to your server. (Optionally approving a patch for deployment to only certain groups of computers, say the IT Department could be beta testers.)

It's called Windows Software Update Services [microsoft.com], and has been out for quite some time. In other words, all you're asking for in the first half already exists. :-)

The second part you're talking about is deployment of patches that aren't released through automatic updates - and yes, I agree, they're often problematic. It sounds like you manually installed a non-security hotfix, which was then clobbered by a later security patch (and the bugfix wasn't included in the security patch).

Microsoft seem to believe that non-security bugfixes don't belong in security patches unless a lot of people are affected, but it means that for people that need those security patches and bugfixes, it becomes quite a mess trying to maintain them (and may require manual management, as you've found the hard way. :-( ) I think they're tryng to be cautious, which I can understand (although they've in theory fixed this for XPSP2 and 2K3, as those patches are supposed to include "general distribution release" and "quick fix engineering" versions, automatically installing the QFE version if there already is a QFE hotfix installed, otherwise installing the GDR version.)

A classic example of all this is that there's a registry key you can set that causes IE patches to install bugfixed versions. (I'm not kidding [microsoft.com].)

Re:Make your own decisions

[Ajehals]

Ive used SUS and it works a charm, but its only viable if you have windows servers in your environment, and if you are big enough to implement it properly some companies are'nt, there are also 3rd party solutions to the issue but I dont like the idea of paying for a system that applies free patches to a piece of software you have already paid for...
SUS, the first version (prior to WUS WSUS or whatever they slightly re branded it to) was good I used it with AD integration to good effect most of the time, but there were still a few issues regarding reboots, and the fact that you could only dole out OS patches, as I understand it the later version allowed more granular control and was supposed to provide Other MS Patch support, so this is the way to go, if you can.

So I agree with your post, mostly.

I would like to see Microsoft simplifying their patch system though, and I would like to see them providing free support for people who hit issues after applying one.

Those who have been sacked . . .

[Dausha]

I have a friend in law school who was a victim of this last patch. She was complaining that attempting to use the menubar of any IE-based interface caused her system to lock up. She could double click on an icon to open a document, but she could not save it without locking up. (I don't know if she could use CTRL-S.)

I noticed that my laptop's touchpad started acting the way the little markings said it should (i.e., the scroll part of the pad finally scrolls). This is quite annoying after having gotten used to it _not_ working.

WSUS

[Darth_brooks]

I wonder how this will appear in WSUS. Critical update? Update Rollup? I've got a couple HP's on site and I've got everything set to auto-install criticals & security updates, everything else is admin-approve.

MS may make buggy insecure software, but at least WSUS lets you keep decent tabs on how insecure your boxes are.

Anyone else?

[adolfojp]

I fear that the following is because of the patch/update.

All of my Visual Studio versions (2003, 2005 express) have stopped working. They display a message of "unknown error" when starting. I can only get them to run if I shut down explorer.exe before launching them.

I've been using a ux theme patch for years to be able to use unsigned themes.

Has anyone experienced similar problems? Can anyone suggest a solution?

This is the patch that never ends

[Hawthorne01]

yes it goes on and on my friend. Some people started using it, not knowing what it was, and they'll continue using it forever just because...This is the patch that never ends, yes it goes on and on my friend... :-)

Re:This is the patch that never ends

[cptgrudge]

The patch that never ends?

Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.

Your sig makes total sense to me now.

Annoying Problem

[Anonymous Coward]

I've already encountered two computers on my companies network that were having this annoying problem. There are probably other systems that will pop up with this problem next week. Here's a few different temporary fixes, but I'm not sure how effective they are for more than a few days (or atleast until Microsoft offers a patch):

1. Directly from MS. [microsoft.com]

2. Rename C:\WINDOWS\SYSTEM32\VERCLSID.EXE to something else (i.e. VERCLSID.OLD) and turn off automatic updates.. otherwise it will try to update Windows again and re-add the executable.

3. Reinstall the HP application. I didn't think that this would work since it appears to reinstall Share-to-Web software, but everything seemed fine afterwards.. so far for one day atleast.

The real annoying thing about this bug is that I think it effects everything using the explorer shell. Click on the arrow at the end of your address bar in IE? Locks the app. Click on arrow to expand your drives while trying to attach a file to email? Locks the app. I'm sure it does the same thing all over the OS when you are trying to do the same function, but those are the only two I really came across before I wanted to fix the problem ASAP.

Heh - "tiny" fraction could still be "lots"

[NotQuiteReal]

Many product vendors would love to have a tiny fraction of the 120 million installations - it would be more than their entire market!

I know this is not a popular opinion here, but MSFT really does have a tough job, if you are objective about it, from an engineering point of view.

Re:Heh - "tiny" fraction could still be "lots"

[mcrbids]

I know this is not a popular opinion here, but MSFT really does have a tough job, if you are objective about it, from an engineering point of view.

Hear here!

I agree 100%!

As a software engineer of a rapidly growing company, it's amazing to me how much higher the standard of testing and accountability has to be with each major product release. Our company has been growing exponentially, at least 2x annually. Just a year or two ago, a bug meant a few phone calls, but in the last year or so, it's gotten to where a single bug (even a minor one) can easily swamp our telephones!

The first release was like, a proof of concept more than not. It wasn't even feature complete at release - we relied on an update mechanism built in at the last minute to cover for the fact that not all the features were completed!

Not many phone calls from that issue, I might add. But, in the last year or two, a single bug affecting a relatively small percentage of our users still loads us down with dozens of issues ticketed in a single morning.

Ugh!

Since our deliverable is web-based, fixing a bug is still very fast, but we're working furiously to improve quality control testing prior to release. I can only imagine what a company with the market size of Microsoft has to deal with - when the vast majority of computing resources are in your hands, the task of dealing with bugs and updates must be simply gargantuan.

How do they do it with such a shoddy codebase?

Re:Heh - "tiny" fraction could still be "lots"

[BrynM]

it's gotten to where a single bug (even a minor one) can easily swamp our telephones! ... How do they do it with such a shoddy codebase?

They found great way around that. If it's after 90 days or so from purchase or is your 2nd call, they charge you. From The XP Home support options [microsoft.com]:

2 support request(s) submitted online or by a phone call are included at no charge. Unlimited installation support is available by phone at no charge.

All additional support requests are $35.00 US per request during business hours or use an existing contract.

I'd love to see the profit they make from their own bugs.

Re:Heh - "tiny" fraction could still be "lots"

[malelder]

They make no profit from their own bugs. If the problem is caused by a bug in their software, the charges for that support request are reversed.

Re:Heh - "tiny" fraction could still be "lots"

[Tim C]

How do they do it with such a shoddy codebase?

You've seen it then? What aspects in particular are shoddy?

Re:Heh - "tiny" fraction could still be "lots"

[Jeremi]

What aspects in particular are shoddy?

I haven't seen the codebase, but from using the Win32 API a bit, I noticed the following:

1. "Fill in a struct and pass it to the function" interfaces, which are very error prone (forget to fill in a field? Oops, now you have a program that works 80% of the time and does something weird the other 20%, due to uninitialized memory reads)
2. Hungarian notation used everywhere, making things hard to read
3. Unnecessary obfuscation of types (e.g. DWORD instead of long or int32)
4. Focus on backwards compatibility to the point where there are often five or six APIs for every function (granted there are some valid business reasons for doing that, but it still makes for an extremely messy and hard-to-validate interface)
5. Functions that are broken, and instead of fixing them, Microsoft simply publishes a http://support.microsoft.com/default.aspx?scid=kb; en-us;274323 [slashdot.org], forcing every Win32 developer in the known universe to have to hack up their code with an ugly band-aid instead
6. A tendency to create Yet Another New API for everything, instead of re-using existing interfaces. For example: you have a program that communicates over a TCP stream, and you want to make it communicate the same data over a serial port instead: Under MacOS/X or Linux, this is trivial: just pass in the file descriptor to the serial device instead of to the TCP socket, and you're done. Under Win32, you'll have to completely redesign your program with a custom event loop, because there is no way to select() on a HANDLE.

Anyway, those are my observations... hopefully things are better in .net land or whatever the new thing is these days.

A bob each way

[Grim Leaper]

Hear here!

Couldn't decide if it was "Here, here!" or "Hear, hear!", huh?

Re:A bob each way

[mcrbids]

I parse this phrase to be equivalent to "Hear it Here". Thus, "Hear here!", or perhaps "Here, Hear!"

Since you're the critic, you think it should be.... ???

Re:Heh - "tiny" fraction could still be "lots"

[cyber-vandal]

Considering that position was obtained and has been maintained illegally, I have zero sympathy.

Re:Heh - "tiny" fraction could still be "lots"

[mikelang]

Yes, they have a tough engineering challenge.
Yes, it is made worse by their own bad engineering practices.
No, they are no match for the task.

Bloody odd...

[gordgekko]

I have Kerio Personal Firewall and an Nvidia video card and my system is running fine. I guess I got lucky.

Re:Bloody odd...

[jrumney]

I have both those too, and I've had two UI lockups this week. It doesn't seem to be consistently reproducable, but I think IE or IE based apps (Add/Remove Programs etc) were involved in both cases. Normally I use firefox, so it perhaps doesn't affect me as much as others with the problem.

Application of this patch MS06-015 may break:

[fragles]

Application of this patch MS06-015 (KB 908531) may break: - "register under..." in excel 2003 and word 2003 - norton ghost 9.0 - Wireless network - Ms Word Looks that this patch just breaks your PC thus the security wholes are not a problem any more.

Oh Thank Heaven

[keith134]

...that Microsoft doesn't make cars.

Bwahhh!! Media Player quit working

[Anonymous Coward]

Now I can't watch my pron!!

The worst of it is that even when you uninstall the damn patches, your system remains screwed up. Have to reinstall Windows jus so I can get my HP Scanner & Cameras working again, screwed up my Nvidia drivers, have to wipe and reinstall windows to get it working right, screwed up DX9, have to wipe and reinstall due to other patches. Thanks MSFT, I guess I'll go back to using Gentoo once the damn semester ends and I don't need your buggy patches.

The funniest thing about it is my scanner and camera work better under linux, while the xorg nv driver is only 200 fps slower in glxgears then the Nvidia closed source driver.

Instantiated???

[ephedream]

Is that even a word? Is anyone else reading this word for the first time? It shows up in the dictionary.com database as a completely unrelated word. So how long has "instantiated" been the passive voice of "to load an instance of"?

Re:Instantiated???

[adtifyj]

It has been in use in Comm. Sci. theory since Object Orientated Design was first conceived.

Re:Instantiated???

[quokkapox]

We've been using that word to mean exactly that since before your dad met your mom on CompuServe.

Re:Instantiated???

[arkhan_jg]

From: http://en.wikipedia.org/wiki/Instance_(programming ) [wikipedia.org]

In a language where each object is created from a class, an object is called an instance of that class. If each object has a type, two objects with the same class would have the same datatype. Creating an instance of a class is sometimes referred to as instantiating the class.

Erase Windows XP and re-install OS X?

[Arcady13]

The bug seems to that Mac users are running Windows. This has upset the entire Microsoft culture. Therefore, all Macs running Windows will be erased and set back to running OS X. How else will Microsoft actually make money selling Office, since only the Mac users pay for it?

Ver1 or Ver2 or Ver?

[Barsteward]

They have a created a Ver2 patch based on patch Ver1 of this .EXE, and it's targetted to a specific set of users, what happens if they need a Ver3 patch later on in the year? Which version do they patch (Ver1 or Ver 2 or both) and send out? Are they going to create Ver3 from Ver2 on the assumption that the Ver2 will not create any problems for those still using Ver1 (i.e. those not part of this targetted release of Ver2).

Funny one...

[Viraptor]

Ok. This patch is really funny - just RTFA:
"What the new [re-engineered] update essentially does is simply add the affected third-party software to an 'exception list' so that the problem does not occur."

So what they did? Made a patch, that breaks some functionality and then added some exceptions not to use it, where it breaks things.
I've got no idea how did they let it happen... patch is basically broken, they know it, some applications don't use that patch, because it breaks them and old bugs normally corrected by ver1 patch are still present there. What was the point of releasing patches again?
Worst support ever...

How did it come to this? The answer is here...

[rtssmkn]

Steve: Ok, guys, I love this company...repeat...I looove this company (throws chair around). Bill: And remember, if it compiles, it ships... Dev-Team: But we're already special casing here... Steve: (looking angry) Bill: If it compiles, it is good enough for shipping, let the active user basis sort it out... Dev-Team: Well, look this special case here, where it says that all of Microsoft is GOOD and everything else is BAD, it might cause systems to go awry... Bill: It's awry in the first place, so don't care on fixing this until it is required to be fixed, we definetly can introduce more special casing if required...does it compile already? Dev-Team: Well, er, yes, a few errors and a few warnings, but no black box testing was done yet... Bill: Testing? Steve: (whispering into Bill's ear) you know that sort of thing that would prevent us from shipping early... Bill: Ah, erm, yes, ok. It compiles. Comment out the lines that produce the errors and re-compile. Ignore the warnings...and ship that damn patch. We have this initiative running, you know, security it was called, I believe. Ah, I love this company. Steve: (remember Dim from the Clockwork Orange?) Ah, I love this company... Dev-Team: Bill, you are genius, after commenting out the faulty lines and setting the compiler flag to ignore all warnings, it compiles just fine. Thanks for your great insight...a pleasure to be working for you! Ah, we love this company (even more so like Dim). SCNR. Carsten

What If..

[DeathByDuke]

the patch to fix the problem patch was a problem?

we'd need a patch to patch the problem patch that patched the problem patch..

Old habits never die...

[pe1chl]

a new binary called VERCLSID.EXE

Note that they still use 8.3 ALL-CAPS names for their files :-)

Logitech Quickcam Notebook Pro

[Mistah Blue]

I wonder if this patch is what has prevented me from installing my new webcam. I have a Dell D800 (nVidia Go5200) running XP Pro SP2. I would get STOP errors (BSOD) and some would reference video drivers. I'll try again after I get the new update. Anybody else had this happen? My next step is an OS reinstall (which isn't a completely bad idea, since I've been running on this for a year and a half).

Re:Again? What?

[i.of.the.storm]

No, the patch was simply conflicting with a few pieces of software. If you aren't affected, you won't get the patched patch. The original bug was fixed with the original patch. This patch's patch simply whitelists a couple of programs known to cause issues with the patch.

Re:Again? What?

[0racle]

I don't think you used the word patch enough.

Re:Again? What?

[Rosco P. Coltrane]

No, the patch was simply conflicting with a few pieces of software. If you aren't affected, you won't get the patched patch. The original bug was fixed with the original patch. This patch's patch simply whitelists a couple of programs known to cause issues with the patch.

man: Well, what've you got?

Waitress: Well, there's egg and bacon; egg sausage and bacon; egg and patch; egg bacon and patch; egg bacon sausage and patch; patch bacon sausage and patch; patch egg patch patch bacon and patch; patch sausage patch patch bacon patch tomato and patch;

Vikings: Patch patch patch patch...

Waitress: ...patch patch patch egg and patch; patch patch patch patch patch patch baked beans patch patch patch...

Vikings: Patch! Lovely patch! Lovely patch!

Waitress: ...or Lobster Thermidor a Crevette with a mornay sauce served in a Provencale manner with shallots and aubergines garnished with truffle pate, brandy and with a fried egg on top and patch.

Re:Again? What?

[PygmySurfer]

Why exactly are you using Windows 2003 ENTERPRISE for your workstation? If you want to use the newer Windows 2003 codebase, you could use something like Web Server edition. Enterprise is loaded with cruft you don't need.

Just curious... :)

Re:Again? What?

[Decker-Mage]

Because I play in the enterprise space these days for Microsoft and others.

Re:Again? What?

[Decker-Mage]

Love it. I'm a MS fanboy, I'll admit it as I try to be brutally honest about everything. However, I must have pissed someone off by being honest. Flamebait? Troll? Okay. Weird though for Slashdot.

Re:Again? What?

[swmccracken]

The detection logic is (almost certainly) simply the logic built into Windows Update and the automatic update feature that works out whether you need this patch or not. This is nothing new. Microsoft just updates the XML file to contain the relevant "if this dll exists with this version number then offer this patch" information.

It's the same logic that works out whether you need an Office patch or if your computer infected with a certain piece of spyware and offers a special "patch" to get rid of it before offering to install XP SP2 or if a particular patch is already installed so you don't need it again.

It's quite well established code that's been used for quite some time.

Detection Logic

[babbling]

"Detection logic" sounds like one of them, what do you call thems... ALGORITHMS! Yeah, that's it. Ought to get a patent on that.

Re:URL For Patch

[MobileTatsu-NJG]

"Click here for the patch."

GRRR they didn't finish testing this patch, either! Office looks funny and none of my games work!