MS update sends PCs 'haywire' Early reports are suggesting problems after users apply one of the six patches issued by Microsoft on Tuesday. Applying the MS07-040 patch for the .NET framework, which as luck would have it is probably Redmond's most important security fix this month, can lead to systems going "haywire", the SANS Institute's Internet Storm …
I use MS on a multimedia gaming box. The mentioned .NET security fix had difficulty installing and, after rebooting, my mouse hung and a nero media player app went all screwy (tech term). I did a cold boot and seem to have avoided any further problems.
I guess MS uses the term 'fix' kinda like gangsters use the term.
I work for an ISV, and the update broke our product. We're still scrambling to make sure that all our customers are okay. We investigated the reason for the break, and we're 99% sure that the change that broke our product had no security impact whatsoever. It is, however, a change that has been made to later revisions of .NET. It looks like, rather than releasing a patch just for the security issue they were trying to fix, Microsoft actually pushed their latest code version, with lots of changes that were previously Vista-only (or part of the later versions of .NET?)
Feels to us like Microsoft are taking short-cuts with security, and ignoring the customer impact. A few hours saved at Microsoft, man-years of productivity lost globally. That's the real Microsoft tax!
Yes, you're correct: most MS fixes involve fresh builds of their top-of-tree code for the affected component, not a small patch applied to a release branch.
I'm not really sure what else they could do; they'd be maintaining thousands of release branches by now if they didn't do that, and every patch would then have to come in a thousand different versions (or a million if it included fixes to *two* dlls instead of just one, a billion for three dlls, etc....!)
I received a call from my parents after they installed the update. The desktop would appear then the mouse cursor would freeze. Waiting 30 minutes then rebooting did not help. Their system essentially hung for several hours with constant hard drive activity. After the HD light stopped flashing, a restart returned the system to working condition.
To add to the list of woes: my system at work is the "guinea pig" for new MS patches, so it's set to to auto-download/patch.
Came in next morning and my graphics driver was VgaSave and my two screens were set to 640x480, 8-bit. It was as if the Nvidia driver had been completely uninstalled.
I nearly hit the "Red Alert - Virus Intrusion" button until I read the various articles.
Come to think of it - a Microsoft patch and a virus...? Maybe I should still hit that button...
"I received a call from my parents after they installed the update. The desktop would appear then the mouse cursor would freeze. Waiting 30 minutes then rebooting did not help. Their system essentially hung for several hours with constant hard drive activity. After the HD light stopped flashing, a restart returned the system to working condition."
Frozen mouse cursor, HDD thrashing, hanging system... yer AV is in order pal? (In best Rick Deckard voice)
Are you *really* sure that the patch didn't simply break the mass-mailing botnet that lives within *all* our parent's computers?
On another note, I find it hilarious how everyone beats on MS at every chance. People seem to forget that MS are the ones who set the standards for their OS. If groups like certain video card manufactures don't follow documented methods , go and do things like kludge in their own proprietary hardware control panels; well, you have to expect something to break, don't you? Personally I disable said kludgy obfuscated tosh and force the drivers to use the good old standard control panel. I also disable all the "helper" services that said drivers install that simply take up CPU time and RAM to give you flashy system bar icons. No, thank you, but NO. Funny how my rig runs a lot smoother after that, and I had no trouble with the .Net patch - all 10 machines I am responsible for updated without a hitch!
Luckily my system didn't go haywire after installing the .NET patch, but afterwords I noticed a new process running called mscorsvw.exe. I run my XP system pretty lean and mean and have disabled all non-essential services and processes (I only have a total of 4 non-MS processes and 4 non-MS services that load on startup...) so I was curious as to what it was. Doing a quick web search, it turns out it is a background compiler for .NET assemblies. Theoretically it is supposed to compile the assemblies during idle time (it is set to lowest priority) but mine wasn't doing much of anything while my system was just idling. The info I found says if you run the command ngen.exe executequeueditems from the .NET folder (mine happened to be in C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727) it will force it to process everything it has in the queue. I gave it a try, and it worked great - it compiled something like 97 assemblies, and after a reboot the mscorsvw process is no longer running.
BTW, if the process is running at 100% CPU usage after you execute the command, that indicates that the .NET framework is corrupt and should be reinstalled. Check out http://searchwincomputing.techtarget.com/tip/0,289483,sid68_gci1225866,00.html for more info on the process.
what i've had to do was to install each update 1 at a time.
with .net,i got surprised!
when i got tired of watching that configuring updates notice,i did a "hard" boot and turned off the master power switch.
then powered back up and lo and behold...it updated and installed.
having a rough time installing .....928 update,still won't take!
tomorrow is another day!
also...do NOT install junk mail filter if you do NOT use windows mail [ outlook express replacement ]
http://www.theregister.co.uk/2007/07/12/ms_patch_problems/
I generally get these patches 2 weeks before release...so does 10,000 or so people. Small sample if you ask me, but one machine that had the biggest issues was running 2 bots, one IRC based one, another completely written in C# (which had unrestricted access to the network card). The bot machine died...
(It's a honey pot, I was trying to track the botnet's master list...)
MS' policy of distributing patches this way has worried me for a long time. The risk is that a duff patch, which gets through testing, can kill millions of machines worldwide.
The other risk is that someon will crack MS' auto update system and use it to distribute malware...
Sooner or later this will happen - & the current problems will pale into insignificance as we are forced to restore from backups, then attempt to patch the old installations from MS' now overloaded servers and an overloaded web....
Time for a rethink methinks.
I use a maa-ac, I use a maa-ac; come kiss my aaa-ass, come kiss my aaa-ass!
There...that ought to get the ol' debate fired up again :)
One of the main reasons for me moving to a Mac from being a PC user since '88 was the problems with patches, and how easy it was for MS to screw everyones machines in one go with a "fix".
I'm definitely, definitely not saying that Macs are immune to this sort of thing happening but; we don't have it happening just about every month of the year! Last time I had a major issue with a Mac was moving over to OSX 10.something when it first moved from OS 9 to OSX.
But hey, I guess us Mac users are just smarmy trainspotters with nothing better to do with our time than actually be productive on our machines :)
One of our clients installed the patches and it may be unrelated but a shed load of office applications opened to which a forced reboot was needed and then after reboot sage MMS would not work (.NET error). There was no virii or spyware and we had to reinstall all of the .NET framework files from 1.1 to 3 to get it back again.
I'm not too sure if this was a different issue to the one above but since Microsoft rock I will forgive them this time.
"Oops. Hope everyone backed up before installing."
Well thats half the point isn't it - M$ encourages users to set Windows "automatic updates" to transparently install stuff without prompting them, and then pushes broken fixes out which kills their machines.
Something else which *really* annoys me about the automatic updates system - it has been abused by M$ as a mechanism to ensure that IE, Outlook and Windows Media Player are all installed on as many Windows machines as possible.
I have disabled all of these applications through the 'Add/Remove Windows Components' facility (You can't truly uninstall any of them), however the automatic updates mechanism keeps reinstalling and reactivating them via patches.
My own computer, used mainly for gaming, was unaffected by this latest piece of malware. My parent's main PC on the other hand had to be completely reinstalled, courtesy of the rollback not working right.
I expect one of the laptops to fail today, it being friday the 13th after all. But I might get lucky.
Well I'm glad I held off approving the updates for a couple of days!
What worries the most is that with all the Microsoft security mailing lists, and RSS feeds to keep people like us up to date, I heard about this first on thereg! I've checked through my e-mails and RSS feed items and there doesn't seem to be anything from them alerting users to potential problems (perhaps they sent alerts via a list I haven't managed to find yet!).
Out of interest, what mailing lists / feeds / whatever do people use these days to keep up to date with issues like this? ntbugtraq used to be my favourite but that seems to have gone to the wall, as I haven't seen anything from there in ages.
I've seen the same problem on the two machines where I do have auto updates enabled. The remainder of my machines are not connected to the internet and they don't participate in auto-updates. As of yesterday, I've had to disable auto updates on those two machines. Over the past couple of years, auto updates have cause legitimate working software to stop working. Microslop's response is that their updates will cause no adverse effects on "properly written programs". Therefore, if the update makes software stop working, then it's not Microslop's fault, or so their so-called logic goes.
Hi Keith,
M$ have two lists (to which they send traditional-signed PGP messages), both of which you subscribe to through the needlessly complicated and not-worth-the-bother-of-going-through process of logging in with your M$ Passport and visiting your mailinglist (newsletter) preferences. I was bounced off both due to being offline for a while and haven't yet (and probably never will) regain the courage to subscribe again. The same is available with RSS and .NET alerts, but IMHO you get better quality, less-spun-out data from us-cert.gov. Anyway, one list is for actual notices while the other is for minor revision notifications. Every minor revision is noted, and there will be somewhere a reference to an M$ KB article in which the problem is explained. To be honest, though, I just wouldn't bother - M$ are always surrounding their announcements in spin and keeping the meat of the issue out of plain sight, and have on several occasions downplayed the significance of various flaws, so just use cert or other reputable places. They are frequently sending their announcements at time of actual release rather than several hours/(occasionally) days later.
Cheers,
Sabahattin
<quote>
Yes, you're correct: most MS fixes involve fresh builds of their top-of-tree code
for the affected component, not a small patch applied to a release branch.
I'm not really sure what else they could do; they'd be maintaining thousands of release
branches by now if they didn't do that, and every patch would then have to come in
a thousand different versions (or a million if it included fixes to *two* dlls instead
of just one, a billion for three dlls, etc....!)
</quote>
Hang on, this can't be right. Can't M$ just maintain a single development line for any given OS and simply add *patches* to it? You know, like Debian does. Can you imagine Debian updating OpenSSL in Stable on every box as a security update if it also meant a major revision that broke binary compatibility? Argh! No, it wouldn't happen - they wouldn't make every new component work with a small update just so you could have the latest version of the package being updated. They will just make the small change necessary to fix the problem in the current version and leave everything else well alone (production quality software, y'see). They are literally giving you binaries that incorporate the few small changes needed to affect the security improvement in whatever is being fixed. Hell, even in source-based OSs like the BSDs, you have code branches to which you build your system against, with the understanding that you won't get screwed by feature/functionality/interface improvements. This isn't so with Gentoo, though (well, not yet, anyhow).
Cheers,
Sabahattin
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
