Feeds

The Return of BSOD: Does ANYONE trust Microsoft patches?

Sysadmins, you're either fighting fires or seen as incompetents now

Internet Security Threat Report 2014

Patch early and patch often is the advice of security professionals when it comes to software updates.

After all, who needs to be left wide open to hackers and malware writers when the solution is delivered by the software's maker?

Yet sysadmins will be increasingly leery of applying such an approach to Windows systems following Microsoft's latest botch job.

On 12 August Microsoft released 40 updates for Internet Explorer, Windows 7 and Windows 8 Pro.

Very shortly afterwards people began reporting their Windows machines bricking – while others glimpsed something they hadn't seen in a very long time: the Blue Screen of Death. Many thought BSODs were a thing of the past in this brave new Windows 7 (and 8) world.

They were wrong. As ever, people were in the dark over what had gone wrong and why.

"I have spent about 8 hours looking into this and I found out that the error occurs when I install any of the following updates: KB2976897, KB2982791 and KB2970228. I checked my laptop's ram and hard disk and they do not show any defects," wrote Frank on a Microsoft forum.

Tempers were running high. "I wasted loads of time trying to get my PC to boot as mine boots in to a blue screen and it comes with error "win32k.sys," wrote 007L2Kill.

One user unloaded: "I wish that Microsoft would check the updates before releasing them I suspect that these updates mentioned above are not compatible with windows 7 64bit which I am running."

Susan Bradley, a Microsoft “valued professional community moderator”, shot back:

"They do test, they just missed something here. Would you mind emailing me so we can get this officially investigated? The more samples/cases we have the faster we can get to the bottom of it."

Hardly the words of comfort one expects from Microsoft. Judging by Bradley's comments, the software giant was as clueless about what had gone wrong as the hapless users.

It was also clear the BSOD plague was hitting everybody, from those supporting elderly relatives' PCs up to serious business users. Yet amid the horror there was humour:

"I thought that only Windows 98 systems got blue-screen errors?," wrote Joe Blough. "(I am laughing at you all, because I haven't seen a blue-screen error on my win-98se system for years. I'm typing this reply on one such win-98 system right now - it has 2 gb of installed ram and win-98 can see and use all of it thanks to a few patches. And no, I'm not running 98 in a VM.)"

Microsoft has now retreated from the update, taking the second quickest route to fixing something - the first being "power button off, power button on". It's told users to uninstall the botched update from crippled PCs. Microsoft has also removed the offending download links from its site.

It's not the first update cockup from Microsoft in recent months.

Already this month Redmond has had to rush out hotfixes to repair the security updates to Internet Explorer versions 7 through to 11 in July and August, which caused IE users' web browsing to run at the speed of cold molasses in January. Or, running that description through the Microsoft filter, after you applied patches MS14-037 and MS14-051: "Web applications that implement consecutive modal dialog boxes may cause Internet Explorer to become slow and unresponsive over time."

In November 2013 Surface Pro 2 vanity slabs were overheating thanks to a fault that was also making the screens go too dark to be read.

An update from Microsoft released in December which supposed to stop the problem only made it worse, spawning a variety of new difficulties. Users reported their Surfaces weren't charging properly, the batteries draining and bogus error messages kept popping up. Others simply couldn't install the update.

What did Microsoft do? Retreat, again: it pulled the update and postponed delivery of fresh patches to after Christmas, when, Microsoft assumed, lots of new Surfaces would have been purchased.

Microsoft has dragged its development practices into the 20th century, it has recently been said.

But whether it's Waterfall, Agile or another en vogue development methodology working its way through Microsoft, the company's clearly got a serious problem on development and delivery of fault-free patches.

The worst part? It's about to get a lot more complicated as Microsoft has decided the whole update system works so well, it can throw system updates into the code stew too.

Unfortunately, the fact that Microsoft's security fixes keeps making things worse makes this not just a problem for Microsoft it's an issue for millions of PC users.

Sysadmins must decide whether to trust Microsoft one more time or to run the gauntlet of hackers and malware writers, applying patches late and infrequently to save their own sanity and their credibility in the workplace. ®

Internet Security Threat Report 2014

More from The Register

next story
Docker's app containers are coming to Windows Server, says Microsoft
MS chases app deployment speeds already enjoyed by Linux devs
IBM storage revenues sink: 'We are disappointed,' says CEO
Time to put the storage biz up for sale?
'Hmm, why CAN'T I run a water pipe through that rack of media servers?'
Leaving Las Vegas for Armenia kludging and Dubai dune bashing
Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
Zuck's ad empire DOESN'T see details in plain text. Phew!
Windows 10: Forget Cloudobile, put Security and Privacy First
But - dammit - It would be insane to say 'don't collect, because NSA'
Symantec backs out of Backup Exec: Plans to can appliance in Jan
Will still provide support to existing customers
VMware's tool to harden virtual networks: a spreadsheet
NSX security guide lands in intriguing format
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.