Feeds

The Return of BSOD: Does ANYONE trust Microsoft patches?

Sysadmins, you're either fighting fires or seen as incompetents now

Protecting against web application threats using SSL

Patch early and patch often is the advice of security professionals when it comes to software updates.

After all, who needs to be left wide open to hackers and malware writers when the solution is delivered by the software's maker?

Yet sysadmins will be increasingly leery of applying such an approach to Windows systems following Microsoft's latest botch job.

On 12 August Microsoft released 40 updates for Internet Explorer, Windows 7 and Windows 8 Pro.

Very shortly afterwards people began reporting their Windows machines bricking – while others glimpsed something they hadn't seen in a very long time: the Blue Screen of Death. Many thought BSODs were a thing of the past in this brave new Windows 7 (and 8) world.

They were wrong. As ever, people were in the dark over what had gone wrong and why.

"I have spent about 8 hours looking into this and I found out that the error occurs when I install any of the following updates: KB2976897, KB2982791 and KB2970228. I checked my laptop's ram and hard disk and they do not show any defects," wrote Frank on a Microsoft forum.

Tempers were running high. "I wasted loads of time trying to get my PC to boot as mine boots in to a blue screen and it comes with error "win32k.sys," wrote 007L2Kill.

One user unloaded: "I wish that Microsoft would check the updates before releasing them I suspect that these updates mentioned above are not compatible with windows 7 64bit which I am running."

Susan Bradley, a Microsoft “valued professional community moderator”, shot back:

"They do test, they just missed something here. Would you mind emailing me so we can get this officially investigated? The more samples/cases we have the faster we can get to the bottom of it."

Hardly the words of comfort one expects from Microsoft. Judging by Bradley's comments, the software giant was as clueless about what had gone wrong as the hapless users.

It was also clear the BSOD plague was hitting everybody, from those supporting elderly relatives' PCs up to serious business users. Yet amid the horror there was humour:

"I thought that only Windows 98 systems got blue-screen errors?," wrote Joe Blough. "(I am laughing at you all, because I haven't seen a blue-screen error on my win-98se system for years. I'm typing this reply on one such win-98 system right now - it has 2 gb of installed ram and win-98 can see and use all of it thanks to a few patches. And no, I'm not running 98 in a VM.)"

Microsoft has now retreated from the update, taking the second quickest route to fixing something - the first being "power button off, power button on". It's told users to uninstall the botched update from crippled PCs. Microsoft has also removed the offending download links from its site.

It's not the first update cockup from Microsoft in recent months.

Already this month Redmond has had to rush out hotfixes to repair the security updates to Internet Explorer versions 7 through to 11 in July and August, which caused IE users' web browsing to run at the speed of cold molasses in January. Or, running that description through the Microsoft filter, after you applied patches MS14-037 and MS14-051: "Web applications that implement consecutive modal dialog boxes may cause Internet Explorer to become slow and unresponsive over time."

In November 2013 Surface Pro 2 vanity slabs were overheating thanks to a fault that was also making the screens go too dark to be read.

An update from Microsoft released in December which supposed to stop the problem only made it worse, spawning a variety of new difficulties. Users reported their Surfaces weren't charging properly, the batteries draining and bogus error messages kept popping up. Others simply couldn't install the update.

What did Microsoft do? Retreat, again: it pulled the update and postponed delivery of fresh patches to after Christmas, when, Microsoft assumed, lots of new Surfaces would have been purchased.

Microsoft has dragged its development practices into the 20th century, it has recently been said.

But whether it's Waterfall, Agile or another en vogue development methodology working its way through Microsoft, the company's clearly got a serious problem on development and delivery of fault-free patches.

The worst part? It's about to get a lot more complicated as Microsoft has decided the whole update system works so well, it can throw system updates into the code stew too.

Unfortunately, the fact that Microsoft's security fixes keeps making things worse makes this not just a problem for Microsoft it's an issue for millions of PC users.

Sysadmins must decide whether to trust Microsoft one more time or to run the gauntlet of hackers and malware writers, applying patches late and infrequently to save their own sanity and their credibility in the workplace. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
Wanna keep your data for 1,000 YEARS? No? Hard luck, HDS wants you to anyway
Combine Blu-ray and M-DISC and you get this monster
Google+ GOING, GOING ... ? Newbie Gmailers no longer forced into mandatory ID slurp
Mountain View distances itself from lame 'network thingy'
US boffins demo 'twisted radio' mux
OAM takes wireless signals to 32 Gbps
Apple flops out 2FA for iCloud in bid to stop future nude selfie leaks
Millions of 4chan users howl with laughter as Cupertino slams stable door
Students playing with impressive racks? Yes, it's cluster comp time
The most comprehensive coverage the world has ever seen. Ever
Run little spreadsheet, run! IBM's Watson is coming to gobble you up
Big Blue's big super's big appetite for big data in big clouds for big analytics
Seagate's triple-headed Cerberus could SAVE the DISK WORLD
... and possibly bring us even more HAMR time. Yay!
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.