Feeds

The Return of BSOD: Does ANYONE trust Microsoft patches?

Sysadmins, you're either fighting fires or seen as incompetents now

Choosing a cloud hosting partner with confidence

Patch early and patch often is the advice of security professionals when it comes to software updates.

After all, who needs to be left wide open to hackers and malware writers when the solution is delivered by the software's maker?

Yet sysadmins will be increasingly leery of applying such an approach to Windows systems following Microsoft's latest botch job.

On 12 August Microsoft released 40 updates for Internet Explorer, Windows 7 and Windows 8 Pro.

Very shortly afterwards people began reporting their Windows machines bricking – while others glimpsed something they hadn't seen in a very long time: the Blue Screen of Death. Many thought BSODs were a thing of the past in this brave new Windows 7 (and 8) world.

They were wrong. As ever, people were in the dark over what had gone wrong and why.

"I have spent about 8 hours looking into this and I found out that the error occurs when I install any of the following updates: KB2976897, KB2982791 and KB2970228. I checked my laptop's ram and hard disk and they do not show any defects," wrote Frank on a Microsoft forum.

Tempers were running high. "I wasted loads of time trying to get my PC to boot as mine boots in to a blue screen and it comes with error "win32k.sys," wrote 007L2Kill.

One user unloaded: "I wish that Microsoft would check the updates before releasing them I suspect that these updates mentioned above are not compatible with windows 7 64bit which I am running."

Susan Bradley, a Microsoft “valued professional community moderator”, shot back:

"They do test, they just missed something here. Would you mind emailing me so we can get this officially investigated? The more samples/cases we have the faster we can get to the bottom of it."

Hardly the words of comfort one expects from Microsoft. Judging by Bradley's comments, the software giant was as clueless about what had gone wrong as the hapless users.

It was also clear the BSOD plague was hitting everybody, from those supporting elderly relatives' PCs up to serious business users. Yet amid the horror there was humour:

"I thought that only Windows 98 systems got blue-screen errors?," wrote Joe Blough. "(I am laughing at you all, because I haven't seen a blue-screen error on my win-98se system for years. I'm typing this reply on one such win-98 system right now - it has 2 gb of installed ram and win-98 can see and use all of it thanks to a few patches. And no, I'm not running 98 in a VM.)"

Microsoft has now retreated from the update, taking the second quickest route to fixing something - the first being "power button off, power button on". It's told users to uninstall the botched update from crippled PCs. Microsoft has also removed the offending download links from its site.

It's not the first update cockup from Microsoft in recent months.

Already this month Redmond has had to rush out hotfixes to repair the security updates to Internet Explorer versions 7 through to 11 in July and August, which caused IE users' web browsing to run at the speed of cold molasses in January. Or, running that description through the Microsoft filter, after you applied patches MS14-037 and MS14-051: "Web applications that implement consecutive modal dialog boxes may cause Internet Explorer to become slow and unresponsive over time."

In November 2013 Surface Pro 2 vanity slabs were overheating thanks to a fault that was also making the screens go too dark to be read.

An update from Microsoft released in December which supposed to stop the problem only made it worse, spawning a variety of new difficulties. Users reported their Surfaces weren't charging properly, the batteries draining and bogus error messages kept popping up. Others simply couldn't install the update.

What did Microsoft do? Retreat, again: it pulled the update and postponed delivery of fresh patches to after Christmas, when, Microsoft assumed, lots of new Surfaces would have been purchased.

Microsoft has dragged its development practices into the 20th century, it has recently been said.

But whether it's Waterfall, Agile or another en vogue development methodology working its way through Microsoft, the company's clearly got a serious problem on development and delivery of fault-free patches.

The worst part? It's about to get a lot more complicated as Microsoft has decided the whole update system works so well, it can throw system updates into the code stew too.

Unfortunately, the fact that Microsoft's security fixes keeps making things worse makes this not just a problem for Microsoft it's an issue for millions of PC users.

Sysadmins must decide whether to trust Microsoft one more time or to run the gauntlet of hackers and malware writers, applying patches late and infrequently to save their own sanity and their credibility in the workplace. ®

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
The cloud that goes puff: Seagate Central home NAS woes
4TB of home storage is great, until you wake up to a dead device
Azure TITSUP caused by INFINITE LOOP
Fat fingered geo-block kept Aussies in the dark
You think the CLOUD's insecure? It's BETTER than UK.GOV's DATA CENTRES
We don't even know where some of them ARE – Maude
Intel offers ingenious piece of 10TB 3D NAND chippery
The race for next generation flash capacity now on
Want to STUFF Facebook with blatant ADVERTISING? Fine! But you must PAY
Pony up or push off, Zuck tells social marketeers
Oi, Europe! Tell US feds to GTFO of our servers, say Microsoft and pals
By writing a really angry letter about how it's harming our cloud business, ta
BOFH: WHERE did this 'fax-enabled' printer UPGRADE come from?
Don't worry about that cable, it's part of the config
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Managing SSL certificates with ease
The lack of operational efficiencies and compliance pitfalls associated with poor SSL certificate management, and how the right SSL certificate management tool can help.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.