Feeds

The Return of BSOD: Does ANYONE trust Microsoft patches?

Sysadmins, you're either fighting fires or seen as incompetents now

Internet Security Threat Report 2014

Patch early and patch often is the advice of security professionals when it comes to software updates.

After all, who needs to be left wide open to hackers and malware writers when the solution is delivered by the software's maker?

Yet sysadmins will be increasingly leery of applying such an approach to Windows systems following Microsoft's latest botch job.

On 12 August Microsoft released 40 updates for Internet Explorer, Windows 7 and Windows 8 Pro.

Very shortly afterwards people began reporting their Windows machines bricking – while others glimpsed something they hadn't seen in a very long time: the Blue Screen of Death. Many thought BSODs were a thing of the past in this brave new Windows 7 (and 8) world.

They were wrong. As ever, people were in the dark over what had gone wrong and why.

"I have spent about 8 hours looking into this and I found out that the error occurs when I install any of the following updates: KB2976897, KB2982791 and KB2970228. I checked my laptop's ram and hard disk and they do not show any defects," wrote Frank on a Microsoft forum.

Tempers were running high. "I wasted loads of time trying to get my PC to boot as mine boots in to a blue screen and it comes with error "win32k.sys," wrote 007L2Kill.

One user unloaded: "I wish that Microsoft would check the updates before releasing them I suspect that these updates mentioned above are not compatible with windows 7 64bit which I am running."

Susan Bradley, a Microsoft “valued professional community moderator”, shot back:

"They do test, they just missed something here. Would you mind emailing me so we can get this officially investigated? The more samples/cases we have the faster we can get to the bottom of it."

Hardly the words of comfort one expects from Microsoft. Judging by Bradley's comments, the software giant was as clueless about what had gone wrong as the hapless users.

It was also clear the BSOD plague was hitting everybody, from those supporting elderly relatives' PCs up to serious business users. Yet amid the horror there was humour:

"I thought that only Windows 98 systems got blue-screen errors?," wrote Joe Blough. "(I am laughing at you all, because I haven't seen a blue-screen error on my win-98se system for years. I'm typing this reply on one such win-98 system right now - it has 2 gb of installed ram and win-98 can see and use all of it thanks to a few patches. And no, I'm not running 98 in a VM.)"

Microsoft has now retreated from the update, taking the second quickest route to fixing something - the first being "power button off, power button on". It's told users to uninstall the botched update from crippled PCs. Microsoft has also removed the offending download links from its site.

It's not the first update cockup from Microsoft in recent months.

Already this month Redmond has had to rush out hotfixes to repair the security updates to Internet Explorer versions 7 through to 11 in July and August, which caused IE users' web browsing to run at the speed of cold molasses in January. Or, running that description through the Microsoft filter, after you applied patches MS14-037 and MS14-051: "Web applications that implement consecutive modal dialog boxes may cause Internet Explorer to become slow and unresponsive over time."

In November 2013 Surface Pro 2 vanity slabs were overheating thanks to a fault that was also making the screens go too dark to be read.

An update from Microsoft released in December which supposed to stop the problem only made it worse, spawning a variety of new difficulties. Users reported their Surfaces weren't charging properly, the batteries draining and bogus error messages kept popping up. Others simply couldn't install the update.

What did Microsoft do? Retreat, again: it pulled the update and postponed delivery of fresh patches to after Christmas, when, Microsoft assumed, lots of new Surfaces would have been purchased.

Microsoft has dragged its development practices into the 20th century, it has recently been said.

But whether it's Waterfall, Agile or another en vogue development methodology working its way through Microsoft, the company's clearly got a serious problem on development and delivery of fault-free patches.

The worst part? It's about to get a lot more complicated as Microsoft has decided the whole update system works so well, it can throw system updates into the code stew too.

Unfortunately, the fact that Microsoft's security fixes keeps making things worse makes this not just a problem for Microsoft it's an issue for millions of PC users.

Sysadmins must decide whether to trust Microsoft one more time or to run the gauntlet of hackers and malware writers, applying patches late and infrequently to save their own sanity and their credibility in the workplace. ®

Internet Security Threat Report 2014

More from The Register

next story
Cray-cray Met Office spaffs £97m on VERY AVERAGE HPC box
Only 250th most powerful in the world? Bring back Michael Fish
UK.gov pushes for SWIFT ACTION against nuisance calls, threatens £500k fines
DCMS seeks lowering of legal threshold to fight rogue firms
Just don't blame Bono! Apple iTunes music sales PLUMMET
Cupertino revenue hit by cheapo downloads, says report
The DRUGSTORES DON'T WORK, CVS makes IT WORSE ... for Apple Pay
Goog Wallet apparently also spurned in NFC lockdown
Microsoft brings the CLOUD that GOES ON FOREVER
Sky's the limit with unrestricted space in the cloud
'ANYTHING BUT STABLE' Netflix suffers BIG Europe-wide outage
Friday night LIVE? Nope. The only thing streaming are tears down my face
Google roolz! Nest buys Revolv, KILLS new sales of home hub
Take my temperature, I'm feeling a little bit dizzy
prev story

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
How to simplify SSL certificate management
Simple steps to take control of SSL certificates across the enterprise, and recommendations centralizing certificate management throughout their lifecycle.