Microsoft engineer: 'Definitely problems' with test process after crippling Windows patch

Microsoft engineer: 'Definitely problems' with test process after crippling Windows patch
Employee says latest 'Blue Screen of Death' screw-up affects only 1 in 10,000 PCs


Computerworld - A week after Microsoft pulled a Patch Tuesday update that crippled an unknown number of Windows 7 PCs, the company has yet to provide a working fix for either the original vulnerability or the resulting problem for people affected by the broken update.
Nor has Microsoft, which still retains a reputation for more transparency around security events than its rivals, including ultra-secretive Apple, issued any public statements outside the narrow confines of the MS14-045 "bulletin" that accompanied the three-patch update.
But someone claiming to be a Microsoft employee stepped up to fill some of the information void.
"We're working as hard as we can to fix this and release that fix as quickly as possible, so stay tuned for the re-release announcement soon," said Kurt Phillips on Wednesday. Phillips added that although he was not an official company spokesman, he was an "engineer on a very busy graphics team trying to fix our problem."


Computerworld was unable to confirm Phillips' identity; the only "Kurt Philips" at Microsoft listed on LinkedIn.com was a high-level manager on an Exchange team. Microsoft declined to either confirm or deny Phillips' identity, and also declined to comment on a timetable for a re-release of the MS14-045 patch.
"We are aware of some issues related to the recent updates and we are working on a fix," a Microsoft spokesman said via email late Thursday.

Phillips gave more detail than the company has offered publicly, and also acknowledged the screw-up. "The reason we pulled this patch was that IF you ran into the problem specified, it's a horrible user experience," Phillips wrote. "We made a fairly invasive change in font handling as part of a security patch and thought we had it tested properly, but there are definitely problems in our test coverage and design process that we need to address. We definitely have lessons to learn from this and we will."
As of early Friday, Microsoft had not re-released the flawed part of MS14-045, one of nine updates it shipped on Aug. 12; it then told users to uninstall the patch on Aug. 15. The company later removed the buggy patch from the Windows Update service.
In the absence of information from Microsoft, it was inevitable that customers filled the vacuum. In a long and still-growing discussion thread on the Microsoft support site, the overall impression has been sharply negative. Among the most benign messages were those wondering why Microsoft has not said more or simply asking when a fix would be available.
"Any idea when we will have a fix? What should we do in the mean time?" asked someone identified as heshie on the thread, which has grown to more than 500 messages and has been viewed over 97,000 times, both large numbers for Microsoft's support discussion forum.
On the same thread, however, Philips downplayed the scope of the problem that crippled some PCs with the notorious "Blue Screen of Death."
"One thing to keep in perspective here -- the actual numbers we get through telemetry (clearly not exhaustive, but definitely representative) are that the failures are only happening in ~0.01% of the overall population," Phillips said. "So, about 1 in 10,000 machines are crashing."
While the percentage cited by Phillips was indeed very low, it translated into about 85,000 Windows 7 PCs -- the machines that seem to be most affected -- or if all the estimated 1.52 billion personal computers running Windows worldwide was the population he had in mind, approximately 152,000 systems.
In either case, that's a lot of angry customers, many of whom spent hours either recovering or trying to recover their PCs.
"Just wanted to clear up some of the hyperbole -- Microsoft isn't crumbling, all of our testers weren't fired, etc. 99.99% success is pretty good in most jobs in this world, but clearly we need to strive for higher," Phillips continued.
Phillips was referring to speculation on the support thread and elsewhere by end users and IT administrators alike, who have all tried to explain what they see as a decline in the quality of Microsoft's software updates. Some of that speculation has revolved around the July job cuts \ Microsoft made in the U.S., where according to many accounts a large number of software test engineers were let go.
Phillips also gave a mixed message about whether Windows users should follow Microsoft's advice and uninstall the pertinent patches. "If you installed [the update] and haven't seen a Stop 0x50 [error], there's no guarantee you won't see one before we fix it, but look at the odds," Phillips wrote. "I'm not uninstalling. You need to make your own decision on that, of course."
Additional information on how customers should deal with the buggy updates can be found on Microsoft's support site.
http://www.computerworld.com/s/arti...erworld/news/feed+(Latest+from+Computerworld)

 

When Windows Update Fails, This Is How You Fix It

The recent Windows 8.1 August Update blindsided many users with issues. Some experienced BSODs or black screens, while others found themselves stuck in an infinite reboot loop.
http://forums.afterdawn.com/threads/when-windows-update-fails-this-is-how-you-fix-it.750175/


http://www.makeuseof.com/tag/windows-update-fails-fix/

 

Microsoft pulls updates, recommends uninstall


Summary: UPDATED. Customer reports of blue screens of death and reboot loops have led the company to withdraw several updates and recommend that users uninstall MS14-045.

Since Patch Tuesday this past week, Microsoft has been receiving reports of severe system errors caused by one or more of the updates. In response, the company has pulled several updates from download channels and offered advice on how to remove them. In one case, it recommends that users uninstall the update.
Updated on August 16: A Microsoft spokesperson tells ZDNet "[w]e are aware of some issues related to the recent updates and we are working on a fix."
Edward Langley at the Naked PowerShell Blog has written a series of PowerShell scripts to determine if any of the relevant updates are installed on a system.


The most severe case appears to be MS14-045 (Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation of Privilege). The security advisory recommends that users uninstall that update.

Microsoft reports problems with three other updates and has pulled them from download and provided uninstallation instructions, but has not specifically recommended that users uninstall. Two of these are non-security updates released on Tuesday. The third is a re-release ("Revision: 7.0") on Thursday, August 14 of an older update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2; only metadata was supposed to change in the new version and users who had previously installed it did not need to reinstall.
A Knowledge Base article written for these problems (KB2982791) includes uninstallation instructions and lists three known issues. We list #3 first because it is the most severe:



Known issue 3:Microsoft is investigating behavior in which systems may crash with a 0x50 Stop error message (bugcheck) after any of the following updates are installed:
2982791 MS14-045: Description of the security update for kernel-mode drivers: August 12, 2014
2970228 Update to support the new currency symbol for the Russian ruble in Windows
2975719 August 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2
2975331 August 2014 update rollup for Windows RT, Windows 8, and Windows Server 2012


This condition may be persistent and may prevent the system from starting correctly.
Known issue 1: After you install this security update, fonts that are installed in a location other than the default fonts directory (%windir%\fonts\) cannot be changed when they are loaded into any active session. Attempts to change, replace, or delete these fonts will be blocked, and a "File in use" message will be presented.


Known issue 2: Microsoft is investigating behavior in which fonts do not render correctly after any of the updates listed above for known issue 3 are installed.
The uninstallation instructions are long and involved and are detailed in the Knowledge Base articles linked to above.
Topics: Security, Microsoft
http://www.zdnet.com/microsoft-pulls-updates-recommends-uninstall-7000032678/