Microsoft Pulls Broken XP Update

Cally writes "Yahoo! reports that Microsoft have pulled a Windows XP update from the Windows Update servers after it killed network access for some users of the claimed 600,000 who installed it. (Does this mean only 600,000 XP users trust Windows Update?) The story hints that the problem was something to do with VPN or IPSec drivers clashing with Symantec software - however I haven't found anything about this on the Microsoft KnowledgeBase (the link Yahoo provide goes to the generic support home page.) Anyone got more info?"

updated link

[Carl_Cne]

try http://support.microsoft.com/default.aspx?scid=kb; en-us;818043

Link has a typo.

[nlinecomputers]

Not sure but I think this is the link. Does not mention that it is pulled though.

http://support.microsoft.com/default.aspx?scid=k b; en-us;818043

Re:Link has a typo.

[mattrix2k]

Clickable [microsoft.com] (link to MSKB article)

Re:Microsoft Security

[Dot.Com.CEO]

RTFA. I mean it is not entirely your fault, the idiotic "reporting" of "news" from michael leaves a lot to be desired, but in the article, as well as in the three line summary to which you reply, there is a mention of some people only losing network connectivity after installing the patch. Actually READING the article (a novel idea, but bear with me) renders the following:

""There were hundreds of thousands of people who downloaded this, and we know of only a handful of people who had the problem."

Re:Microsoft Security

[Anonymous Coward]

any word on what they are doing for the 600,000 people who got their access fried?

What 600,000 people had anything 'fried'?

Article:
"There were hundreds of thousands of people who downloaded this, and we know of only a handful of people who had the problem."

Before you all complain about auto update...

[26199]

The article says that since this wasn't a critical patch, just an 'improvement', auto update doesn't install it.

attribution

[Cally]

Story submitter here - I forgot the attribution (my bad); I picked this up from the Full Disclosure mailing list [netsys.com], specifically, this post [netsys.com] by Richard M. Smith.

It wasn't just Symantec

[Anonymous Coward]

Yet another example of MS trying toi pass the buck and dodge the bullet...

I had NO symantec s/ware on my system, (I use Mcafee) and I lost all networking / internet access.

Also, the Yahoo article says that the update had to be removed which is bull$hit, the update could NOT be removed, and the only way to fix my system was to re-install and re-update Windoze.

MS said only a small number complained, well, I did, and a couple of days later the update was pulled, no reply to my email though, not even a thank you or aknowlegment - typical MS =O(

fLaMePr0oF

Re:If only they had apt-get

[Saint Stephen]

I got tired of apt-get blowing up my unstable Debian, so I wrote this to make it transactional:

sub=dists/latest/binary-i386
dt=`date +"%y%m%d_%H%M%S"`
cd /data/apt
dpkg-scanpackages latest /dev/null > $sub/Packages
grep -Ex "Filename: latest/.+" $sub/Packages | sed "s/Filename: latest\/\(.*\)/\1/" > old/L$dt
pushd $sub
rm Packages.gz
gzip Packages
popd
mv latest $dt
mkdir latest
for x in `cat old/L$dt`; do mv $dt/$x latest; done
if [[ `ls $dt | wc -l` -eq 0 ]]; then rm -r $dt; fi

If it blows up, I can easily roll back, and keep a history of all the intermedate versions.

Re:Why is this news?

[theCoder]

True enough, but then again, I heard this story on NPR on my way to work today, so it's only natural that /. would carry something about it.

But you're right, this does remind me of the kernel-that-never-should-have-been. I don't remember the version number (it was in the 2.4 series), but it was the one that corrupted your drives when you unmounted them. Of course, IIRC, that kernel wasn't pulled, the next version was just released very quickly. You can still get that kernel version if you really want to corrupt your data :)

Re:No

[26199]

Nearly... it was 600,000 downloads, not 600,000 broken internet connections. According to the article only 'a handful' of the 600,000 who downloaded the patch had problems.

Re:That's the problem with automatic patching

[DShor]

To the best of my knowledge, the auto-patch would not download this as it was a "security improvement" not an "urgent repair". The only people who would get affected by this are the ones who manually downloaded it themselves.

Happens to even the best...

[Anonymous Coward]

As much as I can't stand M$, I've got to say that I had a similar experience with Mandrake when I was running 9.0 I ran an update and when I rebooted all of the sudden my wireless nic wouldn't come up! I later read in mandrakeforum that the initscripts that were part of the update were broken on some machines. I installed the old ones and I was back up, but it was an annoying couple of hours.

At least it wasn't a remote root exploit....

difficulty with software upgrades

[e**(i pi)-1]

Every software update is a risk. Especially OS updates. With software, I always fear that beside enhancements, also restrictions will be built in (happend with quicktime once years ago). Therefore, I usually
keep a copy of the old software or to make full backups before upgrading the OS. Updating software is not trivial because it X + A + B is not equal X + B + A : the update A can and will in general change something of the modification B. After a few such operations it becomes very difficult to keep track about all possible
states the users can have on their machine.

My experiences from updates:

- even for modern Linux distributions, it is a good idea
to make full new installs rather then upgrading. I personally
always had problems with upgrades and almost never had problems
with full reinstalls.

- the OS X updates went all smooth so far. Still, I always upgrade
first one machine, wait to see if everything works fine before
updating the others.

- XP updates. No problem with vmware. Just keep an copy of the
old virtual machine around. If something screws up or one of
the software has decided to "upgrade" itself:

rm -rf winXPHome
mv old.winXPHome winXPHome

Virtual machines can also easily be copied from one machine to
an other.

Re:Software Update Services...

[SkArcher]

ps. how many of todays slashdot readers know what ^H means?

Telnet backspace echo

Man, I miss MUDing

Anyhow, to respond to your point - independently test bedding M$ updates certainly sounds like a good idea, but it either means 1- A seperate testbed machine or 2- using a standard machine for the process.

1- requires a fair ammount of money in the company, while 2- still has the possibility of nixxing one machine

It's still a good idea though :)

Re:Microsoft Security

[Dot.Com.CEO]

Bollocks. First of all, MS outsources customer support in most countries, so you are likely never to have talked to a MS helpdesk. Second, and most important, I have had to talk to MS helpdesks in three different EU countries and, trust me, it has been VERY easy to get someone to register my problem. NOT ONCE have I been told to send them an e-mail. YMMV, of course, but "always", does not hold true.

Automatic Updates

[bjb]

I think the biggest problem is how the Windows Automatic Update feature is turned on by default on everyone's machines.

For most people, it is the only way they're ever going to install updates on their computer. However, I've found production Windows 2000 servers with this feature enabled! This is at least the 2nd or 3rd time that I've read a story on /. about a Windows XP/2000 patch that was no good.

If you want to disable automatic updates on your computer, go to Control Panel->System->Automatic Updates tab and click the buttons to turn it off. You'll be better off picking what you want to update manually.

updated clickable .....

[Anonymous Coward]

http://support.microsoft.com/default.aspx?scid=kb; en-us;818043 [microsoft.com] ...

Also don't install the 811493 fix

[drwtsn32]

If you're running XP SP1, you definitely do not want this fix. It will bring your system to a crawl. See this [microsoft.com] for more info.

Re:It wasn't just Symantec

[Johnny318]

On Friday 5/23 I had a customer complain that our wireless DSL was down. After doing all the usual junk over the phone, I drove out there and checked all wires, etc. Nothing. His machine was grabbing an IP dynamically, so the wiring HAD to be correct. I asked him, "When is the last time this worked properly?" and he said Wednesday (5/21). I was about to uninstall his virus checker (Mcafee online), but first went into the XP System Restore utility, and I noticed a restore point on Wednesday due to the installation of a Microsoft update. I restored to the way the system was before Wednesday and everything worked great! Unbelievable. Microsoft is totally underplaying this one.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:What Happened

[dr ttol]

Oops. The actual URL is:
http://www.threedegrees.com/MessageBoards/ShowPost .aspx?PostID=380 [threedegrees.com]

Sorry

Re:Automatic Updates

[nachoboy]

I think the biggest problem is how the Windows Automatic Update feature is turned on by default on everyone's machines.

Note that the Automatic Updates feature has three possible configurations.

1) Notify before downloading, notify before installing. This is the most conservative as user intervention is required twice along the way.

2) Download updates automatically, notify before installing. This is probably the best of the three options as it will trickle all updates down to your computer using unused bandwidth and then prompt you to install when everything is there. User still has FULL control over which patches get installed. This, by the way, is the default setting for Windows 2000 and Windows XP.

3) Download updates automatically, install them automatically on a preset schedule. For complete hands-off system administration, let Microsoft have full control over your machine. Not recommended but available anyway.

Of course it can be turned off completely or never installed in case you never want to deal with automatic patching.

greased turkey

[JahToasted]

2.4.15 I believe. Released on thanksgiving day so it was called "Greased Turkey". I remember reading about it on a machine that was using it. There was a way to unmount the drives without them being corrupted, luckily, so I was able to reboot into a different kernel. But it was pretty dicey.

The Fix

[Davak]

This problem should be easily fixable on any system.

When the update occurs, XP makes a new restore point.

If you are ever having problems after an update... just roll the system back. Easy.

Restore Point Link [bcentral.co.uk]

DavaK

Oh no! The sky is falling!

[delus10n0]

Give me a break. Let's all start the Micro$oft bashing, right? Because it couldn't possibly be another vendor's fault, like *cough*Symantec's*cough*?

I had a similar problem to this about a year ago, under Windows 2000. I was using a piece of firewall/intrusion detection software called BlackIce. They released a new version of BlackIce, I installed it. Then I installed a network/security update from Windows Update.. rebooted, and what do you know, my internet doesn't work anymore. I contact BlackIce's tech support (who was very helpful) and they admitted they were aware of an issue with that particular security update and their software not working together, and that they would be releasing a patch soon for BlackIce. Microsoft wasn't at fault for it, BlackIce was, and they admitted it.

Ironic I heard about it on Slashdot first

[OldBus]

I downloaded the update yesterday and I had problems later, although I didn't lose all networking. There didn't seem to be any sign what the problem was on the Microsoft support site.

So, I read Slashdot and find the answer to my Windows support problem! That's certainly different :)

BTW, to those who said the only way to solve is to reinstall Windows, have you tried rollin gback to the last system checkpoint before the upgrade? (worked for me on XP)

The parent post is false to get modded up-see here

[Overly Critical Guy]

Quoting from the site:

"This problem occurs because of a regression error in the Windows XP SP1 versions of the kernel files (Ntoskrnl.exe, Ntkrnlmp.exe, Ntkrnlpa.exe, and Ntkrpamp.exe) that were included in the original 811493 security update. On May 28, 2003, Microsoft released a revised version of the 811493 security update for Windows XP SP1 to address this problem."

It's fixed and is a non-issue. Moderators were had.

I had no problems with this and Symantec

[Anonymous Coward]

I have Symantec Norton Internet Security which according to the article was one of the programs incompatible with this patch.

If I hadn't checked /. I wouldn't have even known there was a problem since my connect still works fine.

The problem must lie elsewhere and not with Symantec.