Microsoft's Emergency Internet Explorer Patch Renders Some Lenovo Laptops Unbootable (betanews.com) 165
Earlier this month, Microsoft issued an emergency patch for Internet Explorer to fix a zero-day vulnerability in the web browser. The problem affects versions of Internet Explorer from 9 to 11 across multiple versions of Windows, but it seems that the patch has been causing problems for many people. Specifically, people with some Lenovo laptop have found that after installing the KB4467691 patch they are unable to start Windows, reports BetaNews.
WTF (Score:5, Insightful)
If an OS stops booting because of a web browser then you know it's built on shit coding practices.
Again demonstrates what I mean about IE being dang (Score:5, Interesting)
Another demonstration of the fact, which Microsoft's execs testified to under oath, that IE hooks into the operating system in ways that other browsers do not. This makes security issues in IE more dangerous.
A bug in Chrome, or even randomly deleting Chrome files, doesn't make Windows unable to boot. No Firefox bug can ever make the system unbootable. Trying to fix IE makes the system unable to boot, because IE has its claws sunk into the operating system.
Therefore security issues in IE are more likely to affect the underlying operating system. Whenever I mention that on Slashdot, people agrue, saying I'm wrong. But here we see that trying to fix a security issue in IE makes the OS unbootable - IE security is tied into the OS. That's one more reason to avoid using Microsoft's browser.
Bad design indicates insufficient management. (Score:4, Interesting)
Therefore security issues in IE are more likely to affect the underlying operating system."
That seems correct to me. It seems that everywhere we look, we find that Microsoft is managed poorly.
Re: (Score:3, Funny)
It seems that everywhere we look, we find that Microsoft is managed poorly.
You check the bottom line?
Re:Bad design indicates insufficient management. (Score:5, Insightful)
I disagree. It's more likely that some Lenovo crapware had it's hooks into Windows AND IE and when Microsoft fixed the issue, the Lenovo crapware broke the system. Let's not forget Superfish....
https://en.wikipedia.org/wiki/Superfish#Lenovo_security_incident
Re: (Score:2)
While not likely to be superfish, this problem has been seen in the wild. I recall we had a bunch of Lenovo machines that were unbootable beyond a certain release of Windows 10 and it was one of the Lenovo "Platform Manager" software things causing it. Uninstalling it made it all wor
Re: Again demonstrates what I mean about IE being (Score:1)
I agrue with you.
Re: Again demonstrates what I mean about IE being (Score:5, Funny)
Your PC won't boot, leaving your basement pitch black.
You are likely to be eaten by agrue.
Re: Again demonstrates what I mean about IE being (Score:5, Funny)
What the hell is an "agrue"? Is it similar to an alot [blogspot.com]?
Re: (Score:2)
Mod parent up, STAT!
Re: (Score:2)
Agrue is when you argue while you agree (Score:2)
In this post, AlanObject agrued with me:
https://slashdot.org/comments.... [slashdot.org]
I said "during the primaries, only Trump polled lower than Clinton". He replied "you're so full of shit - Clinton polled better than Trump, you moron".
He said I was totally wrong, while stating that what I said was exactly right. He argued/agreed with me. He argued.
Or maybe it's just a typo. :)
I had a typo while trying to typo (Score:2)
That should be:
He argued/agreed with me. He agrued.
Re: (Score:3)
Because when MS said that shit during their anti-trust trial, people didn't believe them.
People thought they just added some hooks that didn't do anything, so that they could say it. They didn't think they really believed it was a good idea, or that they were going to not only do it for real but still be doing it twenty years later.
Re: (Score:1)
Another less known side of the story of IE considered being necessary was there was a *ton* of business/enterprise software that just embedded IE as a general text editor and/or display window. Getting rid of this would downright cause that software to crash because its running on windows, and windows always has IE. Can you imagine some businesses getting a forced update that removed IE and then business ground to a halt? oh right, windows does that anyway.
Re: (Score:3)
That's one more reason to avoid using Microsoft's browser.
I'm not disagreeing with you, but HOW does one "avoid using Microsoft's browser?"
TFS doesn't say that actually USING IE smoked the OS. The UPDATE did.
Before this incident, I would have been one of the jerks pointing out to you that MSFT was, by litigation, forced to decouple IE from the OS.
You're right and I was wrong.
Thanks.
Re: (Score:2)
There is a headless version of Windows Server that should allow you to run windows apps without IE, although IIRC, Quickbooks server relies on IE for remote connections, so your mileage may vary as to how viable headless windows is for running server applications.
Re: (Score:2)
Gentle User: "Install what with the who?"
Re:Again demonstrates what I mean about IE being d (Score:4, Insightful)
The sick reason why this is so. They built elements of internet explorer into the OS so that firefox and chrome would appear to load and run slower than internet explorer because elements of internet explorer are already running in windows. This was like delayed start for service in windows, ohh, look windows loads faster but whoops, it won't run apps tied to those services that have not started yet but M$ can brag how fast the windows GUI boots even though you can not run apps, until delayed start services have started.
That's one reason. History of COM, ActiveX, Active (Score:5, Interesting)
That's one bonus for Microsoft.
Historically, how it happened was in the early 1990s, before the web, Microsoft spent a ton of money building a really cool technology. The sudden rise of the web screwed up their plans and they had to scramble to try to salvage some of their investment.
They had something called OLE, Object Linking and Embedding. Basically it let you put one document inside another - a picture inside a spreadsheet, a song in a Word document. Microsoft spent lots of money and time building on this idea, it was their "big new thing", an OS (shell) and programming tools built around this concept. This next generation of OLE was called COM. Just before the release in Windows 95, something interesting happened.
As Microsoft was about to start the big PR blitz showing how not only could your Word documents contain pictures, but even your desktop could contain active programs, along came "IMG src". Even "TD IMG src" - you could have a table with an embedded picture with no proprietary Microsoft technology needed. Microsoft's "big new thing" was suddenly outdated as a overly complex, over-engineered mess just as it was released. Fuck! Literally their were a lot of Fun bombs at Microsoft when they saw the rise of HTML, with its simplicity.
So here's Microsoft with a billion dollars invested in a system for embedding pics in your documents and your desktop, suddenly not needed because HTML does documents with embedded pics and sounds so much simpler. What can Microsoft do to save their investment?
They route they chose was to rename COM to "ActiveX" and pitch it as a web technology. Internet Explorer became the most important ActiveX container. Instead of focusing on an Active Desktop, the sales pitch was to use this on the web, with ActiveX web pages. What was originally supposed to be done by the File Explorer shell now needed to be done by the browser, so the two projects merged to become Explorer. The desktop shell Explorer and the browser Explorer were the same code with a different wrapper.
Over time, the competitive issues you pointed out became more important.
Someone may point out "that was 20 years ago". Yes, it was. This post is a history lesson in how we got here.
Re:That's one reason. History of COM, ActiveX, Act (Score:5, Informative)
Your timeline is skewed. Active Desktop took place in Windows 98 with IE4. Then you go with
So here's Microsoft with a billion dollars invested in a system for embedding pics in your documents and your desktop, suddenly not needed because HTML does documents with embedded pics and sounds so much simpler. What can Microsoft do to save their investment? They route they chose was to rename COM to "ActiveX" and pitch it as a web technology.
That isn't what ActiveX is at all. It was an extension of COM to allow scriptability to the system. IDispatch. COM objects could now be usable in a type indifferent scripting language. They shoehorned this into the web, but it was and is a very large part of the Windows Explorer Shell. A common platform. Something Linux still struggles with.
Here's a 1995 MSDN article on iDispatch in COM (Score:5, Informative)
Here's an article that Microsoft added to MSDN in 1995.
The second half of the article covers iDispatch, a style of COM interface.
https://web.archive.org/web/20... [archive.org]
Here's the 1996 Microsoft announcement officially announcing the ActiveX name and their strategy for presenting it as a web technology, in which they say "ActiveX controls (formerly COM components)". The Microsodt announcement says thousands of COM/ActiveX components were already available, but could now be used in the web browser (IE 3.0).
According to Microsoft's announcement, ActiveX controls" were formerly called "COM components". According to their announcement, many companies had already been making them, as "COM" for desktop software, prior to IE 3.0 supporting them and the change to the ActiveX branding.
One reason I remember this so clearly is that I was one of the people making COM components at the time it was rebranded ActiveX. I know I didn't have to change my software in order to make my existing COM components, including a styleable linear "slider" control I designed, into ActiveX components - the only change was the branding.
You are correct that Active Desktop was September 1997.
Forgot the second link (Score:2)
I forgot to include the second link.
https://news.microsoft.com/199... [microsoft.com]
It's a PR puff piece, of course, so you can filter through the hype to get the information. The summary of that is:
Existing ActiveX controls (previously known as COM components) which were created desktop applications are now supported in IE.
Re:That's one reason. History of COM, ActiveX, Act (Score:5, Informative)
He left out the greater context in which this was happening. Netscape was the dominant browser from 1993-1998 [wikipedia.org]. You had to pay to buy Netscape during this time, just like buying Photoshop or Office. IE wasn't included as part of Win95, and as a standalone product it wasn't very successful.
Gates didn't believe in the Internet. Microsoft had bet on the CompuServe/GEnie/AOL model of global networking - where people paid to dialup to portals set up and controlled by one company. MSNBC was originally Microsoft's (and NBC's joint) foray into this model. That's right, you initially had to subscribe to MSNBC in order to view its content. As a result, Windows was late getting a TCP/IP stack (necessary for Internet) built in (it was included with Win95). Microsoft was very much a follower on everything happening on the Internet, like the web (which became big in 1994). Microsoft couldn't stomach the idea of someone else controlling the web, so they went for the jugular. They included IE for free with Win98, thus choking off Netscape's revenue stream. What Microsoft had done to Stacker was still fresh in everyone's minds. (Stac came up with the idea of disk compression. When Microsoft was unable to come to a licensing agreement with Stac, they built their own version and included it for free with MS-DOS, thus killing off the sale-ability of Stac's product.)
Bundling IE with Win98 for free would of course would raise the same legal issues the Stacker case raised - whether Microsoft should be allowed to use profits from DOS/Windows to subsidize development of products which competed with existing products which ran on DOS/Windows. There was a possibility a court would order Microsoft to unbundle IE and sell it separately in competition with Netscape. So to stave off that possibility, they did everything they could to tie IE as deeply as they could within Windows. That way they could honestly argue in court that it was impossible to unbundle IE from Windows.
And that deep embedding to prevent a court from thwarting their ploy to kill off Netscape is why an IE patch today can make Windows unbootable.
The COM and ActiveX stuff is relevant because Microsoft realized that if the world moved from DOS/Windows apps to generic web-based apps which could run on any OS as long as it had a compliant browser, nobody would pay for DOS/Windows anymore. So they set out to take control of web-based apps with ActiveX. (As it turned out, the performance hit for running a web-based app was big enough that it didn't really become competitive with native OSes until the mid-2000s, about the time Flash and Java came into their own.)
Re:That's one reason. History of COM, ActiveX, Act (Score:4, Insightful)
What is mind boggling is why they were so stubborn to change course and made themselves become increasingly more unpopular as they tried to force the ideas they wanted on everyone who did not want it. Really lost their customer focus and become unreliable suppliers. I liked all things M$ once, no longer, they seem not to be able to correct their mistakes and take on a greater customer focus. Instead, locked into forcing what they want on their customers but then they are not the only tech company to fall into exactly the same hole and just keep digging and digging as fast as they can, same crap warranties, same marketing lies, same dodging responsibility for major failures and same attitude to change, only when it is too late to work, only once they are forced.
Re: (Score:3)
Because it has worked for Microsoft.
The question is: why do people accept the shit that Microsoft shovels their way?
Re: (Score:2)
This was like delayed start for service in windows, ohh, look windows loads faster but whoops, it won't run apps tied to those services that have not started yet but M$ can brag how fast the windows GUI boots even though you can not run apps, until delayed start services have started.
Good. Not all apps depend on all services. There's no reason why e.g. Word should not run just because Windows doesn't have the network card up and running. Sequential booting is a relic of the 90s and we're all glad to be rid of it.
Re: (Score:2)
They made it hook in in response to the Netscape trial for Microsoft's competitive practices with marketing Internet Explorer. Netscape was trying to get the result of forcing Microsoft to remove the browser from the OS so they would compete on an even field. Bill Gates ordered them to make it where that couldn't be done. Microsoft had already made this argument in court but Netscape was able to prove they were lying. This led to Windows Millennium that they backported this "feature* to Windows 98.
Re: (Score:3)
That's one more reason to avoid using Microsoft's browser.
That's one more reason to avoid using Microsoft's operating system, too.
Re: (Score:2)
No Firefox bug can ever make the system unbootable.
Isn't Mozilla still installing that Maintenance Service with admin privileges?
Re: (Score:2)
While you're not wrong, you're not right either. The interaction between IE and Windows does mean that they are likely in some cases to share some code that could cause bugs or security issues to propagate between them.
It does however not mean that every security bug in IE is a Windows bug. It also doesn't mean that fixing bugs in IE automatically has an affect on the OS.
And given that this only affects Lenovo laptops what's the bet that this bug didn't affect Windows in the slightest, but rather Lenovo shi
Re: (Score:2)
> It does however not mean that every security bug in IE is a Windows bug.
Right, every week when there's another IE bug you don't know whether it provides the attacker access to exploit the kernel or system shell. Some do, some don't.
Contrast a Firefox bug. That's going to affect Firefox. Never the operating system.
Re: (Score:2)
Some do, some don't.
My point exactly.
Contrast a Firefox bug. That's going to affect Firefox. Never the operating system.
That depends entirely on what privileges you use to run Firefox. You are also abusing the timeline. Firefox was by far the last browser to implement sandboxed environments which means prior to Firefox 55 every arbitrary code execution CVE could affect any part of the system with the privileges of the local user which almost universally means the system is now no longer yours.
Don't get me wrong, integration is bad, but not integrating doesn't make it magically safe.
Re: (Score:2)
This didn't happen to the overwhelming majority of computers that received the patch, it happened to a specific subset. So it didn't brick the OS it bricked some vendor that did non-standard things to the OS.
And your argument that an OS shouldn't have deep browser hooks is ridiculous, unless you don't believe Chrome OS or FireFox OS are valid OS'.
Code re-use is a good thing. If a modern browser includes 2/3rds of the things necessary for an entire OS, why not make it the basis of an entire OS (obviously Go
Re: (Score:2)
> Your argument that an OS shouldn't have deep browser hooks is ridiculous, unless you don't believe Chrome OS or FireFox OS are valid OS'. ..
> obviously Google and Firefox thought this was a good idea).
Just so I understand, your argument is that ChromeOS and FirefoxOS are the best operating systems, and every operating system should try to be like FirefoxOS, because it worked so well?
Eh, maybe kinda. Four years before that (Score:2)
Windows Explorer aka File Explorer is the program which displays the desktop, start menu, taskbar, etc. It's what you see when you run Windows. Starting with Desktop Update (September 1997) and Windows 98, Explorer was actually displaying web pages when you navigated through your files. Settings for a folder, such as "show hidden files" were implemented as changes to the underlying web page. So at that point the Windows shell, the part of Windows you see, was implemented as a program for displaying web pag
Re:WTF (Score:4, Insightful)
Well, while I agree Microsoft probably weaved bits of IE deep into the OS go gain unfair advantages over competing browsers, the issue in question might also run deeper than the browser. For instance, they might have modified or extended a kernel API call to truly secure whatever runs on top of the kernel. So they might have patched the browser and the kernel to fix the issue, and fucked up the kernel bit of the patch.
The real issue is that Microsoft views their users are computer idiots (with some reason) and bundles OS and application layer diffs in one single patch, and you don't really know what a Microsoft patch does or modifies.
Re: (Score:2)
Re: (Score:2)
The real issue is that Microsoft views their users are computer idiots
Considering this only happens to Lenovo laptops can you really blame them?
Re:WTF (Score:5, Insightful)
If an OS stops booting because of a web browser then you know it's built on shit coding practices.
That depends on your objectives. If you want a system to be secure and robust, then it is shitty practice. If you want to maximize profit based on customer lock-in to a complex integrated monolithic system, it is good practice.
Microsoft made $110B in profit during the last fiscal year. That is up 14% on a year earlier, and a record high.
Long-term abuse (Score:3)
That is long-term abuse. Eventually markets find ways to navigate around abuse. Maybe ReactOS? [reactos.org]
Run Windows programs under Linux? How to run Windows software in Linux: Everything you need to know [pcworld.com]. (March 23, 2015)
A later story: How to Run Windows Programs on Linux? [mashtips.com] (August 10, 2018)
Re: (Score:2)
Eventually markets find ways to navigate around abuse.
Microsoft has been around for 43 years. They are making record revenues and profits. "Eventually" can be a long time.
Re: (Score:2)
That is long-term abuse. Eventually markets find ways to navigate around abuse. [...] Run Windows programs under Linux? How to run Windows software in Linux: Everything you need to know
Summary of Chris Hoffman's article:
1. Wine
2. Virtual machines
3. Dual-booting
Two methods mentioned in this article require a Windows license, which continues the same sort of abuse. All three continue the alleged abuses of Intel and AMD because they won't work on ARM computers, such as a Raspberry Pi or Pinebook.
Re: (Score:2)
Markets encourage bad behaving monopolies
Can markets do this without there already being some inefficiently managed government-granted exclusive right? For example, local ISPs have been able to assert market power because cities have inefficiently managed their rights of way.
Re: (Score:2)
It sounds good, but what is actually locked in by it? You can't use the browser on other platforms anyway, so having OS hooks doesn't do shit to assist lock-in.
If you're so attached to one browser that you've locked yourself to it, that affects you the same regardless of how it is implemented.
Re: (Score:1)
If an OS stops booting because of a web browser then you know it's built on shit coding practices.
This update is exceptionally bizarre. The description:
"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
The security update addresses the vulnerability by modifying how the scripting eng
Re:WTF (Score:4, Interesting)
If an OS stops booting because of a web browser then you know it's built on shit coding practices.
To be fair, we don't know what went wrong. As in, it's entirely possible that the patch itself was built incorrectly and includes files required for the operating system, incorrectly.
Also, someone down-stream indicated that MS' report indicates it involves SecureBoot, which I believe signs some things. It's possible an IE file was signed as required-to-never-change and just did, or something similar. I'm not fluent with SecureBoot, but my point is that folks are jumping to conclusions that aren't (yet) merited, dumb as the outcome is.
Re:WTF (Score:5, Interesting)
Re: WTF (Score:2)
Perhaps Microsoft is " fixing " more than what they say they are.
The real question is, while they say they are doing X, what else are they doing under the hood that they don't bother to say anything about.
WINDOWS is not bootable (Score:3, Informative)
Stating a device is not bootable is far different than stating that an operating system is not bootable. The headline alone implies that a Windows update bricked laptops, which isn't true at all.
Re: WINDOWS is not bootable (Score:1)
90+ of components in your 'custom-made' devices are of Chinese origin.
Laptop is bootable, Windows is not... (Score:5, Insightful)
Re: Laptop is bootable, Windows is not... (Score:2, Informative)
You'll have to disable secure boot...oh wait that's the fix for this whole thing. So just disable it and Windows boots again.
Re: (Score:2)
Which real OS are you talking about? I hope not Linux since the last time we got a story like this it was the latest Linux kernel making Lenovo laptops unbootable due to a UEFI bug.
Re: (Score:2)
This "delete Windows to fix problem" trope is old, tired, and predictable as hell on Slashdot.
It's good advice just never goes stale; like, "don't drive drunk," or "fool me once, shame on you. Fool me twice, shame on me."
Typical MS QA (Score:3, Interesting)
QA? (Score:2)
What QA? MS got rid of its QA years ago!
Re: (Score:2)
The fact that an IE patch made Lenovo and only Lenovo laptops unbootable says more about Lenovo than about Microsoft.
I mean sure MS's Quality control would be a running joke if they ever got it running, but give credit where credit is due. This isn't the first time Lenovo laptops became unbootable for some irrelevant OS update. Remember when a Linux kernel update actually managed to properly brick Lenovo devices? I do.
Where is the separation of functionality ? (Score:4, Insightful)
I could understand if a patch to MS-IE were to make IE not work with some hardware configuration ... but why should this stop a machine from booting ?
This was a security issue ... it appears that MS has code spanning user & kernel space and, what should be, a user space fix is partly in the kernel. Presumably this is to try to squeeze a bit of performance, but all that it does is to produce fragile systems.
Separation of different code modules that do different things is one of the really basic concepts in programming, it appears that this does not happen at MS. Why not ? What on earth are these guys smoking ? (Cue the MS apologists who will burble some sorts of excuse.)
Because Microsoft tied IE directly into the OS (Score:5, Insightful)
Take a bad engineering decision by Microsoft and you'll almost always fine evil, and not incompetence, at the heart of it.
Re:Where is the separation of functionality ? (Score:5, Informative)
From what I understand, the issue is that some lenovo laptops were configured with 4GB of ram, and secure boot enabled. Unfortunately the IE fix triggered a bug in the secure boot code where it couldn't validate the entirety of the windows executables. It had really nothing to do with the IE fix other than it made the executable larger than before. Any change to any executable would have triggered the same effect.
But that is just what I've heard with very little actual technical information. For example the issue didn't affect lenovo laptops with 8GB of RAM or more, or had secure boot disabled. Likely there is a third piece missing that has some custom lenovo driver or BIOS issue that is also "buggy".
Bug workaround is simple. (Score:3)
Buy more RAM.
Hard when a laptop supports up to 4 GB (Score:2)
I'm typing this comment into a Lenovo ThinkPad X61 convertible laptop. Its mainboard has two RAM slots that officially take modules up to 2 GiB, for a total of 4 GiB. So after I have followed your advice to buy more RAM, where should I put it so that the computer can use it?
Re: (Score:2)
X61 will support 8GB of RAM.
The official specs say two 2 GB modules [lenovo.com], but this may have been because Lenovo lacked 4 GB modules to test with [lenovo.com]. Are there increased crashes or other misbehaviors when using two 4 GB modules in an X61?
Re: (Score:2)
Lenovo decided separation of functionality was something that only Linux users needed and decided to depend on IE in order for the OS to boot.
Microsoft: No one is managing well? (Score:2)
Microsoft: No one is managing well? [slashdot.org]
Re: (Score:2)
Why? Because Lenovo firmware is a shitshow that broke with the November security update which would also be installed by the cumulative update in this emergency release for IE?
Seems reasonable (Score:2)
Lenovo Laptops Common Problems [zoorepairs.com.au]
1009 Lenovo Consumer Reviews and Complaints [consumeraffairs.com] Quote: "Let me begin by saying I will never buy anything from Lenovo ever again. The only reason I bother to write this review is so that Lenovo can hopefully address some of the many problems within the company, which might help other customers avoid the same ordeal that I have experienced."
However, it seems reasonable that Microsoft would try all updates with commonly-sold hardware befo
Re: (Score:2)
However, it seems reasonable that Microsoft would try all updates with commonly-sold hardware before releasing the updates.
Bahahhahahaha
But I'm not one to not provide references to hysterical laughter:
https://www.windowscentral.com... [windowscentral.com]
https://www.digitaltrends.com/... [digitaltrends.com]
While I give MS a pass for not testing their updates on Lenovo devices, afterall there's a shitton of custom stuff out there, they deserve to rot in hell for not testing their own.
Well I guess itâ(TM)s not hackable anymore (Score:2)
I just don't understand how that's possible (Score:5, Insightful)
So according to https://support.microsoft.com/... [microsoft.com] it's:
1. Vendor-specific (Lenovo only)
2. Dependent on the amount of memory (systems with less than 8 GB of RAM are affected)
3. Somehow related to Secure Boot (disabling Secure Boot is listed as a workaround)
And all the trouble is caused by patching a web browser (however deeply integrated with the operating system)? What the hell?
Re:I just don't understand how that's possible (Score:4, Interesting)
So according to https://support.microsoft.com/... [microsoft.com] it's:
1. Vendor-specific (Lenovo only) 2. Dependent on the amount of memory (systems with less than 8 GB of RAM are affected) 3. Somehow related to Secure Boot (disabling Secure Boot is listed as a workaround)
And all the trouble is caused by patching a web browser (however deeply integrated with the operating system)? What the hell?
I work with a lot of these companies and Lenovo is, in my experience (and opinion), the only consumer grade manufacturer that takes security issues seriously. I would not be surprised if Lenovo was the only manufacturer shipping Windows 10 systems with 4GB of RAM and Secure Boot enabled.
Re: (Score:2)
I would not be surprised if Lenovo was the only manufacturer shipping Windows 10 systems with 4GB of RAM and Secure Boot enabled.
Part of Microsoft "Designed for Windows" certification requires OEMs to ship their windows computers with Secure Boot enabled by default, and a switch for disabling it to be present in the BIOS.
Be surprised. Be very surprised.
Posted from a computer with 4GB of RAM and Secure Boot on which boots just fine.
Now while Lenovo may be the only company to "take security seriously" they are also the only company who couldn't code a Hello World example without including some system breaking bug. A company that has be
Re: (Score:2)
I would not be surprised if Lenovo was the only manufacturer shipping Windows 10 systems with 4GB of RAM and Secure Boot enabled.
Part of Microsoft "Designed for Windows" certification requires OEMs to ship their windows computers with Secure Boot enabled by default, and a switch for disabling it to be present in the BIOS.
Ah, yes. I forgot that has been a requirement since Windows 8. My relationship with Lenovo does not deal with Windows requirements.
Now while Lenovo may be the only company to "take security seriously" they are also the only company who couldn't code a Hello World example without including some system breaking bug. A company that has been in trouble with Microsoft updates before, who embedded firmware in their devices which called home, and a company where enabling Thunderbolt while running Linux caused their computer to be bricked (very secure a computer that can't even get to the BIOS screen), or installing Linux Kernel 4.13 caused the Lenovo BIOS to become read only (also great for security).
Fuck Lenovo and their piece of shit software / firmware.
I don’t ever see Lenovo code, I supply code to them for a hardware component that exists on most desktops, tablets, phones, laptops, and servers. If I deliver insecure code then Lenovo asks for patches for far more generations than any other manufacturer*. They license the code, though, so I can’t tell what they do with it after they get the fix. I don’t o
Re: (Score:2)
Ahhh so the truth comes out. You are cheer leading Lenovo because they give you free hardware and pay your bills.
I was wondering why you posted "only consumer manufacturer to take security seriously"
What a load a shit.
Lenovo does not pay my bills. They do not send me free hardware. Sometimes I need access to a customer's hardware to do specific work, that is not uncommon. That does not mean the hardware was A) free or that B) I get to keep it. And I work with other brands also. Some you've probably never heard of, and others that you know quite well. Did I not say that I work with many of these companies? Did I not say that it was my opinion? And I stand by what I said. I also indicated that they are NOT any mor
Re: (Score:2)
i don't have much experience in this, but in theory what it could be happening is:
1) there's an out ot bounds bug or buffer overflow in IE
2) the exact portion of the memory being addressed contains code used by Lenovo
3) Disabling secure boot may disable that code, thus making the problem not reproducible any more.
Re: (Score:2)
As I imagine it: The owner of a computing device, such as an employer, can use Secure Boot to lock out people who have momentary physical access to a machine without ownership, such as employees, from using unapproved operating system software.
Re: (Score:2)
Correct. In theory, an employer can use Secure Boot to allow only the employer's GNU/Linux distribution and lock out unlicensed copies of Windows.
Something is very wrong (Score:4, Informative)
Re: (Score:2)
So, switch to Edge...
lather, rinse, repeat
Typical Microsoft (Score:1)
They make a path that borks a whole system.
Re: (Score:2)
Typical Slashdot user. Quick to comment, doesn't bother to understand.
Well done, Microsoft! (Score:2)
IE didn't cause this problem (Score:5, Informative)
I know it's fun and exciting to blame a web browser hotfix for a booting problem..... especially when it's Internet Explorer, right? But..... ahhh, shit, hate to spoil the fun, but this is just another case of "journalists" not doing the bare minimum of reading before shitting out another article they'll get paid $10 for.
This booting problem with Lenovo laptops has existed for a month and a half -- it was introduced in the November 2018 cumulative security update. It even says so right there in the patch notes! But because these "journalists" don't know how to read anymore, we end up with Slashdot articles like this one that don't have the correct information in them.
All Windows patches are now cumulative, so sure, if you apply the IE hotfix to a machine that is three months behind in updates, then you can hit this problem. But it's not the IE part that's causing it.
Re: (Score:2)
So after a month and a half we can assume Microsoft fixed it by now
What makes you think that a specific vendor's crappy software is Microsoft's responsibility to fix? Like the UEFI bug which caused Lenovo devices to be corrupted by Linux 4.13? The fix for that was purposefully disabling functionality of the Linux kernel on those devices.
Why the complaints (Score:2)
Thank goodness (Score:2)
Thank goodness I don't ever use Explorer.
Part of Lenovo's startup using jscript.dll? (Score:2)
Must conflict with a Lenovo rootkit. (Score:2)
Windows architecture is problematic (Score:2)
Re: (Score:2)
No, just people's understating of it is problematic. None of anything related to IE requires a reboot or causes this problem. However Windows patches are cumulative, so if you haven't updated in a while this "IE Patch" will give you the Nov 18 security update which includes OS level changes, kernel level changes (requiring reboot), and also happens to be the patch that cause this problem.
Re: (Score:2)
.
So I ask again, what is wrong with the Windows architecture that require
Re: (Score:2)
When I patch IE, a reboot is required.
How do you patch IE without a applying a cumulative update? The only way I know is WSUS and when you push IE specific patches out they install just fine and simply ask for a courtesy reboot at the end.
If you're not managing an enterprise machine with WSUS then you're not applying an IE patch.
So I ask again, what is wrong with the Windows architecture that requires reboots for app updates?
I repeat: Your understanding of what is going on.
Re: (Score:2)
...As if "rebooting" or not is indicative of anything....
It is indicative of an architecture that does not seem to be able to update an app without bringing down the computer. Perhaps it is the Windows architecture that is lame. ;)
Re: (Score:2)
...We already know IE isn't just an application, but has set of .dll files that other applications and drivers use,...
Yes, I quite remember why Microsoft sprinkled parts of IE throughout Windows in order to try to get around the anti-trust proceedings against it. That's just a part of the poor Windows architecture.
Sounds like Lenovo's fault (Score:2)
First reaction: HA! Microsoft is at it agan.
Second reaction: Wait, did you say Lenovo laptops? Those guys who would brick your motherboard [reddit.com] if you turned on Thunderbolt assist in _their_ BIOS? OK, maybe it's not Microsoft's fault this time.
Re:Ahahahaha. (Score:4, Funny)
Well why not come right out (Score:2)
And say it?
Is 2019 finally the year of the Linux desktop?
2019 is the year of the Windows bricktop. Bazinga!
Just another example... (Score:2)
Just another example of Intel taketh and Microsoft taketh away.
MS is Bad. LEnovo is Bad. (Score:2)
MS is Bad. Lenovo is Bad.
Who thought the combination would work ????