dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
2380
share rss forum feed


Cartel
Premium
join:2006-09-13
Chilliwack, BC
kudos:2
Reviews:
·TekSavvy DSL
·Shaw
·TELUS

2 edits

RANT: Why bother hiding a MS update?

Have you ever had a update cause you issues?
Sometimes a update makes your system crash or just doesn't get along with something and you choose not to install it?

Well I have had this issue and I chose to hide the update KB2724197 and KB2731847.

I didn't want the updates and felt since, "An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.", and the update gave me errors, "Crash dump initialization failed!" and my computer just felt slower after so I said buh bye to the 2 updates.

Well without my knowledge and against my wishes, MS installed them anyway!

How?

By revising the updates to a new KB and removing the old KB.

I said no fricking KB2724197 and MS re-named it KB2799494 and I installed it of course like I usually do with security updates only to find the same frigging errors again in my logs, "Crash dump initialization failed!".

Same with KB2731847 they renamed it so many times now I cant keep up to avoid it.

KB2731847 in MS12-055 replaced by KB2761226
KB2724197 in MS12-068 replaced by KB2799494

So every month I have to now waste my time to hop, skip jump and bend over backwards to make sure I avoid s**t I DO NOT WANT.

It's pretty frigging ridiculous.

/rant

KB2731847 is now KB2778344
KB2724197 is now KB2799494



Cartel
Premium
join:2006-09-13
Chilliwack, BC
kudos:2
Reviews:
·TekSavvy DSL
·Shaw
·TELUS

1 recommendation

BTW with these updates:
An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.

So some "geek" sits at his computer and tries to sabotage it to find vulnerabilities and reports it to MS.

Well that's fine for a public library or the welfare office or some place you want restricted access, you would want to patch that so some clown can't mess everything up or use the computer for unscrupulous activities, but for me, nobody is getting near this computer unless its physically stolen then updates won't help you there.



Cartel
Premium
join:2006-09-13
Chilliwack, BC
kudos:2
Reviews:
·TekSavvy DSL
·Shaw
·TELUS

2 recommendations

KB2731847 in MS12-055 replaced by KB2761226

Also in this situation, I want to avoid KB2731847 so I have to avoid KB2761226 too right?

But I can't because not only does KB2761226 have the Win32k Use After Free Vulnerability which is only exploitable with physical access, it includes a patch for TrueType Font Parsing Vulnerability - CVE-2012-2897 which is a web browsing attack scenario and something I would want to patch.....

So now what?

In order to be safe online, I have to install a patch that includes fixes that can't be exploited online, and that I don't want to install.

So.....I'm screwed.



Dude111
An Awesome Dude
Premium
join:2003-08-04
USA
kudos:12

1 edit

 

You can try a system restore and then try hiding the updates again...

What if you DISABLE AUTO UPDATES?? (So you can manually look and decide which ones to get)



Cartel
Premium
join:2006-09-13
Chilliwack, BC
kudos:2
Reviews:
·TekSavvy DSL
·Shaw
·TELUS

well if I hide a update and they release a revised version next month, the hidden update disappears when I click search for updates.
And I do use manual update.

And that's what I'm having to do now is investigate every detail and comb though the updates to make sure they don't slip one in I don't want.

And it's not as easy as doing system restore or just uninstalling the unwanted update.
with KB2724197 or KB2799494 if you install it, some changes are permanent which means I have to restore a image of my drive.

It's time wasted.



Dude111
An Awesome Dude
Premium
join:2003-08-04
USA
kudos:12
reply to Cartel

Im sorry Sindows that things are so hard (Stupid M$)



Cartel
Premium
join:2006-09-13
Chilliwack, BC
kudos:2
Reviews:
·TekSavvy DSL
·Shaw
·TELUS

1 edit

said by Dude111:

Im sorry Sindows that things are so hard (Stupid M$)

that's very kind, thanks
I'm just trying to make a point.
I'm not sure when they started replacing updates and removing the older ones I haven't had to monkey with them before.

Looks like it all started with ms10-021 and went from there.

»technet.microsoft.com/en-us/secu···ms10-021
»technet.microsoft.com/en-us/secu···MS10-047
»technet.microsoft.com/en-us/secu···MS10-073
»technet.microsoft.com/en-us/secu···MS10-098
»technet.microsoft.com/en-us/secu···ms11-012
»technet.microsoft.com/en-us/secu···ms11-034
»technet.microsoft.com/en-us/secu···ms11-041
»technet.microsoft.com/en-us/secu···ms11-054
»technet.microsoft.com/en-us/secu···ms11-068
»technet.microsoft.com/en-us/secu···ms11-077
»technet.microsoft.com/en-us/secu···ms11-084
»technet.microsoft.com/en-us/secu···ms11-087
»technet.microsoft.com/en-us/secu···ms11-098
»technet.microsoft.com/en-us/secu···ms12-008
»technet.microsoft.com/en-us/secu···ms12-018
»technet.microsoft.com/en-us/secu···ms12-041
»technet.microsoft.com/en-us/secu···ms12-042
»technet.microsoft.com/en-us/secu···ms12-047
»technet.microsoft.com/en-us/secu···ms12-055
»technet.microsoft.com/en-us/secu···ms12-068
»technet.microsoft.com/en-us/secu···ms12-075
»technet.microsoft.com/en-us/secu···ms12-078
»technet.microsoft.com/en-us/secu···ms13-005
»technet.microsoft.com/en-us/secu···ms13-016

It continues back farther with Vista...


norwegian
Premium
join:2005-02-15
Outback
reply to Cartel

Re: RANT: Why bother hiding a MS update?


If an update is specific to XP, they post a fix and log it as a KB document.
They then find it is relevant to Win 7, so they create a new KB article to track updates.
They also find a bug in XP with the update, so they create a new KB article to track the update.
Then they find it is relative to a server product. So they create a new KB article to list all O/S they are aware of.

This is just an example of how they may log events and the work carried out.
For various reasons:
Support troubleshooting
Update logging
Employment hour logging
Accounting
Relative direct link library fixing, IE hal.dll might need 2 distinct repairs for fixing 1 bug, due to other bugs created.

There is a plethora of reasons why; but logging articles are not something where you would worry about changes to names.
As long as the business environment were kept up to date for systems contracted to the product etc for various reasons.
Home users really need not even worry about such levels of logging.

I really can't see an issue.

The update will work or it won't, it's far from a perfect system made by humans.

We all pick our own levels of comfort.
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke


dave
Premium,MVM
join:2000-05-04
not in ohio
kudos:8
reply to Cartel

Not all bugfixes are independent. Fixing bug #2 may build on the fix for bug #1.



plencnerb
Premium
join:2000-09-25
Carpentersville, IL
kudos:3
reply to Cartel

In the last company I worked for, it was my job to research, test, pilot, and deploy the monthly security patches from Microsoft. This of course has been 2+ years ago now, so we are talking updates for Windows XP and Windows 2003 server, as well as Office 2000.

Part of the pilot process was to investigate any issues that would come up with each month's patches, and then try to figure out what caused the break. The company I worked for was a global one (we had offices in 30 cities worldwide, and over 8,000 workstations and just about 900 servers). There was a separate pilot for the workstations and servers, and we did our best to get a general mix of systems that were in different parts of the world doing different job functions (not just IT systems).

What I'm trying to get at here is maybe you should start a thread to figure out why a given patch is breaking your system, and see if there is a way to resolve the issue.

Maybe you have done that already, or you may feel its just to much work to troubleshoot.

Personally for me, I was having issues getting an update for Windows 8 to install (KB2785094), and it was to a "clean" system (meaning, I had just installed the OS, and drivers). Turns out, that update requires either a shortcut or folder to be in place at "C:\ProgramData\Microsoft\Windows\Start Menu\Programs". One of the things that I was doing during my install process was to move all of the folders and shortcuts from that location to a temp location on my desktop. I did leave behind the "Administrative Tools folder", the "Startup Folder", and the "Desktop shortcut". However as I said, whatever I did move was something that specific patch was looking for, and would fail if the file/folder was not present. I did not actually take the time to move the items one at a time to narrow it down to the exact folder or file. But, once I put everything back as it was, the patch installed without an issue. I figured this out by doing research on this specific patch and the error code that came back. I don't remember which site it was, but I found it by doing a google search.

What I'm trying to get at is that generally, the monthly patches from Microsoft normally don't cause issues, unless there is something specific with your computer. And, its probably something that, after doing a little research, could be resolved and the patch could then be installed.

--Brian
--
============================
--Brian Plencner

E-Mail: CoasterBrian72Cancer@gmail.com
Note: Kill Cancer to Reply via e-mail



Blackbird
Built for Speed
Premium
join:2005-01-14
Fort Wayne, IN
kudos:3
Reviews:
·Frontier Communi..

said by plencnerb:

... What I'm trying to get at is that generally, the monthly patches from Microsoft normally don't cause issues, unless there is something specific with your computer. And, its probably something that, after doing a little research, could be resolved and the patch could then be installed. ...

There were a number of us who experienced slow-down/sluggishness problems with KB2731847 after it was first issued in August 2012, but did not immediately connect the problems with the patch. The patch was then re-issued in October under the same KB number, which may or may not have resolved the problems. Ref: (»[WIN7] Computer feels sluggish after KB2731847 & KB2724197)

As a result of their problems, various folks removed the update, since it applied to situations involving physical access to a computer, and for some users that's an irrelevant threat. After removing the update on their systems and seeing performance restored, those users elected to hide that update in Windows Update to prevent recurrances later. Other users have had other problems with other updates, and have followed similar procedures to hide them from future updating processes. What Cartel See Profile is saying is that some of these 'problem' updates have been folded and re-folded into other-numbered updates by MS, and their hidden original ones have been removed from their "hide" Win Update lists by MS. Consequently, if the problems the patches originally caused were not remedied along the way, they will recur via a new-numbered patch despite the efforts of the affected users to block them. This is frustrating at best for those folks, especially if they don't have independent records of their problem patches and no way to track the trail of which new patches they've been rolled into.

And while monthly patches from Microsoft don't "normally cause issues", when they do (as indeed they sometimes do), removing them and hiding them from future update events is the only avenue of protection that affected users have. When patch problems do occur, "doing a little research" does not necessarily lend itself to resolving them on the users' own computers - as witnessed by those patches that MS has ultimately reworked (eg: KB2731847) or even withdrawn over the years.

In the case of KB2731847 and my system, the August patch issuance was likely the one at fault, and it apparently was remedied later on (though I elected to not install the supposed 'fixed' version re-issued in October since I lacked confidence in it). Most likely, either the October fix which I didn't install or one of the other new-numbered updates into which it was folded did indeed resolve the slowdown problem, since the later new-numbered patches were (naively?) installed here but the slowdown problems have not recurred. Fortunately for me... or else I'd again be tearing my hair out trying to figure out why the system had slowed down as it did late last summer.
--
“The American Republic will endure until the day Congress discovers that it can bribe the public with the public's money.” A. de Tocqueville


plencnerb
Premium
join:2000-09-25
Carpentersville, IL
kudos:3

I remember when that happened, and I remember doing testing on it. In fact, I made a few posts in that thread in regards to some testing that I had done.

So, I totally understand where the OP is coming from in this case.

I only wanted to offer the suggestion that sometimes testing and research could fix the issue with a given patch. If not, the only option is to block them (which is what the OP has done). However, as has been stated a few times, blocking only works if Microsoft does not re-issue that patch and re-numbers it, and does not fix the issues. Next thing you know, you have the same users pulling their hair out for no reason, since they had blocked the "bad" patch from installing (or so they thought).

--Brian
--
============================
--Brian Plencner

E-Mail: CoasterBrian72Cancer@gmail.com
Note: Kill Cancer to Reply via e-mail



SusanBB

@comcast.net
reply to Cartel

Susan Bradley
They didn't rename the KB, they coded up a new bundle and it replaces the old one. What's the issue you have with the original one and this one?



Cartel
Premium
join:2006-09-13
Chilliwack, BC
kudos:2
Reviews:
·TekSavvy DSL
·Shaw
·TELUS

said by SusanBB :

Susan Bradley
They didn't rename the KB, they coded up a new bundle and it replaces the old one. What's the issue you have with the original one and this one?

KB2724197 EventID 46 Crash dump initialization failed! errors

KB2731847 Overall slowness compared to before the patch


SusanBB

@comcastbusiness.net

KB2724197 EventID 46 Crash dump initialization failed! errors can you expand on that. BSOD? Do you have a dump file on the box?



Cartel
Premium
join:2006-09-13
Chilliwack, BC
kudos:2
Reviews:
·TekSavvy DSL
·Shaw
·TELUS

said by SusanBB :

KB2724197 EventID 46 Crash dump initialization failed! errors can you expand on that. BSOD? Do you have a dump file on the box?

no bsod

»support.microsoft.com/kb/2756313

LaRRY_PEpPeR

join:2010-03-19
Wentzville, MO
reply to Cartel

said by Cartel:

BTW with these updates:
An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.

So some "geek" sits at his computer and tries to sabotage it to find vulnerabilities and reports it to MS.

Well that's fine for a public library or the welfare office or some place you want restricted access, you would want to patch that so some clown can't mess everything up or use the computer for unscrupulous activities, but for me, nobody is getting near this computer unless its physically stolen then updates won't help you there.

No, these "must...be able to log on locally" "Elevation of Privilege" vulnerabilities are more important than you think! "Log on locally" could also be taken advantage of in the case of some exploit code that starts running in another process while browsing, etc.

Seems to me one of the most difficult things to protect against, and they are a major concern being on XP still next year after updates end. No new processes are created necessarily to notice or block, they just "elevate" using Windows system processes that are already there. Those, and the TrueType font-type vulnerabilities (fixed a few times now), which don't even require malicious code running first! Just the stupid way Windows handles font parsing in kernel mode. Kernel exploited and nothing you can do (so, I'd want to be sure then to not let any browser, etc. use custom font files, however that can be set).


Cartel
Premium
join:2006-09-13
Chilliwack, BC
kudos:2
Reviews:
·TekSavvy DSL
·Shaw
·TELUS
reply to Cartel

Click for full size
Click for full size
Click for full size
Click for full size
Click for full size
Click for full size
Click for full size
Click for full size
Click for full size
Click for full size
Here is more confusion.
If I hide the latest update, and then check for updates, I get presented with a older update of the revision.
If I continue to hide and the check for updates until it say no updates found, I see updates I do not have that I never seen before.
My head is spinning now.


Blackbird
Built for Speed
Premium
join:2005-01-14
Fort Wayne, IN
kudos:3
Reviews:
·Frontier Communi..

1 recommendation

said by Cartel:

Here is more confusion.
If I hide the latest update, and then check for updates, I get presented with a older update of the revision.
If I continue to hide and the check for updates until it say no updates found, I see updates I do not have that I never seen before.
My head is spinning now.

So... you vill take der update und you vill like it. Udervise, ve haf vays of making you take it... vays you vill not so much like, I think.
--
“The American Republic will endure until the day Congress discovers that it can bribe the public with the public's money.” A. de Tocqueville


Cartel
Premium
join:2006-09-13
Chilliwack, BC
kudos:2
Reviews:
·TekSavvy DSL
·Shaw
·TELUS

1 edit
reply to Cartel

Yet another variation of KB2778344 is the new KB2840149 update that replaced KB2823324.
KB2823324 screwed up alot of people.

So now I have to dodge 4 updates of the same crappy performance.

2829996 »support.microsoft.com/kb/2829996
2840149 »support.microsoft.com/kb/2840149
2808735 »support.microsoft.com/kb/2808735
These 3 "new" updates lead to the same POS ms13-036

»technet.microsoft.com/en-us/secu···ms13-036

2813170 »support.microsoft.com/kb/2813170

I'm not sure wtf M$ is up to here but its really getting annoying.



Cartel
Premium
join:2006-09-13
Chilliwack, BC
kudos:2
Reviews:
·TekSavvy DSL
·Shaw
·TELUS

2840149 »support.microsoft.com/kb/2840149
2808735 »support.microsoft.com/kb/2808735

are now

»support.microsoft.com/kb/2830290
»support.microsoft.com/kb/2829361

Both updates lead to »technet.microsoft.com/en-us/secu···ms13-046

What is ms doing?