dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
10230

chachazz
Premium Member
join:2003-12-14

1 edit

3 recommendations

chachazz

Premium Member

Microsoft recommends removing update 2982791

Microsoft Security Bulletin MS14-045 - Important
Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation of Privilege (2984615)
quote:
(August 15, 2014): Bulletin revised to remove Download Center links for Microsoft security update 2982791.

Microsoft recommends that customers uninstall this update

Why was this bulletin revised on August 15, 2014?
Microsoft revised this bulletin to address known issues associated with installation of security update 2982791. Microsoft is investigating behavior associated with the installation of this update, and will update this bulletin when more information becomes available. Microsoft recommends that customers uninstall this update. As an added precaution, Microsoft has removed the download links to the 2982791 security update. For instructions on how to uninstall this update, see Microsoft Knowledge Base Article 2982791..
»technet.microsoft.com/en ··· 045.aspx

Getting BSODs or unusual behavior .. particularly on Win 7 x64?
See the FAQ.

BillRoland
Premium Member
join:2001-01-21
Ocala, FL

BillRoland

Premium Member

Read the KB article, looks ugly. Luckily no issues on any of our systems (Windows 7 and Server 2012R2) so far.
Fredra
Undesirable Alien
join:2000-04-08
Nepean, ON

Fredra to chachazz

Member

to chachazz
Thanks chachazz
Much appreciated.

mustang50
Premium Member
join:2005-05-06
Roseville, MI

mustang50 to chachazz

Premium Member

to chachazz
Although I wasn't having any apparent problems I removed this KB. I will wait for MS to fix the KB and install it when re-released.
redwolfe_98
Premium Member
join:2001-06-11

redwolfe_98 to chachazz

Premium Member

to chachazz
i haven't noticed any problems either but if MS says to uninstall it, i want to do that.. the problem is that i deleted the update's uninstall-folder..

i am running windows xp...

trparky
Premium Member
join:2000-05-24
Cleveland, OH

1 recommendation

trparky to chachazz

Premium Member

to chachazz
Does this mean we have to uninstall KB2982791 and KB2976897?
trparky

1 recommendation

trparky

Premium Member

OK, only uninstall KB2982791 even though it seems that both KB2982791 and KB2976897 are being referenced in the same Microsoft Security Bulletin.

KoRnGtL15
Premium Member
join:2007-01-04
Grants Pass, OR

KoRnGtL15 to chachazz

Premium Member

to chachazz
No problems here with it. Windows 8.1 with all latest updates. Went ahead and removed it though as a precaution. Especially with MS suggesting it. I guess when a fix is made. It will come through Window Update as well?
lorennerol
Premium Member
join:2003-10-29
Seattle, WA

1 recommendation

lorennerol to chachazz

Premium Member

to chachazz
WTF, first they can't write decent code that doesn't require monthly critical patches, then they eff up the patches AND don't properly test them?

I'm becoming more and more convinced that they don't want to sell software anymore- they'd much rather rent 'cloud' versions that they can quietly patch without exposing their dirty laundry (or not).

They have cash to burn- no reason they can't get this stuff right out of the gate.
Mele20
Premium Member
join:2001-06-05
Hilo, HI

Mele20 to trparky

Premium Member

to trparky
I do these manually as most know here. I installed KB2976897 but somehow missed KB2982791 which turns out was a "good" goof! I've been waiting on Belarc Advisor to get its act together so I could use it to check and see if I missed anything. I guess I should be glad it took Belarc much longer this month to get its definitions updated or I would have installed that bad one as Advisor (which I was able to use a couple of hours ago, finally, with the updated definitions) says I am missing KB2982791 but, of course, the links to update have been removed and there are several threads here about it.

I have not uninstalled KB2976897 as apparently there is no problem with it. I am so glad I didn't get the bad one as I use a custom Windows font forced via Windowblinds. Who knows what kind of mess I might have had if I had not missed KB2982791 when installing the updates.

bluepoint
join:2001-03-24

bluepoint to trparky

Member

to trparky
said by trparky:

OK, only uninstall KB2982791 even though it seems that both KB2982791 and KB2976897 are being referenced in the same Microsoft Security Bulletin.

MS actually is recommending to uninstall 4 KB including W8.1 August Update that is installed.

Quote:
Mitigations
Open the Programs and Features item in Control Panel, and then click View installed updates. Find and then uninstall any of the following update that are currently installed:
KB2982791
KB2970228
KB2975719(August Update-W8.1)
KB2975331

»support.microsoft.com/kb/2982791

plencnerb
Premium Member
join:2000-09-25
53403-1242

1 recommendation

plencnerb to chachazz

Premium Member

to chachazz
To fully "revert" this, do we need to do all of the steps in the "Mitigations" section? Instead of doing a quote, I did a screen grab of that full section from the KB Article




The reason I ask is that the uninstall of the 4 KB articles is just one step out of many that Microsoft is asking that you do. The others, as you can see by the above image, involve deleting a specific file, exporting some registry keys, in addition to the uninstall of the 4 KB articles.

It looks to me that to fully remove things, and advert any potential damage from said updates, all of these steps would need to be taken. Does everyone agree?

--Brian
Mele20
Premium Member
join:2001-06-05
Hilo, HI

1 recommendation

Mele20

Premium Member

Do you have any open type font shortcuts in the Windows Fonts directory? If not and you have successfully COLD BOOTED your Windows 7,8, 8.1 computer at least three times since installing any of the listed updates then you are not affected. However, I would uninstall any of the KB's listed that you have installed so that if you were to install a program (before Microsoft issues a fix) that installs open type font shortcuts in the Windows Fonts directory you would not suddenly be affected by this issue. This is what I gleaned from reading all 36 pages of the thread at Microsoft forums.

Here's the first post in that humungous thread from a Microsoft employee indicating why some do and some don't have a problem with these patches. I can't see any way (even using IE) to point you to a specific post in that 36 page thread. So, you want the post from Eliyas Yakub [MSFT] HALF WAY DOWN on this page:

»answers.microsoft.com/en ··· 75709691

altermatt
Premium Member
join:2004-01-22
White Plains, NY

2 edits

altermatt to chachazz

Premium Member

to chachazz
Forgive my denseness; it's early after a late night . When I started reading this, the idea of uninstalling four KBs was not horrible, and I was going to do that, but then I continued reading and found the post about all the other steps, including booting into a recovery environment, deleting all kinds of things, etc. and I got skeeved out.

Is all this really necessary? I'm on 8.1 with update 1 and haven't seen any issues YET but only have booted up once since updating, and so maybe have just not noticed the issue. I also have no fonts installed as shortcut listed in Control Panel, which Mele's post pointed to as a possible cause.

I see from reading the whole article instead of just snips here that that 'mitigation' process is for computers that are crashing. Since that hasn't happened yet, it seems that the wisest thing for me (and others like me who haven't seen a problem yet) would be to uninstall the updates, without jumping through the other hoops, but print out the whole mitigation process in case next time I reboot, disaster strikes. Does that make sense?

Is everyone being super-careful and following ALL those jump-through-hoops steps, or just uninstalling the updates?

plencnerb
Premium Member
join:2000-09-25
53403-1242

plencnerb to Mele20

Premium Member

to Mele20
said by Mele20:

Do you have any open type font shortcuts in the Windows Fonts directory? If not and you have successfully COLD BOOTED your Windows 7,8, 8.1 computer at least three times since installing any of the listed updates then you are not affected.

I went looking at my Fonts directory and it looks like I have at least one




I think I've only done 1 or 2 cold boots since I've installed the updates back on the 13th (Wednesday). So far, no issues but I think I'm going to err on the side of caution and follow all the steps in the "Mitigation" section just to play it safe.

--Brian

sfogliatelle
We Is Whut We Am
Premium Member
join:2002-05-29
Baton Rouge, LA

sfogliatelle to chachazz

Premium Member

to chachazz
Pardon my naivete, but how would one remove or uninstall this update (KB2982791) if it's not showing up in the proscribed "Installed Updates" list? It's listed in update history.

It could be coincidence, but soon after the 13August updates my Windows 7 box kept blue screening from Page Fault in Nonpaged Area. Multiple diagnostics ruled out bad RAM. Dunno what I did or clicked on to get it to come back to life again; all I know is that the 'puter was for all intents and purposes down for three days.

nwrickert
Mod
join:2004-09-04
Geneva, IL

3 recommendations

nwrickert to altermatt

Mod

to altermatt
said by altermatt:

Is everyone being super-careful and following ALL those jump-through-hoops steps, or just uninstalling the updates?

I am being super-careful, by not doing anything.

I am not experiencing any problems. I have cold booted several times without problem.

Let Microsoft fix this in their next round of updates. They should not need me messing around and possibly making things worse.

However, I am reviewing my update policy. I'll consider postponing any future updates (other than MSE definitions) until they are three weeks old.

In the meantime, I mostly use opensuse anyway. And opensuse occasionally screws up on updates, too.
Mele20
Premium Member
join:2001-06-05
Hilo, HI

Mele20 to sfogliatelle

Premium Member

to sfogliatelle
BSOD from Page Fault in Nonpaged Area IS caused by KB2982791! Did you delete the fntcache.dat file and reboot? That fixes the BSOD but with a BSOD like this one it is not easy to be able to delete that file.

You must have done something to get the KB to uninstall and that is why it is not in the Installed Updates list.

I'm curious....do you have shortcuts for any open type font in your system fonts folder?

bluepoint
join:2001-03-24

1 edit

bluepoint to plencnerb

Member

to plencnerb
said by plencnerb:

To fully "revert" this, do we need to do all of the steps in the "Mitigations" section? Instead of doing a quote, I did a screen grab of that full section from the KB Article
The reason I ask is that the uninstall of the 4 KB articles is just one step out of many that Microsoft is asking that you do. The others, as you can see by the above image, involve deleting a specific file, exporting some registry keys, in addition to the uninstall of the 4 KB articles.

My take on this is, if you were able to uninstall the KB's in the normal "uninstall an update" from the control panel, there is no need to do the regedit steps. The registry steps are only recommended to be performed(delete fntcache) when you are unable to boot to Windows so that you can uninstall the KB's. If you check the KB article, the registry/deleting of fntcache is under "Known Issue 3".
Mele20
Premium Member
join:2001-06-05
Hilo, HI

1 recommendation

Mele20 to plencnerb

Premium Member

to plencnerb
That's a True Type font that has the shortcut. It is Open Type fonts with shortcuts that appear to cause the problem. Adobe Photoshop installs a bunch of these.

But I don't blame you for doing the mitigation. As I read the Microsoft thread, a lot of posters thought that KB2976897 was also a culprit so I uninstalled it although I had no problems after installing it and rebooting. However, I have not even once done a cold boot so to be on the ultra safe side I uninstalled it. (I never installed KB2982791 because I somehow missed it as I do manual updates and it is in the same MS KB article as 2976897 so I only saw that one. I'm glad I was sloppy and forgot to go back and also install KB2982791).

sfogliatelle
We Is Whut We Am
Premium Member
join:2002-05-29
Baton Rouge, LA

sfogliatelle to Mele20

Premium Member

to Mele20
To be honest, I dunno *what* I did that brought the 'puter back to life though I certainly didn't deliberately delete any dat files. While in Safe Mode with network capabilities (?) I tried restoring to 13August. No more distant date appeared available at the time. At first it wasn't successful. I tried it again and, well, it may have been what resuscitated the desktop.

Thanks Mele20 See Profile for hipping me to the connection between my recent dilemma and what was originally perceived as coincidence with the updates of 13August. It's a helluva note that what we've been led to believe and rely on from Microsoft turns out to be unhealthy for our systems.
dave
Premium Member
join:2000-05-04
not in ohio

dave to lorennerol

Premium Member

to lorennerol
said by lorennerol:

WTF, first they can't write decent code that doesn't require monthly critical patches, then they eff up the patches AND don't properly test them?

It is impossible to test software under all possible configurations, due to the number of such configurations. One does ones best, but the idea of a serious bug that only shows up on one customer's system is pretty common. I saw one of those only last week.

Here it's more than one, by virtue of the huge scale of Windows sales, but it's a long way from 'everyone'.

I'm saying this not to defend Microsoft but to point out the realities of writing software in the 21st century.
dave

dave to altermatt

Premium Member

to altermatt
said by altermatt:

Is all this really necessary?

If your system is not crashing, then I'd say leave it alone. Especially if it's a client system, i.e., not a server that your business depends on being up 24 hrs a day.

Boooost
@24.190.186.x

Boooost to plencnerb

Anon

to plencnerb
said by plencnerb:

do we need to do all of the steps in the "Mitigations" section?

That's only if you get a crash with a 0x50 Stop error message.

therube
join:2004-11-11
Randallstown, MD

1 recommendation

therube to altermatt

Member

to altermatt
> Is all this really necessary? I'm on 8.1 with update 1 and haven't seen any issues YET
> but only have booted up once since updating

As far as I'm concerned, I'm not going to worry about this until & unless I start to burn.

It is very difficult to read, with good understanding, MS reports.
It is very easy to misinterpret what is being said.

And then they'll make revisions to a report, so your "idea" of what they said before, is now changed with the revision. And you read more information here. And more information on another forum. And one person says this & another that.

And who am I to make sense of it all.

So as far as I'm concerned, MS broke it, my computer is working presently, I'll leave it up to MS to fix it - unless I break, at which time I'll deal with it, but not until then.

Robotics
See You On The Dark Side
Premium Member
join:2003-10-23
Louisa, VA

Robotics to chachazz

Premium Member

to chachazz
I find it interesting I don't have the update, yet my system claims it is up to date. When I'm prompt for updates I get them right then and there.

Guess I need not worry about.

plencnerb
Premium Member
join:2000-09-25
53403-1242

plencnerb to Boooost

Premium Member

to Boooost
Well, I did some investigation of the Mitigation steps that I posted. For the registry step, I don't have any that I would need to delete. Knowing that, I probably don't need to delete and re-create the fntcache.dat file. That would leave then, just the uninstall of the 4 listed KB articles that I would need to perform.

So, what I'm going to do is remove those 4 KB's, and then wait for Microsoft to re-issue them.

While I have not seen issues yet, I feel that is probably the best course of action at this point.

--Brian

Freddy
Premium Member
join:2005-05-17
Arlington, VA

Freddy to chachazz

Premium Member

to chachazz
I'm going along with those who aren't removing the update or updates. My system is running nicely. I'll leave it alone.

Freddy

Boooost
@24.190.186.x

Boooost

Anon

Win7 system had these two (which I removed):
• 2982791 - Security update for kernel-mode drivers: August 12, 2014
• 2970228 - Update to support the new currency symbol for the Russian ruble

Win8 system had this one (which I removed):
• 2982791 - Security update for kernel-mode drivers: August 12, 2014

Neither system had these. Don't know why not.
• 2975719 - Update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2
• 2975331 - Update rollup for Windows RT, Windows 8, and Windows Server 2012

plencnerb
Premium Member
join:2000-09-25
53403-1242

plencnerb

Premium Member

Well, I only had 2 of the updates installed

KB2982791: MS14-045: Description of the security update for kernel-mode drivers: August 12, 2014

KB2975719: August 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2

I do want to point out that since I had issues getting KB2975719 installed (move of the Windows Journal Shortcut), the removal of the update also failed unless I put that shortcut in the proper place!

So, both of these have been removed from my system. Now its just a matter of seeing how long it takes Microsoft to fix and re-issue these patches.

--Brian