Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

How stealthy patches could bring down all of Windows 10

Woody Leonhard | Aug. 28, 2015
Here's a simple scenario where the lack of patch information could severely limit Windows 10's acceptance.

I could cite a hundred examples – big and small -- over the past few years, where brief descriptions in patch KB articles have helped people nail problems in Microsoft patches.

Here's a simple example. On May 12 of this year, Microsoft released two font driver patches, KB 3057110 and KB 3045171. Shortly afterward, many people reported that their machines wouldn't work right with certain font packages. Golden Software, in particular, heard the scream for help and isolated the problem to these two patches. By May 13, they had posted warnings on their website, telling customers to uninstall KB 3057110 and KB 3045171. Uninstall the security patches, and the problems went away.

A week later, Microsoft updated its Knowledge Base article, admitting to the error. On May 21, Microsoft released a fix. The fact that Microsoft told us that KB 3057110 worked with fonts helped the folks at Golden Software to narrow down the possible sources of problems. Customers benefited because Microsoft described the patch beforehand; it took Microsoft nine days to fix it, but those closer to the customers got a workaround out quickly.

If Microsoft hadn't notified us that the font handler changed (and if the problems hadn't appeared on a Patch Tuesday), Golden Software would've had a much harder time figuring out what went wrong. Zeroing in on a fix would've been even more difficult.

I could recite a dozen more examples from this year -- KB 3087916 (spurious "An ActionScript error has occurred" in IE11), KB 3022345 (the sfc /scannow "file corruption" error fixed last week in KB 3080149), KB 3037580 (Security Patching pools stopped), KB 3002657 and KB 3033929 (Cisco AnyConnect VPN broken), and so on. In each of those cases, the presence of a simple description attached to a patch number made it much easier to track down which patch was causing the problem and get fix advice out to customers.

Imagine if all of those had been bundled with miscellaneous patches and feature updates in another undescribed Cumulative Update. Those adept enough to use the Win10 patch uninstaller KB 3073930 (which has its own problems) might be able to negate the effects of a bad patch -- drive a wooden stake through its heart, as it were -- but if we don't have descriptions of the patches and they come out in one undifferentiated mess, mitigating Microsoft's mistakes won't be easy.

That's a problem for individual users. But it's even worse for admins. I can't envision how it's supposed to work.

Security patches, presumably, go out to everybody, in all branches, simultaneously. It then gets pushed onto all Windows 10 Home machines, and all Windows 10 Pro machines that aren't attached to an update server. There's no description of the security patch -- at least that's the implication of the Register's article. It goes into the Windows Update for Business hopper and/or the Windows Server Update Services queue. Admins, apparently, have to test the patch for deployment without a description of what it's supposed to do.


Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.