Weird garbled Windows 7 update baffles world – now Microsoft reveals the truth Windows 7 users were left scratching their heads on Wednesday when a mysterious garbled patch appeared in Windows Update, origins unknown. The update only seems to have popped up on Windows 7 systems, including Windows 7 Pro and Windows 7 Enterprise. The rogue patch, which advertised itself as a Windows Language Pack, was said …
The fact that Microsoft's own processes aren't rigorous enough to have prevented this test code leaking into their live environment is VERY scary.
Microsoft should come out and say exactly what the test patch actually effects/does, not just say that they are removing it. Its already in the wild and already effected public systems so therefore WAY too late for Microsoft to live in denial about it. I'm surprised that The Reg allowed themselves to be brushed off with corporate hyperbole instead of pushing Microsoft for these details, but I'm not even slightly surprised that Microsoft are still doing their usual "you don''t need to know what we are actually doing to your property" coverup instead of doing the real professional/correct thing.
It just boggles my mind how evern large companies and so-called 'professional' IT managers can see this stuff happening then still choose to buy more Microsoft products to run their entire businesses on.
effect
ɪˈfɛkt
noun
1.
a change which is a result or consequence of an action or other cause.
"the lethal effects of hard drugs"
an impression produced in the mind of a person.
"gentle music can have a soothing effect"
2.
the lighting, sound, or scenery used in a play, film, or broadcast.
"the production relied too much on spectacular effects"
3.
personal belongings.
"the insurance covers personal effects"
verb
verb: effect; 3rd person present: effects; past tense: effected; past participle: effected; gerund or present participle: effecting
1.
cause (something) to happen; bring about.
"the prime minister effected many policy changes"
Actually, effect and affect are both nouns and verbs. Your explanation is incorrect.
You can "create an effect" (noun). You can "effect a change" (verb).
"x affects y" (verb). "A flat affect" (noun).
Note that the last use of "affect" is not the same as "effect". If you said "a flat effect" you might be saying that the paintwork on a 3D object makes it look flat. "A flat affect" means an observed expression of emotion (used by psychologists).
The OP wrote "already effected public systems". If he's using effect as a transitive verb then that would mean that Microsoft, or their patch, had created or brought about public systems. Notwithstanding its etymology, effect is rarely used with a concrete object; in fact its use as a verb seems to be confined to objects that have a sense of "change" or "result". This suggests to me that the word intended was affect.
"It just boggles my mind how evern large companies and so-called 'professional' IT managers can see this stuff happening then still choose to buy more Microsoft products to run their entire businesses on."
Because large companies (or small companies) employing IT Professionals have WSUS (Windows Server Update Services) installed, which lets us choose which patches to install on our desktop estates.
Therefore, firstly we wouldn't have approved such a patch.
Secondly, even if we did approve the patch then it would have been deployed to the "canary" group first. (see canaries in coal mining) and we'd not have had a serious widespread problem even if it killed computers because it wouldn't have been deployed to essential staff.
Thirdly, everybody in the industry releases buggy software and screws up patches.
>> Thirdly, everybody in the industry releases buggy software and screws up patches.
Not really true. There are plenty of industries that can't afford to get it wrong even once, have unavoidable processes and do appropriate levels of testing.
Even if it was true, the real point isn't that someone made the mistake, but how professionally they recover from it and do the right thing after.
Not properly communicating what actually happened including explaining what the patch actually does is (yet another) highly unprofessional, blatantly arrogant cover-up by Microsoft instead of them doing the right thing.
> Thirdly, everybody in the industry releases buggy software and screws up patches.
But the very fact that MS is going to insist upon forced, non-optional patches in the future means EVERY patch they release from now on is going to be under intense scrutiny. If they insist upon their current path, then nothing but 100% perfection will be considered acceptable. If they cannot guarantee that, then they *MUST* allow end users to opt out of updates. End of discussion.
Microsoft seem to have an endless supply of "last straws". It is painfully obvious that they can no longer be relied upon to provide products which are fit for use, and that they cannot be trusted with user's data. Their remaining customers must be getting close to despair.
I don't have a problem with any of this, because I abandoned MS completely about six years ago. But even from the standpoint of an outside observer, MS's behaviour beggars belief.
As much as I hate MicroSoft, all I can say is: Shit Happens.
We had a tech at the company I am at (hence the Anon) that, instead of causing the encryption suite to decrypt the laptop HDD, they told ALL of the laptops in the organization to decrypt the HDD.
They traced it back to a poorly configured group membership in a product I wont name, but it's initials are ePO.
Typical of Microsofts increasing arrogance over the last few years. From the "We know what is best for you school of failed PR executives" Every update that comes from Microsoft is examined, checked for viruses and scrutinised before anyone in my company is allowed to install it. As soon as a working alternative to Microsofts bloatware is available, Microsoft will be dumped.
So was it a mistake on their part or did somebody actually pull off a major hack? After all their BS, doublespeak, spin and deception the past couple of years I am to the point where I am not sure I believe anything Microsoft says anymore and that is really too bad. I used to be an MS evangelist.
new MS for you.
Just yesterday I installed 10 on brand new box. I cleaned it up/silenced it and then I realized that this system not only has little to offer to me but since I can't trust it I really have no use for it.
As for the update - little surprise. With 7 on extended life support MS will be actively sabotaging it to convince masses to move over to new, "better" offerings (that also suit their vision). Whoever hasn't disabled auto updates yet, got another warning shot now.
@Joed
With 7 on extended life support MS will be actively sabotaging it to convince masses to move over to new, "better" offerings (that also suit their vision). Whoever hasn't disabled auto updates yet, got another warning shot now.
Here, amongst us, I agree with you. Though I'm already on Win10 myself, and while Edge is not ready forproduction yet, the rest isn't too bad (privacy settings adjusted).
However, thinking about the wider world.... most people buy a PC, plug it in, get the internet up and running, then never look at it again. BotNets would not exist were these people forced to update their OS and software patches, and scan their systems.
Generally I don't favour compulsion for a great many things, but we've let things run unhindered for 20+ years and they're not getting the message. So, regrettably, I want those people forced to update, forced to have a firewall, and forced to have trojan/virus scanning enabled.
Joed,
"Just yesterday I installed 10 on brand new box. I cleaned it up/silenced it and then I realized that this system not only has little to offer to me but since I can't trust it I really have no use for it."
I have also tried a test Win 10 install, overwriting Win 7 Pro on a redundant (Dell Latitude) laptop. I also cleaned up and reset the defaults to give me as much privacy / security as possible. Result? A not very good Win 7 install, as far as I could see, and nothing to make me want to switch back from Linux to MS.
HOWEVER, while I was trying it out, a slew of MS "security updates" came through and installed themselves. To my astonishment, I found that the updates had reset all my privacy settings to the system defaults, overwriting my preferences - presumably this constitutes MS's idea of security, though it is certainly not mine. A quick trawl of the net suggests that I'm not the only one to have this happen, or that this behaviour is some peculiar property of the old laptop I was using. Who the hell could ever trust a manufacturer who can do that to you?
The HD has been reformatted and the laptop now runs Mint 17 as a spare PC for one of the kids at Uni. End of story.
If it was a hack, Microsoft would cover it up.
Reme!ber the massive Xbox live hacks that were widespread, with accounts emptied. Microsoft didn't want the bad press they generated over Sony coming back at them. The news was buried using thir mighty cash reviews to convince news sites they didn't want to run the story, not with advertising spending review imminent
That's no gobbledygook… it's cyphertext.
It's too coherent to be gobbledygook. The domains are all appropriately punctuated (only dots, occurring in typical distribution), invariably https protocol and all carry the expected suffixes. Look closely Hans, you'll see wilful obfuscation. Encipherment or simply a private ( .mil would seem likely? ) DNS
I have a very bad feeling about this.
Where's that deathstar icon when you need it?...
"It isn't going to get drivers for modern hardware either."
Very true, but then the system in question was running in a Virtualbox, so it had very little to worry about as far as drivers were concerned, and it worked quite well considering the amount of time that has passed since support ended. Ah, well, I'm safe back on my openSUSE system now.
Misty-eyed nostalgia... now where's the icon for that, then, Reg?
Was it really a test? I'm rather suspicious of the garbage URLs.
If it was:
NOTE TO MICROSOFT: Per RFC2606, .test and .example top-level domains are set aside for tests and examples. example.org, example.net, and example.com domains are also reserved for tests and examples. All these domains are held by IANA (Internet Assigned Numbers Authority) so they will never be assigned. You are not to use (random crap).org, .edu, or .gov, because they (theoretically) could be assigned at any time (and, in fact, if these links had been kept up, scammers could have registered at least the .org domain, while they could never have gotten an (whatever).example.org domain.)
Second note: Perhaps you should put "test update" somewhere in the update description, so if it's leaked it's not so mysterious.
Stupid foboff reeks that familiar reek of the NSAFT _NSAKEY stupid foboff.
So, it would appear NSAFT/US.gov has private obfuscated infrastructure in place for distributing special private patches among it's other strategic assets. Hardly surprising. The halfwits appear to have accidentally pushed one out over the public pleb-and-foreigner system. Hardly surprising. Said special patch wasn't installed on the great unwasheds' unblessed systems. Hardly surprising. NSAFT will now presumably have to release that formerly special, was to be private, patch for a useful backdoor out to the riffraff in order to convincingly brush off the little incident. NSA now down one 0-day. No biggie. Nothing to see here. Move along...
send the tin foil hat brigade over the edge and then some.
Not that it might even be warranted suspicion, given the way they put .mil, .edu and .gov extensions on the support links.
By the way iMap, just once you might try Classic Shell (It's free at www.classicshell.net) and see what it does for even Windows 7 though it works great on all more recent versions of Windows and lets you make customizations that you will never be able to do without such a program.
It solves every case of Win 8, 8.1 and 10 buyers remorse I have ever seen. Most people say "Great, you put Windows 7 on my new computer! Now I can use it". OR you could continue to whine and complain and threaten. And I don't sell for them or get a kickback.
@Dan Paul
There are two problems here:
1. That the updates was released accidentally - that is very concerning with the move to forced updates in Win 10 but worrying even without that.
2. The nature of the text.
Problem 1 is clear and being concerned about it should be a natural response for any right-thinking IT bod.
Problem 2 is presumably what prompts you to invoke the 'foil hat' label. I see that but this is concerning enough to be at least a little skeptical. As someone above said, it's clearly cipher-text rather than just random characters and it's the URLs which are most concerning.
I am not overly troubled by this but I think there is enough to worry about here to warrant a much more detailed response by Microsoft.
Dan1980,
It was a botched update they already pulled from circulation.
That issue was explained by other posters and websites quite sufficiently and convincingly.
However, the "Tin Foil Brigade" got together with the "Black Helicopter Troop" to announce some big conspiracy and cover up by the ever more "malicious" Microsoft.
Ganging up on anyone who criticizes an anti-Microsoft rant seems to be de rigueur here and rather Apple-ite in nature. Who's acting like Scientologists' now?
16 downvotes is quite enough proof of that accusation.
@Dan Paul
Just speculation - as I can't speak for others and I didn't down-vote you - but perhaps the problem was that you dismissed peoples' concerns by labelling them as akin to conspiracy theories.
One big problem in today's world is that it has been proven that companies like Microsoft have been working with the government to provide access to user data in secret and on a massive scale. Whether MS were compelled to do so or not is largely irrelevant - it happened.
I don't, personally, believe that this update was anything untoward but I don't automatically discount the views of people who are worried that it wasn't because they are justified in being skeptical and suspicious. Moreover, (recent) history has shown that bad things happen when people are not skeptical, when people take the "don't be silly; it would cost way too much to do that" approach or assure everyone that "they have better things to do that spy on us".
Maybe that makes me a foil-hat wearer but, while much paranoia is unwarranted, it is a proven fact that being paranoid doesn't mean that you aren't right too.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
