back to article Microsoft delivers baker's dozen of patches on Tuesday

Another month, another Patch Tuesday from Microsoft, but this month's bundle has come up one short from the 14 promised patches last week. "We are committed to delivering high-quality security updates for our customers and extensively test each bulletin prior to release," Dustin Childs, group manager at Microsoft Trustworthy …

COMMENTS

This topic is closed for new posts.
  1. Snake Silver badge

    "Banker's dozen"

    Does that mean that the patches take your data, charge you for the privilege of stealing it, pretend that they didn't do anything wrong and when caught run away with all the goodies anyway?

  2. Anonymous Coward
    Anonymous Coward

    Detection issues

    Three of the updates (2810048, 2760411 and 2760588) have detection issues, so once installed will insist on reinstalling, over and over and over. Might want to want for an update on those.

    1. bitmap animal
      Unhappy

      Re: Detection issues

      I've had this on a few machines and when I Googled it there are a lot of others having the same problem across various configurations. I haven't seen a solution yet though for those machines it has already been pushed out to. Al least it doesn't BSOD.

    2. Rich 11

      Re: Detection issues

      Yup. KB2760411 is doing this on two of my five SharePoint dev servers. The live environment can wait for a proper fix.

  3. edge_e
    Trollface

    There, fixed it for you

    The remaining nine are all rated as important and block remote code execution, escalation of privileges, allow covert information gathering, and a denial of service flaw in Active Directory that can crash systems using a malicious LDAP query.

  4. Anonymous Coward
    Anonymous Coward

    Outlook having trouble too

    KB2817630 reportedly problematic, see eg here:

    http://social.technet.microsoft.com/Forums/office/en-US/8ebce46d-1645-4909-8951-d1ca954179ac/outlook-2013-folder-pane-is-empty

  5. g.marconi

    Great shame that so many of the updates don't actually work ! Of the latest bunch only 4 were successful.

    This has been going on for months now, do they not test them at all before distribution?

    1. bitmap animal

      I very rarely have problems, I look after about 25 PCs and a few servers with updates from a local WSUS server. I've had this problem today where two or three patches keep trying to install again and I have one machine that stubbornly refuses an SQL patch, that's it I think. You must be very unlucky.

      1. Lee D Silver badge

        Think about it. If only 1% of machines suffer a problem / incompatibility, but you only manage 25 PC's, that's a risk worth taking. Chances are you can get through four such updates clean-as-a-whistle before you hit a problem.

        But scale up. A typical secondary school has between 100 machines MINIMUM. That means that every update, at least one goes titsup. Multiply that out to several sites that you're in charge off, several customers that you support, and the billion PC's out there that just autoupdate and you're in for a world of hurt almost every month.

        Same thing with hard drives. Someone once asked me why our server hard drives fail "so often" (two single failures in four years). Because we have 100+ machines. The servers have 4 disks minimum. We cycle machines every two years, but still, even just "out of the box" defects, you're bound to hit problems on drives before long. Take into account the MTBF of a working drive and it soon comes down to the point where a drive fails every month, even with the best-known brands in the world.

        The problem is: Microsoft has the biggest customer base of all of us. And they don't test enough to spot these 1% issues. And then if 1% of the PC's in the world switch off, that's MORE than enough to make the whole problem globally critical and we'll all start patching and blocking the update to prevent it.

  6. Anonymous Coward
    Anonymous Coward

    Same old MS

    More patches on top of patches.

    .Net V4 download is forty of Mb. Then comes more than 200Mb of Patches in several tranches. WTF?

    They really need to look at how they do this stuff.

    1. Elmer Phud

      Re: Same old MS

      "They really need to look at how they do this stuff."

      At least it's not on floppies

  7. Anonymous Coward
    Anonymous Coward

    Installation nonsense

    I just find it amazing that after all these years they haven't bothered to deal with the issue of .msi installations routines refusing to run upgrades even from WIndows Update, because one of the original supposedly temporary installation files is missing.

    1. Khaptain Silver badge

      Re: Installation nonsense

      I find it far more amazing that they have never found a means of avoiding the "obligatory" reboot......

      1. Anonymous Coward
        Anonymous Coward

        Re: Installation nonsense

        If you have a system providing a service and can't schedule one node enough downtime to reboot once a month or so, it's a badly designed system. I always reboot after updates, even on linux/unix, so I know it will reboot.

        1. pPPPP

          Re: Installation nonsense

          Some of the patches only replace one file though, and it will force a reboot if that file's in use. The only way of finding out which file it's talking about it to dig through the KB article.

          It would be a lot nicer for the patch to say "I want to replace this file, which is in use by this application/service. Why not close this application/service for me and I'll try again, without having to reboot?" Of course, for desktop roll-outs it's probably simpler just to reboot, but for servers, forcing a reboot to patch a non-essential service, or bloody Internet Explorer is just a pain.

          What would be better still is for MS to actually allow you to install just the applications you need, rather than forcing you to install GB worth of shite you never use.

        2. Anonymous Coward
          Anonymous Coward

          Re: Installation nonsense

          "If you have a system providing a service and can't schedule one node enough downtime to reboot once a month or so, it's a badly designed system. I always reboot after updates, even on linux/unix, so I know it will reboot."

          Are, the old "well if you don't run a cluster" fcukwit.

          How many single dedicated servers do you think there are on the Internet providing services?

          The first service to stop during an update is IIS, followed by compiling the lastest .Net patch and there's usually more than one. Then wait while your server stops everything to install some other patches as it shuts down, followed by another wait while it installs patches on the way back up!!!! You can't have a single server with a 99.9% uptime because Windows takes too long to patch.

          On the Linux servers I manage the updates don't stop the server functioning and the reboot is so much shorter, if it's even required. You reboot when not required? Do you also throw up after you eat, it's not required but does reduce the need for a sh...

          So, to your surprise there is some action outside of the enterprise. If you use Windows in the enterprise, you should be fired for exposing your clients data on the platform with the worlds largest attack surface and one that is the worlds largest attack target. I'd go as far as to say you are negligent.

          1. Anonymous Coward
            Anonymous Coward

            Re: Installation nonsense

            If you run a service that's essential, can't tolerate downtime and it's on a single server not in a cluster or some sort of system which allows failover, who is the fuckwit? It's certainly not me. This goes for Windows, Linux, UNIX, z, everything.

            You may not have a server with 99.99% although uptime is usually measured in terms of unscheduled downtime, but you can easily have a service with that level or better of availabillity.

            Yes, I reboot my Linux servers when they've carried out an update. It's a sensible idea, if you've made changes to a system, reboot it during scheduled downtime, in order that you can make sure the boot process hasn't been damaged in some way, you also know that all the files you had open and were replaced are no longer in use and the new versions are being used. That is, of course, unless you want to find out that your boot process doesn't work as it used to, or someone made changes they didn't record during non-scheduled downtime.

            Anyway, if you think that using Windows in the enterprise is negligent, can you point me to a single enterprise who don't use any Windows. I'm pretty sure you won't be able to, but lets say that 0.1% of enterprises don't use Windows, are 99.9% of enterprises wrong and you're right, or maybe you're wrong?

            1. Anonymous Coward
              Anonymous Coward

              Re: Installation nonsense

              Yes, they are negligent.

              Like most, they probably started when security and MS's security were not on the radar. Windows installs were not connected to the Internet and more likely not connected to anything.

              As it became increasingly clear with win2000 and problems due to security with downloads from the Internet and then self spreading threats windows was not secure, but it's easier to think AV/AM and the ecosystem will get you out of having to think for yourselves. It's easy to go with the flow, only that's not the job of those in charge of security.

              Rely on others is the windows problem, step up and take responsibility. 70% of the planet is covered in water, do you live in the seas and swim everywhere because it's so, no; same with the 99% use windows argument, use an OS that is a smaller target or carry on and be a 'Lemming', jump over the cliff.

              If AV/AM vendors solutions worked, there would be no need for hundreds of updates a year, it doesn't, stop denying everything that's wrong with the windows ecosystem.

            2. Anonymous Coward
              Anonymous Coward

              Re: Installation nonsense

              >>you also know that all the files you had open and were replaced are no longer in use and the new versions are being used.

              # lsof | grep 'DEL.*lib' | cut -f 1 -d ' ' | sort -u

              Get to know lsof - its really handy. Don't know if there's a similar thingie in Windows. Linux really does handle files rather differently than Windows, so get to know how. Try this little game:

              * Run up two root sessions to a Linux box (use screen, ssh in twice, two local consoles or a couple of {x,g,k}{term,onsole}s)

              * Run "top" in one session

              * Switch to the other session

              * Find top's PID eg ps ax | grep top and its location (which top) probably /usr/bin/top

              * Make a backup of the top binary (cp /usr/bin/top /tmp/top) and delete it (rm /usr/bin/top)

              * Verify that top is still running despite the fact you have deleted it's binary

              * Now restore the binary directly from RAM: cp /proc/<PID>/exe /usr/bin/top (obvious replacement for <PID>)

              Yes it is a silly trick but it clearly illustrates a clear difference with Windows. Let's face it why should you not be able to delete an executable file once its loaded in RAM? Using /proc is just a good way to reinforce the lesson.

              Cheers

              Jon

  8. Mevi
    IT Angle

    yeah, .NET4. Grrrrrrrrrr.

    It's always bugged me that they don't fix the 40MB installer, but tack on that load of patches after install.

    Each new patch reveals a new set of patches. A clean install from W7 sp1 needs a few hours of updates and reboots before being fully roadworthy. Can they not just release another sp for 7? Pleeeeeeeeeease?

  9. Sean O'Connor 1

    Office Starter

    Since I did the update all my Office files have got orange icons and when I double click them I now get a dialog box telling me "The MS Office product necessary to open this file is not installed on your computer". I can run Excel Starter itself and then open those same files within it though. Just a pain to do it that way now :(

    At some point Windows Live Movie Maker has decided it can't run on my laptop anymore. Not sure if it's from this update or a previous one.

  10. Anonymous Coward
    Anonymous Coward

    You have to reset the defaults to point to the "Microsoft Office Client Virtualization Handler"

    or

    If you're using Starter and can't find winwordc.exe, and also don't have an active link to Word Starter or Excel Starter on the desktop, right-click on the desktop and create new shortcuts with the following paths:

    For Word: "C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE" "Microsoft Word Starter 2010 9014006604090000

    For Excel: "C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE" "Microsoft Excel Starter 2010 9014006604090000".

    Then right-click on the file you want to associate, and Open With > Choose Default Program. Select one of those new desktop shortcuts and it should be linked up again.

    1. Sean O'Connor 1

      Thanks!

      Got it to work but I had to tell it to Open With the "MS Application Virtualization DDE launcher" that appeared in my Open With options rather than the Virtualization Handler one. No idea what all this means but it's working again anyway.

  11. Anonymous Coward
    Holmes

    Am I the only one who waits a week before doing anything?

    Since I have 3 networks to patch every month, and I'm under PCI time constraints, I take the weekend after patch Tuesday off.

  12. Splodger
    Coat

    Another one (of the very many) with the recurring three Office updates (kb2760411, kb2760588 and kb2760583).

    Microsoft are looking into it, and will update here:

    https://support.microsoft.com/kb/2760411

    Testing methodology suspect?

    Here's a potential fix in the meantime...

    https://www.libreoffice.org

This topic is closed for new posts.

Other stories you might like