Microsoft recently re-released a security update that was pulled about three weeks ago when Microsoft users started bombarding the company’s support forum with reports of crippled computers. The update in question, update MS14-045, was rolled out on Patch Tuesday (August 12) and within 24 hours customers started posting messages on a now lengthy thread stating that their systems had been turned into glorified paperweights with an error message and the dreaded blue screen of death.
Some customers were eventually able to get their computers back in working order, though not everyone was so fortunate. Even booting the computers in Safe Mode didn’t seem to help. A majority of the computers that experienced the problem were PC’s running the 64-bit version of Windows 7. Microsoft told customers on August 15 to uninstall one of the two components that made up the patch but made the recommendation only in an updated version of the MS14-045 advisory. Basically Microsoft didn’t blog or send any other public message out about the problem.
Between August 16 and 17 Microsoft pulled the patch from its Windows Update service altogether. The Microsoft Security Response Center (MSRC) recapped the sequence in a blog post but did not explain what had actually gone wrong. In the statement the MSRC stated, “A small number of customers experienced problems with a few of the updates. As soon as we became aware of some problems, we began a review and then immediately pulled the problematic updates, making these unavailable to download. We then began working on a plan to rerelease the affected updates.”
A person claiming to be a Microsoft engineer provided more information about the flawed update, more than the company officially did. Kurt Phillips noted that the patch had not been tested thoroughly and stated, “We made a fairly invasive change in font handling as part of a security patch and thought we had tested it properly, but there are definitely problems in our test coverage and design process that we need to address.” That message was left on the support thread which currently has 540 messages and almost 11,000 views.
In a revised bulletin for the patch Microsoft instructed users to uninstall the MS14-045 patch (if they hadn’t already) and to do so before installing the fixed version. The company also noted that the new update would fix their boot problems. “Customers who experienced difficulties restarting their systems after installing security update 2982791 should no longer experience this problem after installing the replacement update (2993651),” the company stated. The main problem here is that in order to install the repaired update users need to be able to boot up their computers and some users are still unable to do so.
The plot thickened, however, when one user reported that, after the revamped patch was released, Windows Update displayed the following message: “An error occurred while checking for new updates for your computer”. User pacman10 recently wrote on the discussion board stating, “Someone on the Microsoft bridge needs to go personally into the engine room and find out what’s going on. Or have the engine room staff left? Maybe the engine room broke off the back of the ship last week and has sunk. I don’t know.”
Susan Bradley, who is a Microsoft MVP (Most Valuable Professional), a volunteer moderator on the Windows Update subsection of the Microsoft support forum and a noted patch expert who writes for Windows Secrets stated that she has seen additional reports about this same update error message. This puts users in quite the conundrum. You need to boot up your computer to install the new update, which many users can’t do. If you can do that then you also run the risk of seeing this error message. It’s a slippery slope indeed. Hopefully Microsoft figures out what is going on and delivers a solid fix to this issue but until that happens Bradley suggests we all “hang loose”.