Windows Update: The Frying Pan, or The Fire?

I came into the office this morning and my machine had been rebooted.

"OK", I thought, and I looked in Event Viewer, and sure enough, at 3:00 AM just as expected, there had been some WIndows Updates installed.

Then the bad news came. I brought up Internet Explorer and when I clicked on a link in my Favorites or tried to enter an address in the Address Bar, IE would freeze. The only way to kill it was to go into Task Mgr and kill the IExplore.exe process.

At first I didn't think that a Microsoft update could have done this. So, I tried all the "Fixes" from the MVP Internet Explorer site and a couple of others. No dice. I had to use Firefox to go look for the fixes!

To make a long story short, after a couple of frustrating hours and no relief, I did what any intelligent developer would do. I booted off the Windows XP CD, went through the entire installation sequence to the point where it identified my existing Windows XP installation, and chose the (R) repair option. What this does is to completely reinstall the OS, but it leaves your Software and other Registry hives intact.

When I rebooted the machine, Internet Explorer was fixed.

Then, I installed Service Pack 2. After I rebooted, Internet Explorer was fine. Remember, I still had only the slightest suspicion that one of the Windows Updates that were installed the previous evening was suspect. After all, this is Microsoft, which is now so quality and security conscious, these updates HAD to have been well tested, right?

At this point, out of "best practices" habit, I made a complete Registry Backup with ERUNT. I figured, if something went wrong with updates, this might help.

Then, I went to Microsoft Update like a responsible computer user and it downloaded and installed Thirty One (I counted them!) - 31 updates that have been published since SP2 came out.

When I rebooted the machine, you guessed it. Internet Explorer was broken again. Restoring my Registry backup didn't help - it was obviously a replacement file - MSHTML.DLL, UrlMon.dll, Shdocvw.dll, or some other.

I also uninstalled EVERY SINGLE ONE of the windows updates where I could find an spUninst.exe in the windows folder. Still no relief!

Folks, that's it for me. I'd rather have some exposure to security risks than have to spend the better part of a full business day coping with this inferior shit! So tomorrow morning, I have to go through this process all over again, with one exception:


You can BET I won't be visiting Windows Update after reinstalling Windows XP and Service Pack 2! When you folks can prove to me that you will only put out stuff that's guranteed not to screw up my productive business day, then maybe I'll reconsider.

I am not writing this entry to hold myself out as a paladin of breaking the carapace of some sullen corporate bureaucracy, but rather to enlighten others who might become inured to the comforts of a service which may, due to their lassitude, provide them with a false sense of confidence in its ability to achieve its stated aims.

Put more simply, I'm not knocking Microsoft, just warning that "security" is only really useful to us when it doesn't break our STUFF! There is already some early newsgroup posting that indicates the culprit is KB905915. .

Here's a search for example. I counted 57 posts last time I checked.

Maybe those MS Security Patch guys ought to read this here piece on Agile Bridge Building Technology.

UPDATE, 12/7/2005: Finally, there is at least one fix available here.