Windows Update: The Frying Pan, or The Fire?
I came into the office this morning and my machine had been rebooted.
"OK", I thought, and I looked in Event Viewer, and sure enough, at 3:00 AM just as expected, there had been some WIndows Updates installed.
Then the bad news came. I brought up Internet Explorer and when I clicked on a link in my Favorites or tried to enter an address in the Address Bar, IE would freeze. The only way to kill it was to go into Task Mgr and kill the IExplore.exe process.
At first I didn't think that a Microsoft update could have done this. So, I tried all the "Fixes" from the MVP Internet Explorer site and a couple of others. No dice. I had to use Firefox to go look for the fixes!
To make a long story short, after a couple of frustrating hours and no relief, I did what any intelligent developer would do. I booted off the Windows XP CD, went through the entire installation sequence to the point where it identified my existing Windows XP installation, and chose the (R) repair option. What this does is to completely reinstall the OS, but it leaves your Software and other Registry hives intact.
When I rebooted the machine, Internet Explorer was fixed.
Then, I installed Service Pack 2. After I rebooted, Internet Explorer was fine. Remember, I still had only the slightest suspicion that one of the Windows Updates that were installed the previous evening was suspect. After all, this is Microsoft, which is now so quality and security conscious, these updates HAD to have been well tested, right?
At this point, out of "best practices" habit, I made a complete Registry Backup with ERUNT. I figured, if something went wrong with updates, this might help.
Then, I went to Microsoft Update like a responsible computer user and it downloaded and installed Thirty One (I counted them!) - 31 updates that have been published since SP2 came out.
When I rebooted the machine, you guessed it. Internet Explorer was broken again. Restoring my Registry backup didn't help - it was obviously a replacement file - MSHTML.DLL, UrlMon.dll, Shdocvw.dll, or some other.
I also uninstalled EVERY SINGLE ONE of the windows updates where I could find an spUninst.exe in the windows folder. Still no relief!
Folks, that's it for me. I'd rather have some exposure to security risks than have to spend the better part of a full business day coping with this inferior shit! So tomorrow morning, I have to go through this process all over again, with one exception:
You can BET I won't be visiting Windows Update after reinstalling Windows XP and Service Pack 2! When you folks can prove to me that you will only put out stuff that's guranteed not to screw up my productive business day, then maybe I'll reconsider.
I am not writing this entry to hold myself out as a paladin of breaking the carapace of some sullen corporate bureaucracy, but rather to enlighten others who might become inured to the comforts of a service which may, due to their lassitude, provide them with a false sense of confidence in its ability to achieve its stated aims.
Put more simply, I'm not knocking Microsoft, just warning that "security" is only really useful to us when it doesn't break our STUFF! There is already some early newsgroup posting that indicates the culprit is KB905915. .
Here's a search for example. I counted 57 posts last time I checked.
Maybe those MS Security Patch guys ought to read this here piece on Agile Bridge Building Technology.
UPDATE, 12/7/2005: Finally, there is at least one fix available here.
"OK", I thought, and I looked in Event Viewer, and sure enough, at 3:00 AM just as expected, there had been some WIndows Updates installed.
Then the bad news came. I brought up Internet Explorer and when I clicked on a link in my Favorites or tried to enter an address in the Address Bar, IE would freeze. The only way to kill it was to go into Task Mgr and kill the IExplore.exe process.
At first I didn't think that a Microsoft update could have done this. So, I tried all the "Fixes" from the MVP Internet Explorer site and a couple of others. No dice. I had to use Firefox to go look for the fixes!
To make a long story short, after a couple of frustrating hours and no relief, I did what any intelligent developer would do. I booted off the Windows XP CD, went through the entire installation sequence to the point where it identified my existing Windows XP installation, and chose the (R) repair option. What this does is to completely reinstall the OS, but it leaves your Software and other Registry hives intact.
When I rebooted the machine, Internet Explorer was fixed.
Then, I installed Service Pack 2. After I rebooted, Internet Explorer was fine. Remember, I still had only the slightest suspicion that one of the Windows Updates that were installed the previous evening was suspect. After all, this is Microsoft, which is now so quality and security conscious, these updates HAD to have been well tested, right?
At this point, out of "best practices" habit, I made a complete Registry Backup with ERUNT. I figured, if something went wrong with updates, this might help.
Then, I went to Microsoft Update like a responsible computer user and it downloaded and installed Thirty One (I counted them!) - 31 updates that have been published since SP2 came out.
When I rebooted the machine, you guessed it. Internet Explorer was broken again. Restoring my Registry backup didn't help - it was obviously a replacement file - MSHTML.DLL, UrlMon.dll, Shdocvw.dll, or some other.
I also uninstalled EVERY SINGLE ONE of the windows updates where I could find an spUninst.exe in the windows folder. Still no relief!
Folks, that's it for me. I'd rather have some exposure to security risks than have to spend the better part of a full business day coping with this inferior shit! So tomorrow morning, I have to go through this process all over again, with one exception:
NO UPDATES!
You can BET I won't be visiting Windows Update after reinstalling Windows XP and Service Pack 2! When you folks can prove to me that you will only put out stuff that's guranteed not to screw up my productive business day, then maybe I'll reconsider.
I am not writing this entry to hold myself out as a paladin of breaking the carapace of some sullen corporate bureaucracy, but rather to enlighten others who might become inured to the comforts of a service which may, due to their lassitude, provide them with a false sense of confidence in its ability to achieve its stated aims.
Put more simply, I'm not knocking Microsoft, just warning that "security" is only really useful to us when it doesn't break our STUFF! There is already some early newsgroup posting that indicates the culprit is KB905915. .
Here's a search for example. I counted 57 posts last time I checked.
Maybe those MS Security Patch guys ought to read this here piece on Agile Bridge Building Technology.
UPDATE, 12/7/2005: Finally, there is at least one fix available here.
So I am not alone! Yes, I too would rather have a security risk than a non-functional browser. Fortunately, a system restore took care of things for me. Next option would have been an Acronis image restore. MS Updates are now disabled until further notice.
ReplyDeleteWell, just use firefox :)
ReplyDeleteRE: "Well, just use firefox".
ReplyDeleteOh! How innovative! Just couldn't resist it, could you?
I do use Firefox, wiseass! But I use it when I FEEL LIKE IT, not because I "have to".
Hi Peter
ReplyDeleteI have that exact same problemon a friends pc and havent managed to fix it as yet ;o(
Let me know if you get it resolved .
My coworker just managed to fix his machine by uninstalling KB905915 patch from add/remove programs (mark the updates tickbox to see it).
ReplyDeleteI'll try the same on my home machine which got messed up by this patch this morning...
Yes, of course this will work, but only if it appears in Add/Remove. On many machines users have reported that there is no such entry.
ReplyDeleteI don't really understand why this is an acceptable choice: a non-functional browser or a security risk.
ReplyDeleteSeems a little silly.
But what do I know. I use a Smith-Corona portable typewriter.
Ribbon, baby. Rock on.
Are you are running a version of IE 7 Beta 1? I was and I'm hoping the solution posted here - http://blogs.msdn.com/ie/archive/2005/12/16/504864.aspx - will fix the multiple window glitch that I was experiencing. I'm going to tackle it first thing in the morning.
ReplyDeleteYEA! I'd like to report that removing the registry key worked for me. I just installed the update and no problem.
ReplyDeleteThis one affected me as well. It seems that it is the shdocvw.dll file. Luckily I had a backup of the old file and managed to repair in a command prompt in Safe Mode. It's definently the Windows Update KB905915 as I had to fix it when the update downloaded itself automatically again! I've now disabled automatic updates. Ridiculous.
ReplyDelete