We've seen the same problem reported over and over for Windows XP users trying to update their computers: Windows Update redlines (more accurately, the XP Windows Update agent WUAUCLT.EXE running in a SVCHOST wrapper redlines), taking 100 percent of the CPU for five, 10, 15 minutes -- up to an hour or two.
If you have Automatic Update enabled on your computer, that means every time you reboot Windows XP your machine can lock up for hours on end; pull the plug, and the same thing happens over again. On Friday night we (finally) received an official explanation that describes why the problem happens, along with a description of what Microsoft is doing to resolve it and a promise that it'll get fixed "as soon as possible."
When I last reported on the WinXP SVCHOST redlining, Microsoft thought it had solved the problem in the November Black Tuesday set of patches. Wrong. The problem popped up in November and it's gotten worse in December, with lengthy discussions on dozens of forums.
It's hard to tell how many people are affected, but with something like half a billion Windows XP machines still connected to the Internet, it's a horrendous problem. At least in my experiences, the vast majority of people who experience the lockup have no idea why their machines go out to la-la land.
The facile solution -- and it works! -- is to never turn off your Windows XP machine, don't update it, don't patch it, just leave it alone and it'll work fine.
More sophisticated WinXP customers turn off Automatic Update and refrain from installing any new patches. That works, too, but with WinXP the target of all sorts of attacks -- and WinXP end-of-support on the horizon in April -- it's hardly a viable solution.
The first time I reported on SVCHOST redlining, I thought I had a solution. Wrong. The fixes that you read about on the Internet work for some people, some of the time -- but nothing so far works for everybody. There's a reason why: Microsoft's implementation of patch detection in Windows XP is fundamentally flawed. It keeps running longer and longer and longer, with the amount of processing time going up exponentially in relation to the number of Internet Explorer patches that have been rendered obsolete. You may be able to find a way to relieve the pain temporarily, but until the detection routine is fixed, the problems remain.
Doug Neal, senior program manager for Windows and Microsoft Update, sent a message to the PatchManagement listserv on Friday night. He started out by saying:
In September we witnessed a large number of reports of SVCHOST taking high CPU for extended periods of time. This was primarily on Windows XP machines running IE6 or IE7. There were a few reports of this happening on Windows XP with IE8, but only a few.
That may be the first time the Microsoft Update team saw a lot of flaming reports, but I started seeing the reports on Microsoft's TechNet forums in late May. I just did a quick Google search and discovered complaints about this precise behavior (quite possibly with a different cause) going back more than seven years, with dozens of additional, corroborated reports in the interim. SVCHOST redlining with Windows Update isn't a new problem. I just hope Microsoft has nailed down the cause of the latest manifestation.