Microsoft re-releases botched patch as KB 2840149, but problems remain

The saga of botched patch MS13-036 takes new twists and turns -- including a problem with Multiple Master fonts

The latest incarnation of Microsoft's MS13-016 patch to ntfs.sys on Vista, Windows 7, Windows Server 2008, and Server 2008 R2 machines appears to work -- or at least it doesn't induce the same bizarre behavior as the earlier patch -- but there are still known problems with the MS13-036 patch to win32k.sys.

Here's how events with this botched patch have gone down: This month's Black Tuesday crop of automatic Windows patches included a buggy patch, MS13-036/KB 2823324. Two days after that patch went out the Automatic Update chute, the Microsoft Answers Forum was flooded with problem reports and Microsoft finally pulled the patch.

The company published a list of problems with the patch in KB 2839011 and over the past 10 days has kept adding items -- KB article 2839011 is now up to version 6.1. The list of known problems now includes repeated automatic runs of chkdsk that failed to find any issues; Blue screen Stop 0xc000021a; Windows fails to start with a 0xc000000e error; and Kaspersky antivirus complains that your license isn't valid, when it is, and falls over.

In an obscure Microsoft Security Response Center post on Thursday, Microsoft recommended that "all customers who have installed security update 2823324 should follow the guidance that we have provided in KB2839011 to uninstall it." Just about every Vista and Win7 customer who had Windows Automatic Update turned on got the patch, but I'd guess that only about one in 100,000 customers saw the notice to uninstall the patch -- and of those, maybe one in 10 actually did it.

A week later some Vista and Windows 7 customers were still staring at endless reboot cycles and useless computers, so Microsoft released an emergency repair disk that would uninstall the botched patch without requiring an (impossible) boot into Windows.

Yesterday, two weeks after the original bad patch was automatically installed on untold numbers of machines, Microsoft released a better version of the MS13-036 patch, now numbered KB 2840149. If you have Automatic Update turned on for your Vista or Win7 machine (hope springs eternal I guess), you probably have it installed. Although it's too early to tell for sure if the patch will go in with few hassles, I don't yet see any screams of pain over this new, improved version. 

But wait, that's only part of the story. MS13-036 had two different patches. This botched patch fixed the system file ntfs.sys ... eventually. The other patch -- known as KB 2808735 -- replaced the file win32k.sys on all versions of Windows and Server since Windows XP, up to and including Windows 8, Windows RT, and Windows Server 2012. (There's a full list at the end of Security Bulletin MS13-036.) The KB article says that "[a]fter you install this security update, certain Multiple Master fonts cannot be installed." Unfortunately, Microsoft doesn't mention which Multiple Master fonts can't be installed, whether installed MM fonts would get zapped, or if there are modified versions of the MM fonts that might work. The KB article also doesn't say why the MM fonts can't be installed, so it begs the question of whether this is a highly isolated incident, or if symptoms might manifest with other installers or other fonts.

Another one of those "little" patching problems that are little so long as you don't use Multiple Master fonts, eh?

If MS13-036 -- Microsoft's second major botched patch so far this year -- doesn't convince you to turn off Windows Automatic Update, I don't know what will.

This story, "Microsoft re-releases botched patch as KB 2840149, but problems remain," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow InfoWorld.com on Twitter.

From CIO: 8 Free Online Courses to Grow Your Tech Skills
Join the discussion
Be the first to comment on this article. Our Commenting Policies