We're from Microsoft -- you can trust us

The Keystone Kops strike again: Microsoft released, then quickly withdrew KB 976902, leaving Automatic Update users with a 'Black Hole Update' that can't be removed

If any of your Windows 7 users have Windows Automatic Update turned on, they probably didn't notice a little patch that slipped into their machines on Tuesday.

Full disclosure: I've been railing against Automatic Update for years and publish full instructions for turning it off -- set to notify but don't download updates -- in all of my books. I'm biased. But even viewed through the rosiest-colored glasses, KB 976902 should give automatic updaters pause. Or ulcers.

As best as I can tell, here's what happened.

Somebody at Microsoft approved an innocuous patch, KB 976902, and put it in the Automatic Update hopper for October's fourth Tuesday round of patches. (Microsoft commonly releases security patches on the second Tuesday of the month and miscellaneous patches on the fourth Tuesday. This one's thoroughly miscellaneous.)

On Oct. 26, Windows 7 users started receiving the patch. Those who had Automatic Update turned on simply got it. Those with Windows (or Microsoft) Update set to Notify received notification about an "Important" and "Recommended" update called KB 976902. The notification says:

Install this update to enable future updates to install successfully on all editions of Windows 7 or Windows Server 2008 R2. This update may be required before selected future updates can be installed. After you install this item, it cannot be removed.

More information: http://support.microsoft.com/?kbid=976902

People who view Microsoft patches with a bit of skepticism tend to distrust patches that can't be removed, and I certainly fall into that category. Then there's this claims to be a patch that may be required prior to installing future patches. Wuh? Why would Microsoft ship a patch in anticipation of another patch, when they could ship both patches together? So I clicked the link to the KB article -- and was greeted with a 404-Not found.

I wasn't the only one.

I try not to wear my tinfoil hat too often -- or at least not as to to let it show -- but many people on the Web have elevated paranoia to a fine art form. All sorts of theories started bouncing around. At one point, according to a discussion on the Norton Tech Outpost, "KB 976902" was the 73rd highest-rated search term on Google.

Somebody at Microsoft suddenly discovered that the emperor had no clothes -- or more accurately, the clothes hadn't yet been posted -- and pulled the plug on the patch. No, they didn't post the KB article or even a stub of a KB article. They simply removed the patch from the Windows Update queue. People who saw the update listed and went searching for answers came back to discover that the patch didn't exist any more.

Of course, the ones who had Automatic Update turned on not only found that they had installed an undocumented update, they couldn't remove it.

That really put the Web echo machine into a tizzy.

Here's where we stand now. The patch isn't listed on Windows Update. The KB article has been posted, but it doesn't include a link to the patch -- and it isn't clear at all where, or even if, the patch is currently available. The patch is definitely a precursor to installing the Release Candidate of Windows 7/Windows 2008 R2 Service Pack 1. From the current KB article:

This update is necessary to successfully install and to remove any service packs to all versions of Windows 7 and on Windows Server 2008 R2.

But it also isn't clear if you need to install KB 976902 prior to installing the SP1 RC.

Keystone Kops all over again...

This article, "We're from Microsoft -- you can trust us," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog.

Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies