It’s taken more than a week for various problem reports to take on a coherent theme, but it now appears as if an “elevation of privilege” patch for Windows, MS 15-038/KB 3045999, causes intermittent problems with a wide array of software.
McAfee ServicePortal reports:
Several applications fail to start after you install Microsoft Patch MS15-038 on systems with DLP [Data Loss Prevention for] Endpoint. Affected applications include, but are not limited to:
Microsoft Office applications
Example startup errors include:
csc.exe- Application Error -- The application was unable to start correctly (0xc0000142)
iexplore.exe- Application Error -- The application was unable to start correctly (0xc0000018)
mmc.exe- Application Error -- The application was unable to start correctly (0xc0000018)
cmd.exe- Application Error -- The application was unable to start correctly (0xc0000018)
Romax reports about an error message from Xenocode Virtual Application Studio ISV, “The applications were unable to load a required virtual machine component. Please contact the publisher of this application for more information.” They go on to say:
We have become aware that a specific Microsoft Windows update KB3045999 published on 13th April 2015 prevents all Romax software from starting up. If your Romax software works, we recommend you immediately contact your IT department and ask them to stop installation of Microsoft Windows update KB3045999. If you are receiving the … error message when starting Romax software then please check if this update has been installed; if it has then this update will need to be uninstalled. Please see the attachment for full detailed steps on how to do this.
VirtualBox users aren’t happy. Poster Scootin159 says:
I too am getting the error "supR3HardenedWinReadErrorInfoDevice: 'ntdll.dll: 7981 differences between 0x300c and 0x4fff in #1 (.text), first: 4c != 1f.'" I've been using this install of VBox for years (installing updates as they arrive), and after just installing Windows Updates (last updated in March 2015, these were April 2015 updates), none of my VM's (various flavors of Windows & Linux) will start up.
ThinLaunch’s ThinDesktop 2 has similar problems. I also see many reports in Russian and Chinese.
An interesting coincidence, the problematic optional Diagnostic Tracking Service patch KB 2912629, which I talked about last week, has this patch, KB 3045999, listed as a prerequisite. The same is true of KB 3022345, which is the Windows 8.1 version of KB 2912629. I wonder if the problems could be inter-related?
I figure it’s another case of the cure being worse than the disease. KB 3045999 fixes an escalation of privilege vulnerability that only applies if the bad guys have already logged into your computer, and are able to run a program they devised. There’s a reason why it’s listed as “important.”
In Windows update land, where crying wolf seems endemic, "important" usually means "not very important."