Microsoft ships replacement patch KB 2993651 with two known bugs

Microsoft re-releases botched MS14-045/KB 2982791 'Blue Screen 0x50' patch, buries tip to manually uninstall first patch, and introduces more problems

Even by Microsoft standards, this month's botched Black Tuesday Windows 7/8/8.1 MS14-045 patch hit a new low. The original patch (KB 2982791) is now officially "expired" and a completely different patch (KB 2993651) offered in its stead; there are barely documented revelations of new problems with old patches; patches that have disappeared; a "strong" recommendation to manually uninstall a patch that went out via Automatic Update for several days; and an infuriating official explanation that raises serious doubts about Microsoft's ability to support Windows 9's expected rapid update pace.

I've been covering (and suffering) Microsoft's patching mishaps for more than a decade, and I have just one question: Who the hell is in charge of this mess?

As of early this morning, one Windows 8 user was reporting black screens with the new patch, KB 2993651. Answers Forum posters pacman10, JohnBurgessUK, and chadlan can't get Windows Update to check for new updates after installing KB 2993651 (although rseiler reports all's well). It's too early to tell for sure, but there may be more problems with the new patch.

It all harkens back to the Blue Screen Stop 0x050 error (in Windows 7) and the black screen (in Windows 8/8.1) attributed to two bad kernel-mode driver updates that went down the Automatic Update chute on Black Tuesday, Aug. 12. Two days later, a Windows customer and denizen of the Microsoft Answers forum found a manual workaround that let people with bricked machines get back up and working. Microsoft finally pulled four bad patches -- KB 2982791, KB 2970228, KB 2975719, and KB 2975331 -- on Friday night. As I documented at the time, it took Microsoft more than three days to acknowledge the problem publicly and another day to pull the patches.

It looks like those four bad patches turned belly-up when they encountered OpenType fonts with links in the \Fonts folder. That's not a typical situation, but it's perfectly valid. Microsoft employee Kurt Phillips, posting on the Answers Forum main thread, put it this way:

One thing to keep in perspective here - the actual numbers we get through telemetry (clearly not exhaustive, but definitely representative) are that the failures are only happening in ~0.01 percent of the overall population. So, about 1 in 10000 machines are crashing. We have an obligation to fix that, and we will because we take that obligation very seriously... Just wanted to clear up some of the hyperbole - Microsoft isn't crumbling, all of our testers weren't fired, etc. 99.99 percent success is pretty good in most jobs in this world, but clearly we need to strive for higher.

Of course, Phillips is right. Brushing aside the question of how Microsoft gathers telemetry on bricked machines, 0.01 percent of the 1.5 billion Windows users (25 percent of whom are on XP and aren't affected) is a small percentage but a large number.

Yesterday, apparently without any warning, Microsoft re-released MS14-045, changing the KB number(s) associated with the patch. In Windows 7/8/8.1, KB 2993651 is now offered in place of the old KB 2982791, which no longer exists. (Strikingly, the Knowledge Base article for KB 2982791 hasn't been updated and doesn't reflect the demise of the now-disavowed patch.)

This advice appears at the very end of the lengthy MS14-045 article:

Why was this bulletin revised on August 27, 2014? What happened to the original 2982791 security update? To address known issues with security update 2982791, Microsoft rereleased MS14-045 to replace the 2982791 update with the 2993651 update for all supported releases of Microsoft Windows. Microsoft expired update 2982791 on August 15, 2014. All customers should apply the 2993651 update, which replaces the expired 2982791 update. Microsoft strongly recommends that customers who have not uninstalled the 2982791 update do so prior to applying the 2993651 update.

I already successfully installed the original 2982791 security update and am not experiencing any difficulties. Should I apply the replacement update (2993651) released on August 27, 2014? Yes. All customers should apply the 2993651 update, which replaces the expired 2982791 update. Customers do not need to uninstall the expired 2982791 update before applying the 2993651 update; however, Microsoft strongly recommends it. Customers who do not remove the expired update will retain a listing for 2982791 under installed updates in Control Panel.

I uninstalled the original 2982791 security update. Should I apply the August 27, 2014 rereleased update (2993651)?

Yes. To be protected from CVE-2014-0318 and CVE-2014-1819, all customers should apply the rereleased update (2993651), which replaces the expired 2982791 update.

1 2 3 Page 1
Page 1 of 3