Four more botched Microsoft patches: KB 3000061, KB 2984972, KB 2949927, KB 2995388

Windows users are reporting significant problems with four more October Black Tuesday patches

businessman stress despair problems bankruptcy trader emotional stress depression 000000736479

Microsoft's Black Tuesday problems continue to pile up. Yesterday brought to light problems with KB 2952664, the seventh patch with that name, which fails to install on a large number of Windows 7 machines. Now there are reports of four more botched patches. It's too early to tell exactly what's causing the problems, but if you're having headaches, you aren't alone -- and there are solutions.

KB 3000061, my early choice for "most likely to splat," is a kernel mode driver update, MS 14-058. It's one of Microsoft's zero-day patches this month -- there are very limited but identified attacks in the wild that use this security hole. TechNet has a thread about failure to install on Server 2012 machines. Poster jcs916 describes a problem with installing KB 3000061 on a Windows 8.1 machine:

After rebooting it started the configuring and then gave an error "Failure configuring windows updates, reverting changes" After restarting Windows update still showed the same 18 updates. I ran the update troubleshooter from and it showed that it fixed 3 errors. Same thing happened when I tried installing all the updates from the control panel. I then installed all the updates one at a time and everything worked OK except KB3000061. I ran the troubleshooter again and manually installed KB3000061. Same error on reboot.

On Tuesday, Microsoft released seven separately identified security patches that weren't associated with Security Bulletins. One of them, KB 2984972, isn't faring well. According to Microsoft:

[The patch] enables the Remote Desktop Connection client to perform restricted administration logons. It also enables the Remote Desktop Service that is running on an RD host to perform restricted administration.

AndrewKelly, posting on the TechNet forum, says he has had problems with Autodesk packages after applying the patch:

AutoCAD itself was not affected but Revit, Navis, DWG TrueView all were. Not got to the bottom of why yet (the explanation for the update does not sound like it would make any difference) but simply removing the update from client PCs fixes the packages which will do me for now.

Another post on that thread (nzdude) says that the App-V package Frontrange Solutions HEAT 7.2.2 freezes after applying KB 2984972, and uninstalling the patch fixed the problem. Another (aeg684) says that Trillian Astra, FileMakerPro 12, and SnagIt v11 have the same symptoms. Another (P4PPY) says that ININ's Interaction Client has the same problems.

Harjit Dhaliwal, on the Patch Management forum, quotes a colleague as saying:

Heads up, KB2984972 on Server 2008R2 RD server caused issues with our Wyse thinclients - it caused them all to span desktops across multiple monitors rather than presenting multiple monitors to the host OS. After uninstalling & rebooting clients are presented with multiple monitors again.

Next comes KB 2949927, which adds SHA-2 hashing support to Win7 and Server 2008 R2. Roy Adams, posting on the Patch Management forum, says:

All 3 of my own Win2008R2SP1 servers got stuck in a triple auto-reboot Windows Update Failure this morning. All had 16 updates... They did eventually recover after 2 or 3 auto-rollback reboots... Checking updates on them all now shows this one still to install: Security Update for Windows Server 2008 R2 x64 Edition (KB2949927)

Poster Leolo on the TechNet forum warns:

KB2949927 will fail to install and revert the changes at the next boot if you have BitLocker disabled. The "fvevol" service must be started, and it must be registered in the "LowerFilters" value under this registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}. If you don't have it, KB2949927 will fail!

Finally, a nonsecurity update rollup, KB 2995388 -- also distributed Tuesday -- is causing problems with VMware. After installing the patch, every time you try to boot a virtual machine, you get a message: "Not enough physical memory is available to power on this virtual machine with its configured settings." The VMware folks recommend you not install KB 2995388; if you have, they recommend that you uninstall it.

t/h SB

Copyright © 2014 IDG Communications, Inc.