Langa Letter: Microsoft's Problematic Updates - InformationWeek
IoT
IoT
Software // Enterprise Applications
Commentary
3/4/2003
02:07 PM
Fred Langa
Fred Langa
Commentary
50%
50%
RELATED EVENTS
Ransomware: Latest Developments & How to Defend Against Them
Nov 01, 2017
Ransomware is one of the fastest growing types of malware, and new breeds that escalate quickly ar ...Read More>>

Langa Letter: Microsoft's Problematic Updates

Windows Updates sometimes cause more harm than good. What's the best way to handle them?

There's good news, there's bad news, and then there's even worse news.

The good news is that Microsoft has an extremely active Windows Update service, delivering a steady stream of bug fixes, patches, and updates for Windows and its essential subsystems, such as Internet Explorer.

The bad news is that Microsoft needs this service to be extremely active, because there are a lot of problems in Windows software and because malicious hackers work harder to find exploitable security flaws in Windows than in any other type of software.

The worse news is that, sometimes, Microsoft patches and updates cause more trouble than the problem they're trying to remedy: The cure can be worse than the disease.

For example, it happened again just in the last couple of weeks with security patch 811493; an NT/Windows 2000/XP update designed to correct a security problem in the Windows kernel. Microsoft described the problem this way:

"The Windows kernel is the core of the operating system. It provides system-level services such as device and memory management, allocates processor time to processes, and manages error handling. There is a flaw in the way the kernel passes error messages to a debugger. This flaw causes vulnerability. An attacker could write a program to exploit this flaw and run code of their choice. An attacker could exploit this vulnerability to take any action on the system, including deleting data, adding accounts with administrative access, or reconfiguring the system."

Microsoft rated this patch as "Important," and it clearly is. Millions of users downloaded and installed it. And then the trouble started: Huge numbers of users saw a tremendous slowdown in their systems after installing the patch. For a hint of the scope of the problem, here's just one (of many) Usenet discussion threads on the subject, this particular example from the microsoft.public.windowsxp.security_admin group.

Eventually, Microsoft reacted, but ineffectually, in a new item called "You May Experience Performance Issues After You Install the 811493 Package on Your Windows XP SP1-Based Computer."

In that item, Microsoft acknowledges the problem, and traces it to "a regression error in the Windows XP SP1 versions of the kernel files (Ntoskrnl.exe, Ntkrnlmp.exe, Ntkrnlpa.exe, and Ntkrpamp.exe) that are included in the 811493 security update." Microsoft also agreed with what the user community had discovered much earlier; that "This problem may be more likely to occur if you use some features of some third-party programs, such as antivirus programs. For example, this problem may occur if your antivirus program is configured to scan all files when you open (or you run) them. This is sometimes called 'real-time' scanning."

Previous
1 of 3
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
[Interop ITX 2017] State Of DevOps Report
[Interop ITX 2017] State Of DevOps Report
The DevOps movement brings application development and infrastructure operations together to increase efficiency and deploy applications more quickly. But embracing DevOps means making significant cultural, organizational, and technological changes. This research report will examine how and why IT organizations are adopting DevOps methodologies, the effects on their staff and processes, and the tools they are utilizing for the best results.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll