Langa Letter: Microsoft's Problematic Updates - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Enterprise Applications
Commentary
3/4/2003
02:07 PM
Fred Langa
Fred Langa
Commentary
50%
50%

Langa Letter: Microsoft's Problematic Updates

Windows Updates sometimes cause more harm than good. What's the best way to handle them?

There's good news, there's bad news, and then there's even worse news.

The good news is that Microsoft has an extremely active Windows Update service, delivering a steady stream of bug fixes, patches, and updates for Windows and its essential subsystems, such as Internet Explorer.

The bad news is that Microsoft needs this service to be extremely active, because there are a lot of problems in Windows software and because malicious hackers work harder to find exploitable security flaws in Windows than in any other type of software.

The worse news is that, sometimes, Microsoft patches and updates cause more trouble than the problem they're trying to remedy: The cure can be worse than the disease.

For example, it happened again just in the last couple of weeks with security patch 811493; an NT/Windows 2000/XP update designed to correct a security problem in the Windows kernel. Microsoft described the problem this way:

"The Windows kernel is the core of the operating system. It provides system-level services such as device and memory management, allocates processor time to processes, and manages error handling. There is a flaw in the way the kernel passes error messages to a debugger. This flaw causes vulnerability. An attacker could write a program to exploit this flaw and run code of their choice. An attacker could exploit this vulnerability to take any action on the system, including deleting data, adding accounts with administrative access, or reconfiguring the system."

Microsoft rated this patch as "Important," and it clearly is. Millions of users downloaded and installed it. And then the trouble started: Huge numbers of users saw a tremendous slowdown in their systems after installing the patch. For a hint of the scope of the problem, here's just one (of many) Usenet discussion threads on the subject, this particular example from the microsoft.public.windowsxp.security_admin group.

Eventually, Microsoft reacted, but ineffectually, in a new item called "You May Experience Performance Issues After You Install the 811493 Package on Your Windows XP SP1-Based Computer."

In that item, Microsoft acknowledges the problem, and traces it to "a regression error in the Windows XP SP1 versions of the kernel files (Ntoskrnl.exe, Ntkrnlmp.exe, Ntkrnlpa.exe, and Ntkrpamp.exe) that are included in the 811493 security update." Microsoft also agreed with what the user community had discovered much earlier; that "This problem may be more likely to occur if you use some features of some third-party programs, such as antivirus programs. For example, this problem may occur if your antivirus program is configured to scan all files when you open (or you run) them. This is sometimes called 'real-time' scanning."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Previous
1 of 3
Next
Comment  | 
Print  | 
More Insights
News
Top 10 Data and Analytics Trends for 2021
Jessica Davis, Senior Editor, Enterprise Apps,  11/13/2020
Commentary
Where Cloud Spending Might Grow in 2021 and Post-Pandemic
Joao-Pierre S. Ruth, Senior Writer,  11/19/2020
Slideshows
The Ever-Expanding List of C-Level Technology Positions
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/10/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Why Chatbots Are So Popular Right Now
In this IT Trend Report, you will learn more about why chatbots are gaining traction within businesses, particularly while a pandemic is impacting the world.
Slideshows
Flash Poll