|mogs||RE: Another botched Black Tuesday|
|5th Nov, 2013 14:08|
User Since: 22nd Apr, 2009
System Score: 100%
Last edited on 5th Nov, 2013 14:13
Following on from :-http://secunia.com/community/forum/thread/show/144...
NOVEMBER 05, 2013
Botched Windows USB driver patch KB 2862330 triggers BSOD 0x000000D1 or 0x000000CA
Last month Microsoft sent MS13-081/KB 2862330 down the automatic update chute, triggering blue screens and endless re-installs. It still isn't fixed
By Woody Leonhard | InfoWorldFollow @woodyleonhard
Last month's Black Tuesday crop included yet another stinker: MS13-081/KB 2862330, a "critical" Windows USB driver update that reaches into the Windows kernel, modifying all of the USB 2.0 driver programs. Microsoft knew before the patch was released that it had an odd double-reboot tendency. That little glitch was documented in the original Knowledge Base article, KB 2862330:
After you install security update 2862330, your computer may restart two times. For more information about updates that require multiple restarts, click the following article number to view the article in the Microsoft Knowledge Base:
2894518 Task sequence fails in Configuration Manager if software updates require multiple restarts
As it turns out, that was the least of MS13-081's worries.
The day after the patch appeared, Microsoft's Answers forum lit up with complaints. Here's a partial list of the problems Windows customers have experienced, after installing the patch:
Windows 7 and Windows Server 2008 R2 may throw up a Blue Screen 0x000000D1 or 0x000000CA or 9x00000050 upon boot.
Windows 7 and Server 2008 R2 machines may reboot, then stall at 32 percent. The only solution is to unplug the machine, then run a system restore -- necessary because the reboots stall at the same point in an endless cycle.
After an extended period of time on reboot, Windows 2008 R2 shows the message "Please wait for modules installer" then "Failure configuring windows updates reverting change." Windows rolls back the changes, but then tries to do them again.
Windows XP has the same infinite-loop installation of the patch.
There are also reports of failing USB keyboards and mice -- at least one user reports his Microsoft Mouse won't work after installing the patch.
To date, I've seen no indication that Microsoft has isolated the source of the problem. There is no new version of the patch. There is, however, a very convoluted series of manual patching steps you can take if you feel an urgent need to install the patch. Look for the three scenarios in the KB 2862330 article. It helps if you have a degree in Computer Science.
Although Microsoft hasn't completely pulled the patch -- it still appears as an "Important" update in Windows 7 Automatic Update -- the selection box is unchecked. Unless you manually check the box, the update will not be installed.
The universal advice at this point is to refrain from installing the patch -- hide it in Automatic Update if you have to. Since the patch is no longer installed by default, and almost a month after its release we still don't have an update, it's a safe assumption that the patch isn't quite as pressing as its "Critical" rating might indicate.
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.