Jump to content
Login new information ×
Login new information
Donations campaign phase one 2024

Microsoft reissues flawed Windows security update with new flaws

Matsuda

By Matsuda
in Software News

Recommended Posts

Matsuda

Matsuda

Posted
Posted

407086-microsoft-patch-tuesday.jpg?thumb

A new version of MS14-045 has been pushed to Windows Update and the Download Center. Microsoft strongly recommends that users uninstall the old version first.

Microsoft today re-released the updates for security bulletin MS14-045. This update had been released on the August Patch Tuesday, August 12, but withdrawn later in the week after user reports of blue screen crashes and disabled systems.

At the same time Microsoft withdrew MS14-045, it withdrew three non-security updates, KB2970228, KB2975719 and KB2975331. None of those have been reissued and we have no further information on them.

Updated on August27: With respect to these remaining updates, Tracey Pretorius, Director, Microsoft Trustworthy Computing told ZDNet "[w]e continue to work diligently to get the Windows August Update rereleased to customers."

A blog entry from Tracey Pretorius, Director of Microsoft Trustworthy Computing, implies that the problem was released to a change in the release schedules for non-security updates.

The security bulletin says that "Microsoft strongly recommends that customers who have not uninstalled the 2982791 update [i.e., the old version, released on Patch Tuesday] do so prior to applying the 2993651 update [the new version]."

This recommendation applies to users whether they are having problems with the old update or not. Note that Windows Update and Automatic Updates do not remove the old version.

The update addresses three Windows kernel bugs, two of which could result in privilege elevation and the third in exposure of sensitive kernel information.


UPDATE: Known issues with this security update

The Knowledge Base article for the revised update (KB2993651) lists a confusing set of Known Issues remaining with the update.

  • With the update installed, fonts in the system that are not in the default fonts directory (%windir%\fonts\) cannot be changed when loaded in an active session. For more detail, see the KB article.
  • With the update installed, the z-order (depth) of some windows is changed. This means they can be hidden and therefore invisible. Four other earlier updates also cause this problem:
    • 2965768 Stop error 0x3B when an application changes the z-order of a window in Windows 7 SP1 and Windows Server 2008 R2 SP1
    • 2970228 Update to support the new currency symbol for the Russian ruble in Windows
    • 2973201 MS14-039: Description of the security update for Windows on-screen keyboard: July 8, 2014
    • 2975719 August 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2

Two of these (2970228 and 2975719) are among the updates withdrawn by Microsoft along with MS14-045. The other two have not been mentioned previously with respect to the recent problems. Those two now-problematic updates are also still available for download as of late afternoon on August 27.




Source wTAnz2s.png

Link to comment
Share on other sites
  • Replies 6
  • Views 2.5k
  • Created
  • Last Reply
SPECTRUM

SPECTRUM

Posted
Posted

The security bulletin says that "Microsoft strongly recommends that customers who have not uninstalled the 2982791 update [i.e., the old version, released on Patch Tuesday] do so prior to applying the 2993651 update [the new version]."

This recommendation applies to users whether they are having problems with the old update or not. Note that Windows Update and Automatic Updates do not remove the old version.

nope, you don't need to uninstall anything, the update released today (KB2993651 in Windows Update) do everything automatically.

Link to comment
Share on other sites
Matsuda

Matsuda

Posted
  • Author
Posted

The security bulletin says that "Microsoft strongly recommends that customers who have not uninstalled the 2982791 update [i.e., the old version, released on Patch Tuesday] do so prior to applying the 2993651 update [the new version]."

This recommendation applies to users whether they are having problems with the old update or not. Note that Windows Update and Automatic Updates do not remove the old version.

nope, you don't need to uninstall anything, the update released today (KB2993651 in Windows Update) do everything automatically.

This is the recommendation.

I already successfully installed the original 2982791 security update and am not experiencing any difficulties. Should I apply the replacement update (2993651) released on August 27, 2014?

Yes. All customers should apply the 2993651 update, which replaces the expired 2982791 update. Customers do not need to uninstall the expired 2982791 update before applying the 2993651 update; however, Microsoft strongly recommends it. Customers who do not remove the expired update will retain a listing for 2982791 under installed updates in Control Panel.

See the Update FAQ - https://technet.microsoft.com/en-us/library/security/ms14-045.aspx

Link to comment
Share on other sites
lurch234

lurch234

Posted
Posted
yes, but is not needed, because the update do that automatically for you.

What you quoted from Matsudas' post says otherwise! Why are you saying that the new update will remove the old one!?!

Note that Windows Update and Automatic Updates do not remove the old version.

Get your facts straight before posting anything...

Link to comment
Share on other sites
SPECTRUM

SPECTRUM

Posted
Posted

because it does, analyze the installer and you will notice that no user intervention is required, because all is done automatically.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...