Bugs in latest Windows/Office patch bundles create confusion

[Karlston]

Recent buggy patches have been handled in conflicting, confounding ways

As of a week ago, Windows 7, 8.1, the various 10s, and Office 2013 and 2016 Click-to-Runs (from Office 365) now have at least one thing in common, and that is they all distribute patches in bunches. The bunches raise a very straightforward question, with a number of possible answers: How will Microsoft fix problems with a buggy patch?

 

There’s no simple answer. We have a raging discussion over on AskWoody.com about the dilemma, and one way Microsoft seems to be approaching an answer. Yesterday, Martin Brinkmann on ghacks posted a thorough overview, How will Microsoft fix bugs that security updates introduce? He comes to the conclusion, quite correctly, that if Microsoft fixes bugs in Win7/8.1 security patches with fixes in the non-security part of the monthly rollups, then Windows 7 and 8.1 customers will have no choice but to take all of Microsoft’s patches, all of the time  -- or none at all.

 

For those who aren't overjoyed at the idea of absorbing Win7 and 8.1 telemetry changes, that's not good news at all.

 

As things now stand, the situations with Windows 10 (all versions) and Office Click-to-Run 2013 and 2016 are similar, although presented a bit differently. If Microsoft screws up a security patch, you have no choice but to either roll back the entire update, thus losing all of the most recent security and non-security patches, or to sit and grin until Microsoft gets another cumulative update/CtR version out the door. There’s no middle ground.

 

This is the fundamental Achilles’ heel in Windows patching that I’ve been discussing for nearly two years. It's congenital. It won't go away.

 

So far this month I’ve seen three patches with acknowledged bugs. If you’re expecting some sort of consistency in how those bugs were fixed, you’d be wrong: The approach to fixing bugs varies all over the place. Even in fully patched systems, right now some Windows and Office users are experiencing the bugs, and others aren’t. Support staff must be going nuts.

 

Here are the three acknowledged bugs making the rounds this month:

 

KB 3118373, the “October 4, 2016, update for Excel 2016,” started throwing bogus error messages, spontaneously reporting “Microsoft Excel has stopped working.” Think of it as halt and catch fire for spreadsheets. Microsoft acknowledged the bug on Oct. 8, and pulled the patch.

 

KB 3185319, the “MS16-104: Security update for Internet Explorer: September 13, 2016” -- one of those notorious patches that combines security and non-security updates -- started throwing a "File Download - Security Warning" prompt when you tried to access the Favorites menu. Microsoft acknowledged the problem on Sept. 27, but didn't offer a solution until Oct. 18.

 

KB 3192440, the “Cumulative update for Windows 10: October 11, 2016,” includes a slew of patches for the original “RTM” version of Win10, also known as version 1507. It’s notorious among admins for crashing the System Center Operations Manager (SCOM) management console while in State view. There are similar problems for the other versions of Win10 and Server. Microsoft also acknowledged that problem on Oct. 18.

 

The methods for fixing those bugs run all over the map.

 

If you have Excel 2016 installed, and it was patched on or after Oct. 4, you’re supposed to manually remove KB 3118373, according to KB 3198535. (I have no idea how most people figure out that’s what they’re supposed to do.) Microsoft advises “The fix for this regression as well as other fixes in KB 3118373 will be included in the next public update for Excel 2016.” So, presumably, the first Tuesday in November will include a new Excel 2016 patch that fixes the bug.

 

If you use Excel 2016 as part of Office 2016 Click-to-Run, though, it’s a different story. Microsoft released a new Office 2016 Click-to-Run on Oct. 4, including KB 3118373. They then released a new Office 2016 Click-to-Run on Oct. 11, build 7369.2038, incorporating October’s security patches. I can’t find any documentation on whether KB 3118373 was included in the Oct. 11 version, although the original notification for the Oct. 4 release was updated on Oct. 13 to say that KB 3118373 is no longer available.

 

Bottom line: If you have the installed version of Excel 2016, you may or may not have the bug, depending on whether you’ve uninstalled KB 3118373. If you use Office 2016 Click-to-Run, you had the bug for a while but it’s gone now -- and it isn’t clear what day the bug got pulled.

 

Over on the Windows side of the fence, the situation’s even murkier.

 

After concerted howls emerged on TechNet, the SCOM crash was eventually tracked down to a combination of two patches: MS16-118 and MS16-126. The fix was rolled into cumulative updates for the older Win 10 versions, issued on Oct. 18: KB 3119125 cumulative update for Win10 RTM, and KB 3200068 cumulative update for Win10 version 1511.

 

Here’s where things get weird.

 

The definitive Windows 10 update history page doesn’t list either of those patches. There are no updates listed for Oct. 18. I can’t even tell what build numbers appear after the patches are installed.

 

More than that, the patch for Win10 version 1511, KB 3200068, claims to fix the “File Download - Security Warning” prompt bug from last month’s MS16-104. I can’t find any similar claim for Win10 RTM, or for Win10 1607.

 

It’s possible that the patch called KB 3197954, which is a cumulative update to Win10 1607 that hasn’t yet been released, may fix those two Windows bugs. Or maybe not. There’s no documentation I can find for 3197954.

 

If all those numbers make your head swim, you’re not alone. Imagine what your friendly local support desk person must be confronting:

 

• Those who have run afoul of the Excel 2016 halt and catch fire bug likely need to uninstall KB 3198535, but if they’re on Click-to-Run they need to get the latest version.
• Those who have the “File Download - Security Warning” bug should either move to a different browser, make sure that Win10 has been updated (no idea what build number), or wait for a new undocumented Win10 build.
• And those who have System Center Operations Manager console crashes have no doubt already installed the hotfix, even if it isn't called a hotfix.

 

I’ve said it before: As long as all of the Windows (and Office) patches are good, the cumulative update/rollup approach works fine. But the minute there’s a bug, we’re all in a world of hurt. And confusion.

 

Microsoft should come up with a specific, documented method for fixing bugs in rollup (or just rolled together) bundles of patches. They should let us know what's happening and how or if we can get fixes. If Microsoft won't give us a way to uninstall individual bad patches, it would be smart to develop a "silver bullet" approach where bad patches get uninstalled by installing new patches that eviscerate the bad ones.

 

It's an easy method which, if fully documented, would lead to much less headache here in the trenches.

 

Source: Bugs in latest Windows/Office patch bundles create confusion (InfoWorld - Woody Leonhard)

 

InfoWorld - Woody on Windows

 

AskWoody.com - Woody Leonhard's no-bull news, tips and help for Windows and Office

[steven36]

Updates not really  tested can  cause regression on any OS  , The most scary  thing  about windows 10  is when they release a update you dont if it's going break you're  machine or not ..  I been using Anniversary  Edition on 2 computers  all updates  as long i can get the update i been OK with it . post like this this about bugs in windows updates will go on forever . It's like people think Windows will be prefect  when it's never been . Updates on all  software code  are  only for 3 things.

 

1. Security updates , witch  its like a junkey  chasing a fix  you will never achieve the prefect high and they just mess themselves up in the process - you will never achieve real security and updates to patch stuff  bring on regressions .sometimes.

 

2. Stability updates ,  In the past it took years for Microsoft too get some O/S stable some like Windows ME  never were . Also  Stability updates to make one thing stable can break something else.

 

3, New Feature updates -  Who needs them ? sooner or latter they will make you're hardware not work with a O/S .Its happened on MAC  . Linux and with Windows Vista  in the past .And  It most the time always cause loads of regression .

 

The bottom line people who think they will ever be a prefect O/S  are dreaming it's never going to happen . You're wishing for something is never going  to happen ..Man is flawed  no one is perfect and software is made by man so it will never be perfect. Ether you can adapt  and fix issues as they arise or die worrying about why a O/S  is not perfect.

 

[Karlston]

I believe that the significant drop in the quality of Windows Updates is due to two things...

 

1.  In 2014 Microsoft ditched their group of experience inhouse testers. Developers are now supposed to be doing the testing instead, but that change has major problems too, read the quote further down.

 

2.  For Windows 10 updates, relying on the Windows Insiders to do the testing and bug reporting.  It seems, and has been mentioned by a few frustrated Windows Insiders, that they are reporting bugs to Microsoft, but Microsoft are either not reading the reports or are just plain ignoring them and releasing updates they know to be flaky.

 

Here's a quote from an eye-opening article that explains a bit more...

 

Quote

Full Disclosure: I worked at M$ from 2014-2015.

 

MS has some very talented programmers. They're not very common, but they exist. The problem is that the entire company is completely and totally focused on developing an absurd number of new features and products, giving them completely unrealistic deadlines, and then shipping software on those deadlines no matter how half-assed or buggy it is.

 

The idea is that everything is serviceable over the internet now, so they can just "fix it later", except they never do. This perpetuates a duct-tape culture that refuses to actually fix problems and instead rewards teams that find ways to work around them. The talented programmers are stuck working on code that, at best, has to deal with multiple badly designed frameworks from other teams, or at worst work on code that is simply scrapped. New features are prioritized over all but the most system-critical bugs, and teams are never given any time to actually focus on improving their code. The only improvements that can happen must be snuck in while implementing new features.

 

As far as M$ is concerned, all code is shit, and the only thing that matters is if it works well enough to be shown at a demo and shipped. Needless to say, I don't work there anymore.

 

Source: Why Windows 10 Sucks or Everything Wrong with Microsoft Windows

 

Please don't dismiss this article as just another long Windows rant.  Though it's a little disorganised, it is regularly updated and IMO the author makes plenty of sense and it's worth a read by everyone, regardless of whether you think WIndows is brilliant, or a POS, or somewhere in between.

---

Problem: Since nsane came back recently, I can't Thank/Like posts anymore. The button goes gray, but never comes back with "You" added to the list.  Works fine in a vanilla profile without Adblock Plus and NoScript. Even disabling those two for nsaneforums .com changes nothing...

Solution: A known problem, the workarounds in the 3rd and 4th posts of this thread work for me... Site Update

[steven36]

If you think Windows is hard  you should try manjaro linux  Windows is very easy.. a piece of cake ..i just got done reinstalling manjaroi from a bad update  that would not  let me install any packages  . 1st time i tired i got a black screen of death with the open source drivers.  So i installed Linux Mint instead  .So today I deiced  try to put manjaro on partition beside it. i had to figure how to install  AMD Catalyst  1st , well  i could change kernels  but Catalyst  would not install with  the settings manger. So i had to hold back all the updates  then install Catalyst Server from PACMAC and then it fixed  it ,

 

Then I had to install the AMD Catalyst  from the settings manger  , then take all updates off blacklist then do  all the updates  , I fixed it  on my own . And I have been using  manjaro linux since AUG and tested it before a lot.. doing testing  And it was easy to install before tell this last update  i had to force it too work . 

 

At lest 30%  of the users who voted  had problems from  Manjaro  [Stable Update] 2016-10-09 . If 30% of windows users  had problems from a update it would mess up the whole internet lol