Microsoft .NET Patch May Make PCs Go "Haywire"

yuna49 writes "Various people are reporting that the MS07-040 patch for .NET released on Tuesday can cause a variety of seemingly unrelated problems. According to the SANS Internet Storm Center 'the reports we got so far seem not to lead to any specific thing that happens in many cases, just various things going haywire.' Some commentators on The Register's report of this story indicate that the patch failed to install at all, while others report things like the mouse suddenly failing to work or long periods of hard drive thrashing. In some cases a hard reboot seems to fix the problem, but other reports suggest that a reinstallation of the .NET framework itself is required. The problems may be related to the MSCORSVW.EXE process which recompiles all the .NET assemblies when the patch is downloaded. While the recompilations are supposed to run as a background task, in some instances the recompilation will drive the processor to 100% usage."

Sonofa...

[wiredog (43288)]

That's why my box was running so slow yesterday morning. Drove me and the other IT guys a bit nuts trying to figure it out. Eventually it got better on its own.

Re:

[Rob T Firefly (844560)]

Same here. I imagine this story has inspired many a resounding "d'oh!"

Re:Sonofa...

[Macthorpe (960048)]

Well, I can't admit to seeing any issues here, not that it denies the existence of them elsewhere.

I'm quite surprised that this doesn't happen more often, actually. The last time I remember a problem with a Windows Update that made the news was sometime towards the end of last year. Someone can correct me, though, if they feel the need.

Re:

[duguk (589689)]

Mine's been trying to install the same patch on shutdown for about 3 days now... is it related? How can I find out what its trying to install? Should I just install Gentoo again!?!

Re:Sonofa...

[Opportunist (166417)]

Should I just install Gentoo again!?!

Didn't read the rest of your note, but yes.

Re:Sonofa...

[J0nne (924579)]

If your processor is going to be recompiling stuff constantly anyway, you might aswell use Gentoo ;).

Re:Sonofa...

[icepick72 (834363)]

My refridgerator has been leaking and not catching water in the drip pan ... is it related? How can I find out what its doing? Should I just install Gentoo again!?!

Re:Sonofa...

[PopeRatzo (965947)]

I'm another victim, I think. On Wednesday I noticed that several of my applications that use the .NET framework stopped working, such as avi.net, paint.net and Audacity. Then, when I tried to update iTunes I got a message about the .NET installations being "incomplete".

I tried reinstalling the apps, which didn't work, then I tried to "repair" the .NET framwork(s) and finally had to uninstall/reinstall all the .NET stuff. I had to reboot several times during the process. Then it really got weird.

I've been thinking that MS would come up with something that would make XP less useful - some sort of bug or new type of unpatchable vulnerability to force Windows users to adopt Vista. Maybe this is the beginning of the end of XP.

Question: Are the problems deliberate in some way?

[Futurepower(R) (558542)]

Possibly this is all part of a drive to get people with no technical experience to buy new computers. If you apply patches, Microsoft has control over how fast your computer runs.

For example, Problems with an important Windows component, svchost.exe, can consume up to 100% of CPU time. [windowssecrets.com]

On one computer with which I am familiar, the RPC service takes 30%-70% of the CPU time.

I'm not saying Microsoft managers deliberately slow computers. I'm saying that maybe they are not particularly intense about fixing bugs that slow computers.

I'm not the only person who thinks that may be an issue. See this quote from the parent comment: "I've been thinking that MS would come up with something that would make XP less useful - some sort of bug or new type of unpatchable vulnerability to force Windows users to adopt Vista. Maybe this is the beginning of the end of XP."

For a lot of us, using Microsoft software has the feeling of partnering with an enemy.

The person who wrote the parent comment could fix the problem himself. Most people, maybe 99% of Windows XP users, could not. Most people who find that there computer is running very slow will buy another computer. The New York Times article Corrupted PC's Find New Home [nytimes.com] makes that point.

Nickname for the Patch

[by Anonymous Coward]

the MS07-040 patch May Make PCs Go "Haywire"

Considering that "Haywire" is a way to describe chair throwing monkey dances, I propose we nickname this patch "The Ballmer Patch" maybe even tag it theballmerpatch since it could make your computer DEVELOPERSDEVELOPERSDEVELOPERSDEVELOPERS.

Sit on it...

[Heem (448667)]

And this is why I sit on patches for at least a couple of weeks.

"Declined"

Shit on it...

[by Anonymous Coward]

And this is why I sit on patches for at least a couple of weeks.

What's your IP address, my perpetually vulnerable friend?

Re:Shit on it...

[michrech (468134)]

And this is why I sit on patches for at least a couple of weeks.

What's your IP address, my perpetually vulnerable friend?

127.0.0.1

Re:Shit on it...

[utnapistim (931738)]

And this is why I sit on patches for at least a couple of weeks.

What's your IP address, my perpetually vulnerable friend?

127.0.0.1

Aha! Any second now your system will be shutti

Re:Sit on it...

[Heem (448667)]

I also would never be dumb enough to expose any microsoft machines to the internets.
All I have to fear is my internal users, who can't figure out the correct place to type the URL in their web browser (you know, the "blue e thing")

Re:

[hobo sapiens (893427)]

"I also would never be dumb enough to expose any microsoft machines to the internets."
Not a huge MSFT fan here, but that is a bit of an overblown statement. Just use common sense. I have a dual boot PC (XP, Feisty) and my wife uses the web all the time using XP, and I have never (I mean NEVER) had a problem.

Get a good firewall. Or, an OK firewall for that matter (I use Zonealarm). Don't use IE. You cannot uninstall it, but you can hide it pretty well so that nobody can use it. Use legitimate F/OSS (wi

Re:Sit on it...

[Bacon Bits (926911)]

It's a remote code execution fix. It is irresponsible to dismiss it out of hand. If you're not applying the patch, you have up to three workarounds per system to apply. The workaround, by the way, is basically to disable Active Scripting. That is, no Java Script and no ActiveX controls. That's typically not satisfactory. The IIS ASP.NET fix is to strip NULLs from input. That's not going to happen very easily for proprietary web app software.

Are you also "sitting on" MS07-039? Denial of service on AD is bad. Every admin I know applied this patch on Tuesday.

You also, you know, could be testing the patch in your environment before deployment to see if any issues arise.

The issue is also fairly uncommon from what I've seen. The majority of admins I've heard from have experienced no issues. If it's actually an issue with the patch and not just a AV scanner file locking issue due to the patch being 15 MB (which it has been for at least two people I've heard from) then MS will issue a revision.

A far, far worse bug is the fact that can break recent versions of Sharepoint.

Re:Sit on it...

[Heem (448667)]

A week or so isn't going to be the end of the world. I'll wait for you guys to break your environments. I mean, if they are patching something - it HAS been broken all this time - since I installed the box. it didn't just break yesterday and then the patch came right out.

And plus, all my boxes are only on the internal network. Sure, they say your worst enemy is your own employees - I say my worst enemy is broken Microsoft Patches.

So go ahead, upgrade your boxes on patch tuesday. I've just had way to many experiences where that has caused me serious grief.

 

Re:Sit on it...

[idontgno (624372)]

So go ahead, upgrade your boxes on patch tuesday. I've just had way to many experiences where that has caused me serious grief.

I'm picturing the classic "Far Side" cartoon depicting the herd of lemmings (herd? is that what they group in?) rushing down the beach and into the sea with singleminded determination, except for one smartass lemming wearing an inner tube flotation thingie and smiling knowingly at the viewer.

Of course, I did the singleminded-lemming thing Tuesday at home, and nothing's puking visibly yet. But on the gripping hand, the military network environment I work with tends to very carefully evaluate these Microsoft patches before letting them loose on their systems. I guess the network admins want to be the sole authority on unplanned outages, rather than outsourcing to the vendor.

Re:

[myxiplx (906307)]

We typically sit on patches for a couple of months. Then we roll them out to IT, if it doesn't crash those computers we'll roll them out further. In the last two years we've only been vulnerable to a single MS advisory, and needed to patch more quickly.

How? We use group policy and IE security zones so that only sites IT have authorised can run scripts. It's about ten minutes work a week to maintain now, and while there's still some risk that a trusted site could host a vulnerability, the risk is small e

If this is the .NET 1.1 fix...

[Overzeetop (214511)]

...then I'm glad to see others having problems. It tried to install twice, but kept coming up as a pending patch. On the third try, I figured it must be fucked on MS end, and disabled the install and told update to ignore it from now on. *shrug*

ProcessExplorer task manager replacement

[StickInTheMud94 (1127619)]

When this 100% cpu utilization was happening I called up Process Explorer http://www.microsoft.com/technet/sysinternals/util ities/ProcessExplorer.mspx [microsoft.com]

Knowing won't help

[Ropati (111673)]

If you follow the update KB article, you'll find MS has already found issues with the update.

See:
http://support.microsoft.com/kb/928365/ [microsoft.com]

Which leads to:

http://support.microsoft.com/kb/923100/ [microsoft.com]
and
http://support.microsoft.com/kb/934711/ [microsoft.com]
and
http://support.microsoft.com/kb/923101/ [microsoft.com]
and
http://support.microsoft.com/kb/934793/ [microsoft.com]
and
http://support.microsoft.com/kb/931846/ [microsoft.com]

923100 says if you get hosed doing the update, uninstall .NET 2.0, reinstall .NET 2.0 and try to update again. Sounds kind of cyclical to me.

100% CPU ?

[herve_masson (104332)]

in some instances the recompilation will drive the processor to 100% usage

No, kidding ? You mean the background task don't deliberately leave CPU cycles for the sake of increasing idle time ? Amazing.
This kind of summary don't push me hard to RTFA.

Re:

[weicco (645927)]

Remember kids, saving clock cycles is like putting money in the bank.

Hmh. That sound funnier in finnish.

Re:

[Just Some Guy (3352)]

Exactly. You want it running at the equivalent of "nice -19 recompile-dotnet" so that it is using 100% of the CPU but yielding it to anything else that asks. You don't want it to run for days and days, after all.

Win 2k not affected?

[andrewd18 (989408)]

I installed this on my Windows 2000 box yesterday and I haven't seen any problems so far. *shrug* Maybe it's just a Win XP thing.

Re:

[cnettel (836611)]

I would expect it to be much more noticeable if you have Visual Studio, and all of .NET 1.0, .NET 1.1, .NET 2.0 installed. (Visual Studio adding several large assemblies, and separate ngenning for each framework version.) .NET 3.0 will also add a lot of assemblies.

If you run x64 Windows, then you'll probably run into even more duplicate work.

So, I would expect most W2K machines won't have VS2005 and certainly not .NET 3.0. This will make the NGen execution much shorter.

Re:Win 2k not affected?

[Bacon Bits (926911)]

No, it's just an uncommon issue. On the NT admin mailing lists I'm on, only a handful of people have reported problems. Most responses to the thread have been "1000 systems patched here, no problems reported" and the like.

The patch is also nearly 15 MB, which is huge for a patch. Some people have just been having problems with their AV scanners locking the file to scan while Automatic Updates wants to begin installing it (see MS KB 883825 [microsoft.com]). That's not a MS issue. It's arguably not even an AV vendor issue. Mostly it's an issue with admins not excluding the updates download directory.

How about failed standby mode?

[Samedi1971 (194079)]

I haven't seen any of the issues mentioned, but after I installed the update my PC failed to wake up after being put in standby mode. Fans and drives powered up, but no signs of intelligent life. This happened the first two times I put it in standby after installing the update and rebooting. Since then I've put it in standby 3-4 times without any problems.

I don't know if it's related or not, but with everything else on the machine working fine, I was suspecting the update before it magically started work

Re:

[gatkinso (15975)]

I have a laptop running XP Home that will not enter Standby mode now (after applying this patch), a dlg box pops up claming that a .Net service is preventing the system from entering standby.

Familiar symptoms?

[griffjon (14945)]

others report things like the mouse suddenly failing to work or long periods of hard drive thrashing. In some cases a hard reboot seems to fix the problem, but other reports suggest that a reinstallation of the .NET framework itself is required

Wait; so, random failures, hard drive thrashing, rebooting and/or reinstalling works? Isn't that the normal user experience in Windows anyhow?

DUPE! ;)

OK then, so...?

[Jugalator (259273)]

OK then, so everyone goof up every once in a while, I can't really blame them for that, but when is there a patch for the patch then?

Re:

[cnettel (836611)]

Just wait for NGen to complete. The issues with the patch failing to install might warrant a patch, though.

emerge --pv dev-lang/dotnet-runtime-1.1

[MrNemesis (587188)]

For a minute there, it sounded like Microsoft had moved to Gentoo for their package management... ;)

Disclaimer: I use and like Gentoo, for all its misgivings, so no flames please!

Had strange network problems

[mpn14tech (716482)]

After installing patches on Wednesday I started having a peculiar problem when running vmware 5.4. The host box network connectivity would be lost. It would take a reboot of the machine to reestablish the network connection. I also had one unexpected system reboot when running the arp command while troubleshooting the problem. The problem appears to have gone away once I uninstalled the latest patches. No way to know which one was causing the problem. This was on a Windows XPSP2 box.

CPU usage

[Rik Sweeney (471717)]

While the recompilations are supposed to run as a background task, in some instances the recompilation will drive the processor to 100% usage.

Sounds like Microsoft are Secretly Monopolizing the CPU Without Being Root [slashdot.org]

They'd better not have nicked my code or they're in trouble. It's GPL 3 I'll have you know...

background task & 100% CPU

[oliverthered (187439)]

A background task that's taking 100% cpu is perfectly fine, so long as it is a background task and is running on a below normal priority.

I frequently make processes that run at 100% CPU run as a background task.

Damned KB935807 patch

[DigiShaman (671371)]

You sure it's not related to patch KB935807? On three seperate computers running Vista, I could not get this patch to install. It would try to install, then after a reboot or two, it would report back its status as failing. After doing a quick google search, I soon found out that I'm not alone!

And yes, I've tried downloading the patch file and installing manually. No go.

Failure loop

[Phanatic1a (413374)]

For me, that particular patch installation failed. Then the windows update service informed me updates were available, including that patch. Let it try again. Failure. To stop the update service from informing me that this broken patch was available for me to try to install, I had to tell it to ignore that particular patch.

Woo, QC.

Simple solution to the problem... (Funny)

[tgatliff (311583)]

Come on... We all know the routine here on M$ boxes... Reboot it a couple times until we realize it is shot... Stick in the repair cd so that it can finish the job of killing it... Then wax the whole thing and reinstall... Explain to the user that all their data is gone and when they get that "deer caught in headlights" look, tell them they should have backed up to their data... Hm... Missing anything here??

Just a typical day in windows land...

100%?

[Karellen (104380)]

"While the recompilations are supposed to run as a background task, in some instances the recompilation will drive the processor to 100% usage."

Um, so? If the processor isn't doing anything else, why shouldn't a background recompile use up 100% processor time? Don't tell me Windows gives time to the "idle" process when there are other processes, even background ones, that could run?!?

Duh. Cared to look at the date?

[Opportunist (166417)]

Friday 13th, anyone?

How anyone would install an MS patch without first performing some exocism and have a Voodoo priest sacrifice a chicken is beyond me anyway. I have been doing this for years now and so far, no incompatibilities.

Ok, using Ubuntu and Gentoo might have something to do with it, too, but I'm fairly confident of my chicken patching technique.

Technical term: "Haywire?"

[dpbsmith (263124)]

You know things are getting bad when even supposedly technical types start to use this kind of language. In a few years we can expect to see serious techie-to-techie channels postings saying things like "The CPU went kerblooie" and "The disk became discombobulated" and "Don't apply this patch if you're not a real computer genius..."

my fix: install-uninstall-reinstall

[jcgam69 (994690)]

This is what worked for me. After I installed the patch a few of our .NET 2.0 sites broke with a generic "object reference not set to an instance of an object" error, so I called microsoft tech support. After sending the requested log files I decided to uninstall and reinstall the patch. It worked! It's worth a try...

Re:Win2003

[LurkerXXX (667952)]

Wed morning? The day before was patch tuesday. Why is your company installing patches on production servers they day they come out?

You should have a test machine set up and run ALL new patches on it for at least a few days to make sure they don't hork anything up before rolling them out to production machines.

Re:Win2003

[cnettel (836611)]

On the other hand, a broken partition table due to a random hardware error (or any other bug causing a write there) would probably not be detected until the next reboot anyway.

Re:So That's It

[TheLink (130905)]

Come on, give the Microsofties some credit - there are many things they can attempt:

1) Retry
2) Restart
3) Reboot
4) Reconfigure
5) Repatch
6) Reinstall (app)
7) Reformat
8) Rebuild (os + app)
9) Retry (everything from 1-8)
10) Relinquish/Reassign/Reject (project/task)
11) Resign
12) Resume/Resumé ;)

Re:

[laffer1 (701823)]

This seems stupid. If you're going to suggest Linux, at least tell him to install it.

Upon installing patches on wednesday in vista, my system BSOD'd. I was happy to see the familiar screen in vista. It brought back so many memories.

Re:

[plague3106 (71849)]

My comment wasn't directed at you, it was the person who replied to you and mentioned uptime. I see now that my post was confusing.

FWIW, hibernate is the same as shutting the laptop down as far as power goes, so you'll get the same power draw as if it was plugged in but turned off.