Forgot your password?
typodupeerror

Microsoft .NET Patch May Make PCs Go "Haywire" 212

Posted by Zonk
from the danger-will-robinson-danger dept.
yuna49 writes "Various people are reporting that the MS07-040 patch for .NET released on Tuesday can cause a variety of seemingly unrelated problems. According to the SANS Internet Storm Center 'the reports we got so far seem not to lead to any specific thing that happens in many cases, just various things going haywire.' Some commentators on The Register's report of this story indicate that the patch failed to install at all, while others report things like the mouse suddenly failing to work or long periods of hard drive thrashing. In some cases a hard reboot seems to fix the problem, but other reports suggest that a reinstallation of the .NET framework itself is required. The problems may be related to the MSCORSVW.EXE process which recompiles all the .NET assemblies when the patch is downloaded. While the recompilations are supposed to run as a background task, in some instances the recompilation will drive the processor to 100% usage."
This discussion has been archived. No new comments can be posted.

Microsoft .NET Patch May Make PCs Go "Haywire"

Comments Filter:
  • That's why my box was running so slow yesterday morning. Drove me and the other IT guys a bit nuts trying to figure it out. Eventually it got better on its own.
  • by Anonymous Coward on Friday July 13, 2007 @08:49AM (#19847669)

    the MS07-040 patch May Make PCs Go "Haywire"
    Considering that "Haywire" is a way to describe chair throwing monkey dances, I propose we nickname this patch "The Ballmer Patch" maybe even tag it theballmerpatch since it could make your computer DEVELOPERSDEVELOPERSDEVELOPERSDEVELOPERS.
  • Sit on it... (Score:5, Insightful)

    by Heem (448667) on Friday July 13, 2007 @08:53AM (#19847693) Homepage Journal
    And this is why I sit on patches for at least a couple of weeks.

    "Declined"
    • by Anonymous Coward on Friday July 13, 2007 @09:33AM (#19847969)

      And this is why I sit on patches for at least a couple of weeks.
      What's your IP address, my perpetually vulnerable friend?
      • by michrech (468134) on Friday July 13, 2007 @10:01AM (#19848227)

        And this is why I sit on patches for at least a couple of weeks.
        What's your IP address, my perpetually vulnerable friend?
        127.0.0.1
      • I also would never be dumb enough to expose any microsoft machines to the internets.
        All I have to fear is my internal users, who can't figure out the correct place to type the URL in their web browser (you know, the "blue e thing")

        • That's not a web browser (referring to IE), that's The Home Page. And several users a week will call in and say The home page is broke! or The home page is messed up! It's missing my links.

          In most cases, they fugged up their IE tool bars.

          I hate my users.
          • by cmacb (547347)

            "In most cases, they fugged up their IE tool bars."

            How about... they clicked "view" and turned the toolbar off? I just helped a guy who had lost his "go back" button. This was a home user. For weeks now he had been browsing the web, until he gets to a page that doesn't link to anything he is interested in. So then he drops the connection, reboots his computer and starts over. Of course this isn't a problem unique to Windows PCs, I could do the same thing here with Linux and Firefox. What is unique t

            • by Gilmoure (18428)
              Within an hour of my post above, I got a call: My 'Backspace' isn't working.

              I start by asking about Word, etc. Turns out they had unselected all their toolbars in IE. And yes, had been like that since Tuesday.
        • Re: (Score:3, Interesting)

          by hobo sapiens (893427)
          "I also would never be dumb enough to expose any microsoft machines to the internets."
          Not a huge MSFT fan here, but that is a bit of an overblown statement. Just use common sense. I have a dual boot PC (XP, Feisty) and my wife uses the web all the time using XP, and I have never (I mean NEVER) had a problem.

          Get a good firewall. Or, an OK firewall for that matter (I use Zonealarm). Don't use IE. You cannot uninstall it, but you can hide it pretty well so that nobody can use it. Use legitimate F/OSS (wi
    • Re:Sit on it... (Score:5, Insightful)

      by Bacon Bits (926911) on Friday July 13, 2007 @10:06AM (#19848283)
      It's a remote code execution fix. It is irresponsible to dismiss it out of hand. If you're not applying the patch, you have up to three workarounds per system to apply. The workaround, by the way, is basically to disable Active Scripting. That is, no Java Script and no ActiveX controls. That's typically not satisfactory. The IIS ASP.NET fix is to strip NULLs from input. That's not going to happen very easily for proprietary web app software.

      Are you also "sitting on" MS07-039? Denial of service on AD is bad. Every admin I know applied this patch on Tuesday.

      You also, you know, could be testing the patch in your environment before deployment to see if any issues arise.

      The issue is also fairly uncommon from what I've seen. The majority of admins I've heard from have experienced no issues. If it's actually an issue with the patch and not just a AV scanner file locking issue due to the patch being 15 MB (which it has been for at least two people I've heard from) then MS will issue a revision.

      A far, far worse bug is the fact that can break recent versions of Sharepoint.
      • Re:Sit on it... (Score:5, Insightful)

        by Heem (448667) on Friday July 13, 2007 @10:14AM (#19848349) Homepage Journal
        A week or so isn't going to be the end of the world. I'll wait for you guys to break your environments. I mean, if they are patching something - it HAS been broken all this time - since I installed the box. it didn't just break yesterday and then the patch came right out.

        And plus, all my boxes are only on the internal network. Sure, they say your worst enemy is your own employees - I say my worst enemy is broken Microsoft Patches.

        So go ahead, upgrade your boxes on patch tuesday. I've just had way to many experiences where that has caused me serious grief.

         
        • by idontgno (624372) on Friday July 13, 2007 @10:22AM (#19848407) Journal
          So go ahead, upgrade your boxes on patch tuesday. I've just had way to many experiences where that has caused me serious grief.

          I'm picturing the classic "Far Side" cartoon depicting the herd of lemmings (herd? is that what they group in?) rushing down the beach and into the sea with singleminded determination, except for one smartass lemming wearing an inner tube flotation thingie and smiling knowingly at the viewer.

          Of course, I did the singleminded-lemming thing Tuesday at home, and nothing's puking visibly yet. But on the gripping hand, the military network environment I work with tends to very carefully evaluate these Microsoft patches before letting them loose on their systems. I guess the network admins want to be the sole authority on unplanned outages, rather than outsourcing to the vendor.

        • A week or so isn't going to be the end of the world. I'll wait for you guys to break your environments. I mean, if they are patching something - it HAS been broken all this time - since I installed the box. it didn't just break yesterday and then the patch came right out.

          A week or so might be just enough. Even if something has been broken all this time, there is a big difference between your system having unpatched vulnerabilities and having unpatched and known vulnerabilities.

          From your point of view,

        • by ImaLamer (260199)
          I had a gray beard say to me once,

          "If you want overtime, install all of the updates as they drop; turn on Automatic Updates; you pay check will get huge!"

          Of course his point wasn't that all patches are evil, his point was that patches can break things too! Don't be the first into the pool - you don't win anything for it.
          • by Heem (448667)
            Hey now, I've only got like 10 or so hairs in my beard turning gray! ;)
        • by skarphace (812333)

          So go ahead, upgrade your boxes on patch tuesday. I've just had way to many experiences where that has caused me serious grief.
          This is what test boxes are for.
      • Interesting and mature response. Sorry, have no points today...
      • Re: (Score:3, Interesting)

        by myxiplx (906307)
        We typically sit on patches for a couple of months. Then we roll them out to IT, if it doesn't crash those computers we'll roll them out further. In the last two years we've only been vulnerable to a single MS advisory, and needed to patch more quickly.

        How? We use group policy and IE security zones so that only sites IT have authorised can run scripts. It's about ten minutes work a week to maintain now, and while there's still some risk that a trusted site could host a vulnerability, the risk is small e
      • OR just don't install .Net on your client PCs?

        The odds that any of your client PCs need .Net are very remote unless you use it in house.
  • Okay, I noticed my laptop thrashing away like crazy last night just before I went to bed. One of the offending processes was MSCORSVW.EXE. Since I was tired, I just shut it down and figured I would look into it later. This saves me some research!

    It didn't seem to cause a problem on any of my other PCs, though.

    • Re: (Score:1, Troll)

      by asliarun (636603)

      Since I was tired, I just shut it down and figured I would look into it later. This saves me some research!
      Aah my friend, in your weariness, you stumbled upon the magic solution for all Microsoftie ailments...

      REBOOT! (and rejoice, and talk to me about uptime later)
      • by plague3106 (71849)
        Ya, because you're really l337 running a laptop 24/7!!11
      • by TheLink (130905) on Friday July 13, 2007 @09:51AM (#19848131) Journal
        Come on, give the Microsofties some credit - there are many things they can attempt:


        1) Retry
        2) Restart
        3) Reboot
        4) Reconfigure
        5) Repatch
        6) Reinstall (app)
        7) Reformat
        8) Rebuild (os + app)
        9) Retry (everything from 1-8)
        10) Relinquish/Reassign/Reject (project/task)
        11) Resign
        12) Resume/Resumé ;)

        • by ettlz (639203)
          13) Profit!
        • by geobeck (924637)

          Adapting this list to the solid waste hierarchy...

          1. Reduce: Don't use the computer so much. (Kinda sucks for business users)
          2. Reuse: Stick with Windows 98 for the next 50 years.
          3. Recycle: Put Linux on the box instead. (Judgment reserved as to whether this constitutes upcycling or downcycling)
          4. Recover: Burn the OS CDs and use the heat to generate electricity.
          5. Residual: Toss the whole thing in the landfill and start a business that doesn't require computers, like... um... a corner lemonade stand.
  • ...then I'm glad to see others having problems. It tried to install twice, but kept coming up as a pending patch. On the third try, I figured it must be fucked on MS end, and disabled the install and told update to ignore it from now on. *shrug*
    • I believe that you are (partially) correct, it is for .NET Framework versions 1.0, 1.1, and 2.0. AFAIK, v3.0 is not affected by the vulnerability. Just a wild-assed guess here, but If you have any beta or CTP versions of the 1.1 or 2.0 Framework, that may be causing issues as well. That bit me in the ass a while back when I tried to install some of the latest versions MS dev tools. Had to uninstall the beta/preview versions of the Framework (and any beta/preview applications that relied on them such as
  • "If Assumption the mother of all fuck ups, then surely it is also the father of all Microsoft engineering."
  • by StickInTheMud94 (1127619) on Friday July 13, 2007 @08:58AM (#19847713)
    When this 100% cpu utilization was happening I called up Process Explorer http://www.microsoft.com/technet/sysinternals/util ities/ProcessExplorer.mspx [microsoft.com]
  • 100% CPU ? (Score:5, Insightful)

    by herve_masson (104332) on Friday July 13, 2007 @08:59AM (#19847719)
    in some instances the recompilation will drive the processor to 100% usage

    No, kidding ? You mean the background task don't deliberately leave CPU cycles for the sake of increasing idle time ? Amazing.
    This kind of summary don't push me hard to RTFA.
    • Re: (Score:3, Funny)

      by weicco (645927)

      Remember kids, saving clock cycles is like putting money in the bank.

      Hmh. That sound funnier in finnish.

    • Exactly. You want it running at the equivalent of "nice -19 recompile-dotnet" so that it is using 100% of the CPU but yielding it to anything else that asks. You don't want it to run for days and days, after all.

  • Win 2k not affected? (Score:2, Informative)

    by andrewd18 (989408)
    I installed this on my Windows 2000 box yesterday and I haven't seen any problems so far. *shrug* Maybe it's just a Win XP thing.
    • by cnettel (836611)
      I would expect it to be much more noticeable if you have Visual Studio, and all of .NET 1.0, .NET 1.1, .NET 2.0 installed. (Visual Studio adding several large assemblies, and separate ngenning for each framework version.) .NET 3.0 will also add a lot of assemblies.

      If you run x64 Windows, then you'll probably run into even more duplicate work.

      So, I would expect most W2K machines won't have VS2005 and certainly not .NET 3.0. This will make the NGen execution much shorter.

    • by Bacon Bits (926911) on Friday July 13, 2007 @09:49AM (#19848113)
      No, it's just an uncommon issue. On the NT admin mailing lists I'm on, only a handful of people have reported problems. Most responses to the thread have been "1000 systems patched here, no problems reported" and the like.

      The patch is also nearly 15 MB, which is huge for a patch. Some people have just been having problems with their AV scanners locking the file to scan while Automatic Updates wants to begin installing it (see MS KB 883825 [microsoft.com]). That's not a MS issue. It's arguably not even an AV vendor issue. Mostly it's an issue with admins not excluding the updates download directory.
      • > Mostly it's an issue with admins not excluding the updates download directory.

        Where IS that directory? Half the patches I see make weirdo directories in C:\ that look like GUIDs or something? And I still don't know why they never clean up after themselves.
        • C:\WINDOWS\SoftwareDistribution. Specifically, updates get downloaded and unpacked to C:\WINDOWS\SoftwareDistribution\Download. You can actually delete C:\WINDOWS\SoftwareDistribution without hurting anything (as long as you stop Automatic Updates and BITS), and since Automatic Updates typically doesn't delete update files it's a good idea to do so every so often. It also forces the client to re-download the metadata stored in DataStore, which is known to become corrupt and prevent Automatic Updates from
  • I haven't seen any of the issues mentioned, but after I installed the update my PC failed to wake up after being put in standby mode. Fans and drives powered up, but no signs of intelligent life. This happened the first two times I put it in standby after installing the update and rebooting. Since then I've put it in standby 3-4 times without any problems.

    I don't know if it's related or not, but with everything else on the machine working fine, I was suspecting the update before it magically started work
    • by gatkinso (15975)
      I have a laptop running XP Home that will not enter Standby mode now (after applying this patch), a dlg box pops up claming that a .Net service is preventing the system from entering standby.

  • Familiar symptoms? (Score:2, Insightful)

    by griffjon (14945)
    others report things like the mouse suddenly failing to work or long periods of hard drive thrashing. In some cases a hard reboot seems to fix the problem, but other reports suggest that a reinstallation of the .NET framework itself is required

    Wait; so, random failures, hard drive thrashing, rebooting and/or reinstalling works? Isn't that the normal user experience in Windows anyhow?

    DUPE! ;)
  • OK then, so everyone goof up every once in a while, I can't really blame them for that, but when is there a patch for the patch then?
    • by cnettel (836611)
      Just wait for NGen to complete. The issues with the patch failing to install might warrant a patch, though.
  • For a minute there, it sounded like Microsoft had moved to Gentoo for their package management... ;)

    Disclaimer: I use and like Gentoo, for all its misgivings, so no flames please!
  • After installing patches on Wednesday I started having a peculiar problem when running vmware 5.4. The host box network connectivity would be lost. It would take a reboot of the machine to reestablish the network connection. I also had one unexpected system reboot when running the arp command while troubleshooting the problem. The problem appears to have gone away once I uninstalled the latest patches. No way to know which one was causing the problem. This was on a Windows XPSP2 box.
    • Hey, I'm having network problems as well!

      Slightly different, but in other ways similar behaviour. Network runs fine until I start up Steam. Steam logs in well enough, the Store (a web page) loads, but then all of a sudden any sign of a healthy connection disappears. The Steam server list shows nothing, no other programs will connect to the Internet (well, almost none -- I'll get to that). This happens absolutely every time. Curiously, the network seems to slow down immensely at first. If I leave the server
  • CPU usage (Score:5, Funny)

    by Rik Sweeney (471717) on Friday July 13, 2007 @09:13AM (#19847819) Homepage
    While the recompilations are supposed to run as a background task, in some instances the recompilation will drive the processor to 100% usage.

    Sounds like Microsoft are Secretly Monopolizing the CPU Without Being Root [slashdot.org]

    They'd better not have nicked my code or they're in trouble. It's GPL 3 I'll have you know...
  • on a[n] [un]related note, the win2003 server at the company I work for had its partition table corrupted by wednesday morning. Last time the server was alive was midnight tuesday. They can't figure out what happened, other than "some updates were installed".

    I rebuilt the partitions with some magical software. Everything seems to be okay at this point. Anyone know if this is related? The only unusual thing that happened to this otherwise "reliable" server were the updates.
    • Re:Win2003 (Score:5, Insightful)

      by LurkerXXX (667952) on Friday July 13, 2007 @09:30AM (#19847939)
      Wed morning? The day before was patch tuesday. Why is your company installing patches on production servers they day they come out?

      You should have a test machine set up and run ALL new patches on it for at least a few days to make sure they don't hork anything up before rolling them out to production machines.
  • by oliverthered (187439) <oliverthered@hot ... minus herbivore> on Friday July 13, 2007 @09:15AM (#19847839) Journal
    A background task that's taking 100% cpu is perfectly fine, so long as it is a background task and is running on a below normal priority.

    I frequently make processes that run at 100% CPU run as a background task.
  • You sure it's not related to patch KB935807? On three seperate computers running Vista, I could not get this patch to install. It would try to install, then after a reboot or two, it would report back its status as failing. After doing a quick google search, I soon found out that I'm not alone!

    And yes, I've tried downloading the patch file and installing manually. No go.
    • None of my Vista machines (all 3 of them) were able to install KB935807 via Windows Update. However, I was able to install manually.

      Try stopping the Windows Update service, deleting the C:\WINDOWS\SoftwareDistribution\Download and C:\WINDOWS\SoftwareDistribution\DataStore folders, and then install the patch manually. That worked for me.

      This is a major pain in the ass. Thanks, Microsoft.
  • Yeah, this one seems to of got me as well, or at least I think so. Patches installed by themselves, and Windows did it's reboot thing overnight. When I logged in the next day, one of my USB hard drives wasn't recognized. Now whenever it's plugged in, just AC, not USB, the activity LED goes crazy. Anyone heard anything like this, or any way to rectify.
  • For me, that particular patch installation failed. Then the windows update service informed me updates were available, including that patch. Let it try again. Failure. To stop the update service from informing me that this broken patch was available for me to try to install, I had to tell it to ignore that particular patch.

    Woo, QC.
  • by tgatliff (311583) on Friday July 13, 2007 @09:43AM (#19848061)
    Come on... We all know the routine here on M$ boxes... Reboot it a couple times until we realize it is shot... Stick in the repair cd so that it can finish the job of killing it... Then wax the whole thing and reinstall... Explain to the user that all their data is gone and when they get that "deer caught in headlights" look, tell them they should have backed up to their data... Hm... Missing anything here??

    Just a typical day in windows land...
  • "While the recompilations are supposed to run as a background task, in some instances the recompilation will drive the processor to 100% usage."

    Um, so? If the processor isn't doing anything else, why shouldn't a background recompile use up 100% processor time? Don't tell me Windows gives time to the "idle" process when there are other processes, even background ones, that could run?!?
  • by Opportunist (166417) on Friday July 13, 2007 @10:07AM (#19848299)
    Friday 13th, anyone?

    How anyone would install an MS patch without first performing some exocism and have a Voodoo priest sacrifice a chicken is beyond me anyway. I have been doing this for years now and so far, no incompatibilities.

    Ok, using Ubuntu and Gentoo might have something to do with it, too, but I'm fairly confident of my chicken patching technique.
  • by dpbsmith (263124) on Friday July 13, 2007 @10:31AM (#19848525) Homepage
    You know things are getting bad when even supposedly technical types start to use this kind of language. In a few years we can expect to see serious techie-to-techie channels postings saying things like "The CPU went kerblooie" and "The disk became discombobulated" and "Don't apply this patch if you're not a real computer genius..."

    • In our office ~10 yrs ago, we used to describe printers as "crapping out". Everyone knew what that meant.
  • This is what worked for me. After I installed the patch a few of our .NET 2.0 sites broke with a generic "object reference not set to an instance of an object" error, so I called microsoft tech support. After sending the requested log files I decided to uninstall and reinstall the patch. It worked! It's worth a try...
  • Looks like there's lots of experts from Microsoft on these boards everyday, posting 'mitigating factors' in response to even the slightest criticism.... okay, I've got a real important qn. for you:

    Let's say I've got a 100 PCs running XP... every month, on average I think there's about 20MB or so of patches downloaded and installed. That would mean 240MB per year, or 1GB over 4 years. Now suppose a system goes broke, or a new one has just come in. Is there a simple way to install XP ALONG WITH these patches,
    • you can set a WSUS sever
    • by sid0 (1062444)
      Why, yes! Of course there is! There are two ways to go about this:
      1. Install XP, then all the patches later, and manually.
      2. "Slipstream them" -- replace the files on the XP CD with the newer ones. nLite http://www.nliteos.com/ [nliteos.com] is pretty good for this stuff.

      If you want to download all the patches so that you can slipstream them or install them later, AutoPatcher http://www.autopatcher.com/ [autopatcher.com] is the way to go.

      If you have a Windows server somewhere, WSUS is a good option (though somewhat heavier).
    • You can create an install disk that "slipstreams" any service packs and hot fixes. Here's a couple of resources:

      Paul Thurotte's Windows SuperSite [winsupersite.com]

      Some dude's Blog Site [smithii.com] (I have never used his scripts and I make no promises that it will work).
    • I'm a UNIX guy, but I've heard of this, you know, in meetings and stuff when I'm trying to stay awake.

      Okay. I think what you need to do is get Seven of Nine to help you set up a Slipstream engine. Or Arturis, if he's around.

      Slipstream is actually a superior version of the old OS/2 Trans Warp drive.

      Anyhow. Get a Slipstream installer, and your Windows will load faster than light!
  • my kids have been having trouble the last few days with wireless connections dying and their mice stopping.

    my Debian Laptop is the only computer in the house that hasn't had trouble.
  • The patches were applied on 3 of the PCs I use and on 1 Virtual Machine (all running XP PRO) running a combination of .NET framework 1.0, 1.1, and 2.0. I noticed it took a while for .NET to be updated (especially on the VM) but that was it. I did not notice 100% CPU utilization even on my single core, non hyperthreaded office machine which I use for Visual Studio 2005 development. Overall, no problems with the patches here.
  • Since my work runs Microsoft's WSUS server, all the "critical" security patches have been configured to automatically get applied overnight on our XP workstations. (Yeah, I know... this *may* cause me some headaches if a patch breaks things, which it has in the past. But I also figure that in most cases, a patch for the patch is released pretty quickly when MS figures out they screwed one up ... so the issues have been temporary ones so far.)

    Anyway, we have a specialized program in use on a few PCs here
  • I don't install .NET in the first place, thus (hopefully) not requiring any patches to said .NET. My machine thus remains much, much faster. The instant you install .NET, your machine will be slower. The more .NET applications you install, your machine will be slower. That's my own experience, anyway, on multiple machines. So, yay me! :)
  • Please, don't say "PC" when you're referring to a Windows machine.
    PCs can run other systems too, you insensitive clod.
  • by Simulant (528590)

    "We don't know exactly what this breaks but it breaks things!" Are you serious?

    Now that you mention it, my Call of Duty 2 game went down the toilet around Tuesday. I game off a great weekend... kicking ass and taking names, but now, for the last 4 days I've been getting my ass kicked left and right.

    MICROSOFT'S PATCH STOLE MY SKILLZ!!!

    (though seriously, it does appear that while settings have stayed the same in the mouse control panels, my mouse sensitivity has changed. Coincidence? Or does Microsoft want

Debug is human, de-fix divine.

Working...