Microsoft pulls KB4524244 due to BSOD, OS freezes, boot loops, and installation issues

[Master Disaster]

On 2/16/2020 at 11:59 PM, Sir0Tek said:

They should just open up their OS and allow cutting-edge users to use the OS freely with reports before they release hardened updates to those who use it on a paid licence. 

They literally do this, it's open to everyone. It's called the Windows Insider program.

[GoodBytes]

Microsoft and Kaspersky (bellow is a collection of the two sources, is what I meant) reveals the issue with the update.

The update is a security bug fix which was created for those running Kaspersky Rescue Disk which is a program which replaces Windows boot manager with its own boot manager to offer its service. However, ironically, Kaspersky Rescue Disk featured a critical security vulnerability, breaking Secure Boot by opening the doors for attack. In short, the whole point of Secure Boot is to prevent a virus to change the boot system so that it boot it self first, gaining the CPU supervisor mode (ie: administrator level in the CPU), gaining full access of the system, and as a result be completely undetectable, as it filters itself out from the OS eyes, which it boots after itself under user mode. In other words, the OS becomes a puppet. In addition to this, Microsoft revoked the Secure Boot UEFI authentication key of the old version of Rescue Disk, so that a doctored released isn't made and deploy.

 

Kaspersky did fix this vulnerability, however Microsoft wanted to provide added security measures for those who uses older version of Kaspersky Rescue Disk that is installed and not yet updated. The problem, is that it also broke other boot managers that replaces the Windows one (it doesn't seem to affect Linux, looks it was tested). It affected mostly HP system which has "HP’s Sure Start" installed and running Ryzen CPU (HP’s Sure Start is a security feature and system remote managerial system by HP, installed on select business systems, assuming it was not formatted. It feature firmware attack protection system (which runs independently from the OS), but also has a software side which replaces Windows boot manager for other tasks).

 

So there you go:

 - Kaspesky were careless and didn't do security check of its own critical system.

 - Microsoft didn't test their fix on that specific HP business line systems powered by Ryzen CPU (I believe it is their APU model as this is what HP sales in their "budget" (1300$ US) business laptops, the rest are all Intel based from what I can see, at least currently) and with not only with HP’s Sure Start but also its software counterpart installed.

 

Sources:

https://support.microsoft.com/en-us/help/4524244/security-update-for-windows-10-february-11-2020

https://usa.kaspersky.com/blog/microsoft-kb4524244-issues-faq/20319/

 

[Curious Pineapple]

I have yet to have a serious issue with 10, or any issues really. It just works, and works rather well too.

[TechyBen]

7 hours ago, Curious Pineapple said:

I have yet to have a serious issue with 10, or any issues really. It just works, and works rather well too.

So?

[Edit]

By that I mean... and that means what? What information or comment is that stating?

[Curious Pineapple]

1 hour ago, TechyBen said:

So?

[Edit]

By that I mean... and that means what? What information or comment is that stating?

It means as much as anyone stating that an update broke their machine

[TechyBen]

41 minutes ago, Curious Pineapple said:

It means as much as anyone stating that an update broke their machine

Does it though?

It did not rain for me today. So does that mean, it's as helpful as those who got flooded out around here, if I tell them "It did not rain on me, I've had zero problems with flooding!"?

 

So is it really helpful, to tell us some specific installs of Windows 10, and some use cases, won't have problems? Like we don't know?

 

[mr moose]

56 minutes ago, TechyBen said:

Does it though?

 

 

Yes,  without actual statistics on the number of machines that suffer some sort of  update figure, there is no way to know how bad updates really are.  For all we know windows might have less update failures than mac or Linux Due to the size of the windows user base, they only need to have 3% failure rate to have the same number of issues as mac with 21% failure rate.   So every time someone reports a failure it is basically an unknown how many people are effected, all we know is some people are. 

 

In short, yes, when someone says they don't have problems like a few of us on these forums have been saying, what it means is windows isn't 100% bad.  We don't know what the failure rate is, but trying to claim it is higher than any other OS is naive at best and an intentional lie at worst.

 

 

EDIT: Just to add, it would be impossible to try and even work out a fair comparison of failures on Linux simply due to the huge variance in distro's, usage and the degree of skill for the end user (The number of people experimenting with Linux isn't necessarily a small number).

[jagdtigger]

If a faulty update ends up on a news site it definitely affected more than a few users. Plus there is one of them basically every month...

[Curious Pineapple]

I'll just add that I have never had Windows unrecoverably die after an update/upgrade. Repairing the utter clusterfuck of an "upgrade" to Yosemite required a new drive as I couldn't be arsed with the time to repair it. Also had Linux drop to a shell a few times after an upgrade too and the only option would have been to manually remove the entire x11 server and re-install it. I think that was Mandrake many years ago though.

 

18 minutes ago, jagdtigger said:

If a faulty update ends up on a news site it definitely affected more than a few users. Plus there is one of them basically every month...

Just as an example, would you blame Microsoft if every Dell laptop over 7 years old that received an update suddenly broke?

[Donut417]

1 minute ago, Curious Pineapple said:

ust as an example, would you blame Microsoft if every Dell laptop over 7 years old that received an update suddenly broke?

Yes because they forced Windows 10 on to that laptop. There were reports of people having Windows 10 install without concent. It was such an issue MS got sued if I remember correctly. If MS claims WIndows 10 works on those machines then they should ensure they support them. If they dont work then you need to notify users to that fact. They dont any of those things. Also the fact is PC's last at least a decade if not longer for most people. MS knows this to be a fact. My mom only upgraded to a new machine a year ago because the old one had a hardware failure. 

[leadeater]

56 minutes ago, jagdtigger said:

If a faulty update ends up on a news site it definitely affected more than a few users. Plus there is one of them basically every month...

And if a not faulty one appears? No body complains about not having an issue, people complaining about having an issue is exponentially higher and websites reporting on people having a bitch isn't actually an indicator of much. I mean people just loving doing it for Windows 10 and media entities just love reporting on it, no matter the cause i.e. the impossibility of testing all 3rd party software or ones that refuse to follow standards or industry practices.

 

Agenda bias, it's a thing, even if it's not malicious towards the product. Wouldn't even be talking about this if it weren't for Kaspesky. And the last big issue I had to deal with was due to Symantec (plus others, we just have SEPM), still reported as a Windows issue.

 

How many Windows issues that get reported are actually Windows issues?

 

My instances of problems on Linux is non zero as as it is with Windows, however my instances of issues with Mac OS is so much higher than both I do actually consider that worse but I'll apply context to that, only when joined on to a domain.

 

When someone or some thing has a bad reputation someone will report on an issue regardless of how minor or limited in scope, and it'll often be framed as negatively possible towards that entity. Reporters and writers live and die on people viewing their work, sure bet I'd also write an article on this if it were my job too.

[ARikozuM]

37 minutes ago, Curious Pineapple said:

Just as an example, would you blame Microsoft if every Dell laptop over 7 years old that received an update suddenly broke?

Yes. So much yes. It was in working order when you bought it, but the OS update is what broke the system. Dell should help out their users, yes, but the cost should be paid for by Microsoft with full file recovery. 

[mr moose]

This very issue highlights what I have been saying about the causes of windows updates being problematic.  Everyone loves to blame MS but it seems most of the time it is a dodgy 3rd party product to blame and not the end result of amateur hour in the MS basement.

[jagdtigger]

4 hours ago, leadeater said:

And if a not faulty one appears? No body complains about not having an issue, people complaining about having an issue is exponentially higher and websites reporting on people having a bitch isn't actually an indicator of much.

When you have it happen on a monthly basis and after the patch day its a pretty huge red flag IMO....

 

4 hours ago, leadeater said:

i.e. the impossibility of testing all 3rd party software or ones that refuse to follow standards or industry practices.

They would be able to cover a huge part of it if they werent dumb enough to fire the entire testing department......

Edited February 23, 2020 by jagdtigger

[ARikozuM]

1 hour ago, mr moose said:

This very issue highlights what I have been saying about the causes of windows updates being problematic.  Everyone loves to blame MS but it seems most of the time it is a dodgy 3rd party product to blame and not the end result of amateur hour in the MS basement.

They had an internal testing team of a rather large size... Today it is nothing more than a skeleton crew. You bet it's every bit their fault when it's their product that is the backbone for everything. Installing a 2nd instance of a driver isn't likely to cause your system to get into boot loops. 

[mr moose]

25 minutes ago, ARikozuM said:

They had an internal testing team of a rather large size... Today it is nothing more than a skeleton crew. You bet it's every bit their fault when it's their product that is the backbone for everything. Installing a 2nd instance of a driver isn't likely to cause your system to get into boot loops. 

How big is there testing crew?  how big was it before, how many testers did they lay off.  I hear people make claims about this all the time, even some big news and magazine articles making those claims, they love the whole "MS admits Regular windows 10 users are now testers" when that's not what they said at all. Unfortunately this is just one of those internet tropes spurred on because media love a headline. The shit MS should cop shit is for making the "check for updates" button send you beta updates.  

 

As for the depleted QA,  The windows insider program does not test security updates, the security updates have always remained internal to MS and anyone external working on them must sign an NDA as they are usually to fix exploits that have not been made public.

 

https://blogs.windows.com/windowsexperience/2018/12/10/windows-monthly-security-and-quality-updates-overview/

 

 

EDIIT: it's also worth noting that of the 18,000 they laid off, 13,000 where from the Nokia group and had nothing to do with software,  however many they laid off from software testing was to reduce the number of testers from 2 for every developer to 1 for every developer.  Given we don't know what the failure rates have been before during or after,  it makes it rather difficult to claim this has had an impact for better or worse.

 

 

 

[leadeater]

1 hour ago, jagdtigger said:

When you have it happen on a monthly basis and after the patch day its a pretty huge red flag IMO....

But it doesn't actually happen on a monthly basis, hell this isn't even a Windows issue it's a Kaspesky problem that only happens with a specific hardware configuration. If every single problem got reported in media it would fell almost like everything has a problem on a monthly basis, frankly many things do.

 

AV and security products are the worst, the worst of the worst, serial offenders. They throw all guidance and documented processes out the window to do what ever they want in the name of security then almost always refuse to take the blame when it's their fault to begin with.

 

I guess it's better than Microsoft, or any OS, outright blocking them and removing support because of it though.

 

1 hour ago, jagdtigger said:

They would be able to cover a huge part of it if they werent dumb enough to fire the entire testing department......

No they wouldn't, in particular this case being a good example of the impossible being asked for. 

 

And the holy grail people love to push in regards to Windows, Windows 7 has had many many problems throughout it's life. The difference is it didn't come out the gate with the worst reputation possible. Even today Windows 7/Windows Server 2008 R2 likes to utterly break itself and render it unable to install Windows updates and I have to repair it manually. That's been an ongoing problem since forever never getting fixed until Server 2016 which I don't think I've ever had to repair Windows Updates once.

 

1 hour ago, ARikozuM said:

They had an internal testing team of a rather large size... Today it is nothing more than a skeleton crew. You bet it's every bit their fault when it's their product that is the backbone for everything. Installing a 2nd instance of a driver isn't likely to cause your system to get into boot loops. 

If you choose to install software that is known to violate every standard out there and OS manufacturer advice then its your or the 3rd party's fault. I don't expect everyone to actually know how bad AV companies are, but on this forum it's been pointed out more than once. Garbage in garbage out, what do we expect?

 

And one of the big reasons the MS testing team was reduced in size was to move towards what is now a largely adopted practice, DevOps. The development team was reassigned the task of testing and QA, it didn't go away it just moved responsibility lines.

 

Now my personal opinion of DevOps is it's just another IT industry buzz word that means almost nothing in itself and the problem with Devs doing Ops is that they have no real proper working experience on the ops side of the industry. This also applies to testing, testers act more like real users than devs do.

 

So if people actually think testing went away or was reduced then that is in fact not quite correct, there's more developers at MS than ever and they do testing, it's just not what I think is the best model compared to the 'old' way. We have the same problem at work, devs doing testing and ops and do a bad job at it and it's not even their fault.

[jagdtigger]

42 minutes ago, leadeater said:

But it doesn't actually happen on a monthly basis,

I exaggerated a bit but its way too frequent. And yes 7 had its issues but i literally dont remember it was as bad as 10. Hell i even used 7 RTM on my PC that originally came with XP back when 7 was in the works and had less issues with it than with 10 when came out. Just shows you how important internal testing is.

[leadeater]

16 minutes ago, jagdtigger said:

I exaggerated a bit but its way too frequent. And yes 7 had its issues but i literally dont remember it was as bad as 10. Hell i even used 7 RTM on my PC that originally came with XP back when 7 was in the works and had less issues with it than with 10 when came out. Just shows you how important internal testing is.

True it's not as bad as Windows 10, while not fully undeserving of it's bad reputation in regards to Windows Updates it's not so bad I would instinctively second guess installing updates like I ended up doing with Mac OS. Fear of pain is a pretty strong motivator.

 

Thing is I do also believe the change in build releases and no service packs has actually caused more problems as well as the faster/more aggressive roll out of updates, problem is I can't go back in time and compare Windows 7 with the same aggressiveness but I would be willing to bet reported issues would be higher under similar situation.

 

Certain practices just aren't possible anymore, service packs used to be delayed for months to ensure stability was proven and you'd still be getting security updates and feature/quality updates without the service packs (at least short term anyway). Windows 10 doesn't allow that anymore, you can delay build updates and get security updates but that's it nothing else and I really hate that I can no longer be selective about which updates to install. I like the newer roll-up method of update delivery but the flaw with that which hasn't been addressed and likely never will is the ability to block any contained update known or suspected to be a problem so you can get the rest.

[jagdtigger]

22 minutes ago, leadeater said:

not fully undeserving of it's bad reputation in regards to Windows Updates it's not so bad I would instinctively second guess installing updates

After two updates that actually wiped files/partitions i would think it through pretty thoroughly if the issues are actually that bad that  i most install them... (If i were still using windows for my daily stuff, luckily i jumped off from that sinking ship.) Funny how they wanted to get rid of outdated systems then give ppl more reason to actually kill WU totally.

 

22 minutes ago, leadeater said:

Windows 10 doesn't allow that anymore, you can delay build updates and get security updates but that's it nothing else and I really hate that I can no longer be selective about which updates to install. I like the newer roll-up method of update delivery but the flaw with that which hasn't been addressed and likely never will is the ability to block and contained update known or suspected to be a problem so you can get the rest.

They do it because this way they can make sure anything they see fit will be installed no matter what the user wants. And that dabbler "download a full installer just to update to the next release" "solution" isnt reassuring either.

[Curious Pineapple]

10 hours ago, Donut417 said:

Yes because they forced Windows 10 on to that laptop. There were reports of people having Windows 10 install without concent. It was such an issue MS got sued if I remember correctly. If MS claims WIndows 10 works on those machines then they should ensure they support them. If they dont work then you need to notify users to that fact. They dont any of those things. Also the fact is PC's last at least a decade if not longer for most people. MS knows this to be a fact. My mom only upgraded to a new machine a year ago because the old one had a hardware failure. 

 

9 hours ago, ARikozuM said:

Yes. So much yes. It was in working order when you bought it, but the OS update is what broke the system. Dell should help out their users, yes, but the cost should be paid for by Microsoft with full file recovery. 

Bovine excrament. Maybe that Laptop came with Windows 7, maybe it had Dell crapware bundled that was never installed or tested on Windows 10 machines, maybe that caused a problem that Microsoft would have never needed to test for. Of course, in your Windows hating mind it must be Microsoft and in no way the infinite combinations of systems the software may be asked to run on, with infinite combinations of software installed on top of that. Can you do better?

[Donut417]

16 minutes ago, Curious Pineapple said:

Dell crapware bundled

Any smart user would have downloaded the media creation tool and reinstalled windows. I never leave the crapware installed. Plus Windows has tons of issues on custom build machines as well. Hell I had better support with Windows 98 than Windows 10. That’s saying something. Considering I’ve had issues survive after multiple reinstalls on multiple machines that enough for me to consider Windows 10 the issue and Microsoft a bunch of lazy bastards. 

[ARikozuM]

4 hours ago, Curious Pineapple said:

 

Bovine excrament. Maybe that Laptop came with Windows 7, maybe it had Dell crapware bundled that was never installed or tested on Windows 10 machines, maybe that caused a problem that Microsoft would have never needed to test for.

You're adding "ifs". If it had Windows 7, it should not be supported with Windows 10 and the onus is STILL on Microsoft for being the sole gatekeeper and still allowing it. Sorry that I think one of the biggest companies to exist can and should be better. 

4 hours ago, Curious Pineapple said:

Of course, in your Windows hating mind it must be Microsoft and in no way the infinite combinations of systems the software may be asked to run on, with infinite combinations of software installed on top of that. Can you do better?

Yes. Run the free version and tell Microsoft to f#ck off with their updates. 

[Sauron]

On 2/17/2020 at 12:02 AM, dizmo said:

It's pretty impossible for them to test their updates with every single hardware configuration.

Honestly, I'm more surprised that they don't have more issues than they do.

On one hand sure, it's impossible to test for all possible cases - however there are things that are universally shared on all (or almost all) systems, such as UEFI standards. Ideally when making broad security patches you should only rely on things that you know will be present and functional across the board - and make sure that the patch only affects the system when it needs to.

 

It's hard not to notice that this doesn't seem to happen nearly as often on other systems. Sure, we could blame it on how widespread Windows is compared to its competitors... but this is commonplace hardware so it's a pretty bad excuse. I think the issue is more tied to how Windows handles updates in general - rather than granular updates to isolated components they are these big black boxes that change a bunch of stuff simultaneously without any agency on the user's part and without any chance of proper troubleshooting.

[Curious Pineapple]

14 minutes ago, ARikozuM said:

You're adding "ifs". If it had Windows 7, it should not be supported with Windows 10 and the onus is STILL on Microsoft for being the sole gatekeeper and still allowing it. Sorry that I think one of the biggest companies to exist can and should be better. 

Yes. Run the free version and tell Microsoft to f#ck off with their updates. 

So you want a world of Apple users who ditch their hardware when a new OS comes out? Should I scrap my machine as it has a Vista sticker on it?

 

Free version of what?