Latest MS Update Causing Major Headaches

Broadband Reports is running a story regarding the latest MS update to fix problems with animated cursors.

"Users in our Security forum note that the latest critical Microsoft Windows update (KB925902) is causing all kinds of problems. Most notably, it prevents some users from loading anti-virus software, but others say the update prevented them from booting entirely. "So far, we have errors with AVG, Realtec, F-Secure, a false positive of a Trojan, a messed up Vaio, USB problems and Accessories and Utilities all vanishing into thin air," says one security forum regular."

I have personally installed this on two Vista machines and one of them failed to boot after the patch was installed. Unfortuntely patches that are often pushed out too quickly to fix critical flaws cause adverse issues on certain configurations as we have witnessed in the past. Watch out for Microsoft rectifying this with an update to the patch. Until then do not install the update if it's causing issues to your machine and report these directly to Microsoft support.

View: Broadband Help

Report a problem with article
Previous Story

SQL Stripes 2.00 Build 170

Next Story

Apple Launches 8 Core Mac Pro

83 Comments

Commenting is disabled on this article.

using the Realtek sound drivers, i had major headaches with this, as did my dad.. my computer wouldnt boot. would get to the XP loading screen, sit for a few seconds, and then restart back to post. safe mode wouldn't load... the windows CD wouldn't even recognize the partition file format... had to re-partition my drive and install XP. what i REALLY want to know... is why did Microsoft continue to distribute this patch to its customers knowing it was doing this to PCs? i mean, this patch was to cover their asses with that custom curser exploit, yet ive heard of more computers effected by the fix than by the problem.

i had the Realtek problem
an error popped up on every boot saying something about rundll being relocated or something like that by some ocx

i updated the Realtek sound drivers for my GIGABYTE board and everything came back to normal...

I personally don't get how a GDI fix has anything to do with your USB drivers, I think that your Windows install is fckd since I've installed this fix on about 20 machines without any problems so far. Or anyways, if it does, I'm really curious to know how exactly that's working...???

Until then do not install the update if it's causing issues to your machine and report these directly to Microsoft support.

This doesn't make any damn sense. How can you know if it's causing issues if you don't install it? Take an English class.

i installed the patch, and when it rebooted, my mouse didn't work. Tried a different mouse on all the USB ports, couldn't find my regular old ps/2 plug mouse...

but i booted up, went to hardware manager, and the usb ports were gone! I had to re-install the USB port drivers, and then the mouse worked again... i hate using the keyboard to get around windows! ugh!

not sure if it had to do with the patch, but it happened right after it was installed and rebooted... works fine now tho...

Here's one thing I just found :
"Engineering a patch is a long, complex process," director of the Microsoft Security Response Center (MSRC), Mark Miller, said. "We look at surrounding areas of code for similar vulnerabilities and, from our internal investigation, address as many as we can find."

http://www.microsoft.com/athome/security/u..._jpeg_tool.mspx

Yet according to what I'm seeing, the GDI should have been thoroughly evaluated almost 3 years ago. I know I could be dead wrong here, but the GDI dosen't seem like a lot of code, relatively speaking, based on the compiled size of its components...

http://www.microsoft.com/technet/security/...n/MS06-001.mspx

Then again, the same WMF issue (appears the same to me anyways) earlier this year, also apparently GDI related... so it sounds like they spent 100 days picking their noses, to be honest, because apparently the GDI has been full of this and similar fsckups for years!!!

That should be enough to shake anyone's confidence in Microsoft's code auditing process.

http://www.arnnet.com.au/index.php/id;922353983;fp;16;fpid;1
(These quotes are taken from an ARNnet article) :

If, as Miller said, Microsoft used at least some time of the patch development process looking for similar vulnerabilities in the affected code, why wasn't the 2007 animated cursor flaw found in 2005? "We're doing an analysis of why we didn't find it then," Miller said.

I ended up with my IDE controller not working (optical drives), as well as several other items that I can't remember off hand. I'll avoid reloading that update in the future.

I think I have iPod issues. I was surfing the web yesterday and started hearing the USB disconnect / reconnect sounds.

I had issues on my main pc (LOOOOOOONG bootup, etc)

Strangely enough, my laptop WITH Realtek HDA - no issues at all.

Both pc's XP Pro SP2.

How strange is that! I'll run the hotfix through both though.

All seemed ok last night turned off PC and today when starting it hung at the XP window, had to press the reset button and it came right. Never had that before, maybe coincidence?

Well, my USB is totally f**ked, exactly after installing the patch, and rebooted. Flash card readers won't even work. Strange thing is that my IPOD Video can still connect to my XP without any problem. Ain't that strange?

Jesus christ on a bike! I approved this on wsus yesterday (3am install!) i hope this hasnt killed my 400+ machines I would only have 4 days (dam you bank holiday weekend!) to re-image "the network" for the school

I installed the update on Vista and so far did not notice any problems.BTW im using AVG Internet Security and no problems with it either.Maybe some combinations of hardware and installed software are causing problems on the affected systems.

Everything seemed OK at first. Then I launched the TV program for my Compro VideoMate Gold+, and bam...black screen, no picture. Switching channels didn't show the channel, either. Thank gawd for system restore...it's working fine again with Monday's restore point. And no, I hadn't made any changes to my system in the last two days...in fact, I just did a clean install two weeks ago, no time to screw it up myself yet...

edit: I turned off automatic install of automatic updates...just for the time being. I'm behind a hardware firewall. Darn glad I turned off automatic updates for my MCE machine months ago, or I'd possibly be screwed...

I got some DEP alerts after rebooting after I installed the patch but that's it and all seems normal so far. =/

On a Gateway Laptop, it stopped the LG-DVD Burner from loading drivers correctly, AVG is fully updated but still shows the "out of update" black icon in the systray and the Security Center does NOT reports it as out of date.

Oh yeah I definitely thought it all had to do with this update... I installed yesterday and I had to do a System Restore on the Gateway notebook...

No problems here.

Sounds to me like it's another case of crappy 3rd party software tying in too deeply to system files.

It might've been this patch that fubar'd my registry (stop C0000218 error on boot). Oh well, time to load that backup I made the other day...

After installing on my WXP/SP2 machine, I had a death on restart. The system recovered admirably though - no slowness, no instability, just old hardware.

Auto check for updates on, but Auto-Update OFF... its the only way to fly. This little sucker is just sitting there completely at my mercy...die! MUWAHAHAHA! Actually I did install it anyway and have no ill effects. :nuts:

I just happened to have a freshly reinstalled and fully updated XP SP2 on a 6 month old laptop when I let this update happen yesterday. Nothing unusual at all in the configuration, clean registry, etc. The reboot after the update brought up an attempted DLL file relocation error involving an .ocx file. After clicking that away, the computer worked, but the tray icon for the Realtek High Definition Audio didn't appear, and the icon for the Sound Manager in the Control Panel didn't work. A few more deliberate reboots didn't clear the problem, but eventually, I found a later driver on Realtek's site (also on Softpedia). That seemed to clear the problem.

Since yesterday and continuing today, my mouse pointer isn't working properly. For some reason, it's "dropping" anything I'm attempting to drag, like an icon to the Recycle Bin, or the edge of a window. It's also sporadically opening programs instead of dragging the icon. I don't know if this is related to that particular update though - but it was fine until then. It's a USB cordless mouse, and I understand some people have reported USB being broken after the update. Interestingly, the pointer works fine when operated via the Synaptics touch pad instead of the USB mouse.

One reason I have automatic updates turned OFF. I'll decide when to install an update, NOT MS or anyone else.
I usually wait a month to install any "critical" MS updates anyway, just because sometimes the hotfixes break
more than they fix.
I've been burned too many times working on equipment with firmware updates that hose more than they fix.

I guess you can weigh the statistical probability of the patch causing you problems versus your machine being totally pwned by an exploit... I'll take my chances with the patches since 95% of the time when they fail or cause problems it's because the target system is screwed up somehow, and generally forces you (the admin) to fix your machine.

lol and this is part of the reason why Microsoft took so long to release the patch. as the article yesterday stated they were made aware of this problem in December but were just now releasing a patch...and people complained. now they release the patch, broken in some cases yes, and people still complain. now just imagine what would have happened if they had a knee-jerk reaction and released the patch in january when they first knew about it. they probably should have tested this patch a bit longer before releasing it, but in their defense you can't ever really release something that isn't going to cause problems for some people.

Normally, I'd agree. But the issue that caused this problem is something that Microsoft have a system to prevent - two DLLs/OCXs sharing the same base address in memory. Normally they can just be "relocated" if their base address is taken up, but user32.dll can't be relocated. So, if hhctrl.ocx is loaded first, it occupies user32's base address space and everything b0rks when whatever program tries to load user32.
MS, despite taking ages over it, still seem to have rushed this patch out the door and not done proper checks to make sure it wouldn't break anything... Disappointing.

Repair from the boot dvd doesn't work, anyone found any possible solution to this mess yet?

MS has to be sitting out there just ****ting themselves silly over this. If they aren't, they'd better skip starting to poop themselves and go straight getting a fix in line.

Foub said,
Try using a restore point instead.

Did, it worked, lost a number of changes I made in the last few days... not cool to dump this burden on the end user for a half baked fix. But it sure as hell beats have to reinstall.

My Windows Desktop Search has stopped indexing after installing the patch (via Windows Update).
The funny thing is that I never had any problem with my unpatched system, didnt get hacked, or didnt get ant security issue and BAM, after installing the patch to protect my PC, WDS got messed up.

Sounds like it's a combination... It's MS's fault things are going wrong, but the things going wrong must have some, ah, interesting code (loading an HTML Help Control before a quite low-level system DLL :worried: )

Interesting...I installed it last night on my XP pro sp2 machine and my Vista machine and they both are running fine. The XP machine is running AVG and that seems to be fine too

I just read this today on another site, but the patch itself doesn't just fix the animated curser bug. It seems it fixes 6 or 7 things in total. This could be why some are having problems while others don't have any problems.

XPSP2 is running just fine here with good ol' NOD32

(I "updated" to XPSP2 from Vista - the reported problems caused by this update are minimal compared to the series of failures caused by Vista!)

Did anyone notice this line in the article:

Until then do not install the update if it's causing issues to your machine...

How do you know it's "causing issues to your machine" if you haven't installed it yet?

Patched 74 machines via WSUS, no issues here... All workstations running Symantec AV 10.1, and Trend Micro Enterprise for Spyware.

good thing I don't ever care enough to update regularly, because I KNOW I'd be having the non-booting issue (the worst always seems to happen to me)

I encountered the Realtek issue but didn't see the MS Hotfix last night, I ended up going to the Realtek site and getting the latest High Def driver and that worked like a charm.

guruparan said,
My Vista runs fine after installing that patch... :confused:

Clearly, the people reporting problems are complete idiots.

CaKeY said,
Clearly, the people reporting problems are complete idiots.

If you're only referring to the Vista problems, perhaps you're right and feel free to ignore the rest of this post - I have no idea whether this is supposed to screw with Vista or not. But the XP problems are not being posted by "idiots", there was a very logical explanation of what was messing up (in a comment on Slashdot I think), which I've summarised in a comment earlier on.

i've installed on serveral, and no problems. however, on a friend of mine with vista, his pc no longer boots. happy to see not alone with this issue

i'm not able to see the pc in person right now. it doesnt even load windows, and the bios cannot see the hard drive right now, lol. doesnt sound like a windows patch could cause that to happen, but its the last thing they did before rebooting.
i need to go see it in person..

I got kicked out of my domain at work 3 times but not sure that was it, but happened right after the patch was installed...

One of my PCs auto installed the patch this morning and is no longer able to get onto the domain either. Uninstalled the update, installed new NIC drivers, ran Sp2 but still nothing, no network. Gets DHCP but no DNS,, thanks MS.

creamhackered said,
Goody for you. Clearly you have a different configuration to the ones that are having issues.

I wasn't trying to downplay their issues. However, I wanted to mention that it IS working for some people... Not quite the 1/2 of systems patched go bad that the article shows.

Quote - Article stated
I have personally installed this on two Vista machines and one of them failed to boot after the patch was installed.

Also, do you know if http://support.microsoft.com/kb/935448/ (XP only) fixes the issue?

Poof said,
Go figure... I installed it on 3 Vista systems without any issues...
I worked fine for one day, then my system just went down. Odd, it took one day for this turd to wreck havoc with my Vista install.

I've noticed a problem with Peer Guardian 2 ever since I loaded this "fix". Has anyone else had problems with PG2?

spacer said,
I've noticed a problem with Peer Guardian 2 ever since I loaded this "fix". Has anyone else had problems with PG2?

PeerGuardian2... LOL.

You know, PG2 is useless, right? Because once your IP has been found by RIAA, whoever, they ALREADY have your IP. Why would they have it unless you were on a tracker downloading illegal stuff? lol

entropyx said,
PeerGuardian2... LOL.

You know, PG2 is useless, right? Because once your IP has been found by RIAA, whoever, they ALREADY have your IP. Why would they have it unless you were on a tracker downloading illegal stuff? lol


You do know what peerguardian is actually for, right? It's not supposed to stop people discovering your IP. Any monkey can get your IP if they wanted to, peerguardian is not supposed to stop that.

What the RIAA and MPAA do these days is to actually download the torrents of illegally shared files and see who their torrent client connects to, to send a receive data. Once your client makes a connection to theirs, they know your IP and they know you are downloading/sharing an illegal file. Now when peerguardian is loaded, it prevents your PC from making a connection to any IP on peerguardian's list of anti-p2p organisations. If your PC cannot connect to the RIAA and MPAA sniffers, then your IP wont appear in their torrent client as someone who is downloading/sharing that torrent.

entropyx said,

PeerGuardian2... LOL.

You know, PG2 is useless, right? Because once your IP has been found by RIAA, whoever, they ALREADY have your IP. Why would they have it unless you were on a tracker downloading illegal stuff? lol

You just proved you have no idea what you're talking about and not everyone who uses it is on the internet downloading illegal stuff.

You should know what you're talking about the next time you feel the need to make a post.

TCLN Ryster said,

You do know what peerguardian is actually for, right? It's not supposed to stop people discovering your IP. Any monkey can get your IP if they wanted to, peerguardian is not supposed to stop that.

What the RIAA and MPAA do these days is to actually download the torrents of illegally shared files and see who their torrent client connects to, to send a receive data. Once your client makes a connection to theirs, they know your IP and they know you are downloading/sharing an illegal file. Now when peerguardian is loaded, it prevents your PC from making a connection to any IP on peerguardian's list of anti-p2p organisations. If your PC cannot connect to the RIAA and MPAA sniffers, then your IP wont appear in their torrent client as someone who is downloading/sharing that torrent.

Like the RIAA/MPAA are stupid enough to use the same network to grab peers' IP addresses. God know how many private contractors they employ who use day to day broadband connections which PG cant do $h1t about. Usenet FTW!

My laptop does take about twice as long to boot after intalling the patch yesterday. No problem with antivirus though.

Already affected by this today - there's a thread on Slashdot about it here which links to a hotfix here which fixed it for me.

It stopped Tugzip and the Realtek drivers from working for me, but all sorted now.

leesmithg said,

I have to say I have noticed nothing out of the usual.

installed fine, but upon the first reboot it caused BSOD, it been fine after the first BSOD, keeps booting fine now.

No problems here.

If you have problems with some applications (such as RealTek) is because they're poorly written!!! It's not a Microsoft fault!
If you have a false positive of a Trojan with F-Secure, then F-Secure is a bad antivirus because it uses wrong signatures!!! It's not a Microsoft fault!
I have AVG Antivirus 7.5.x and everything works fine, no errors.

@franzon: It is MSFT's fault. Their patch caused a help control ( hhctrl.ocx ) to have the same "base address" as user32.dll (a rather important system DLL). If whatever program tries to load hhctrl before user32, it'll crash. This is what the hotfix from MSFT fixes, and is where they, not Realtek or anyone else, screwed up.

My friend had this problem and it was more than just his Realtek sound stuff that was spazzing out...