Microsoft: Windows patch is flawed

Microsoft has acknowledged that a security patch issued in January for its Windows 98 and Windows ME operating systems may cause performance issues for customers who have downloaded the update.

According to a notice posted Friday in the discussion group section of the company's TechNet site, Microsoft's KB891711 update, which was released to address a vulnerability related to cursor and icon format handling, fails to adequately protect users of Windows 98, Windows 98 SE and Windows ME. The patch was included as part of security bulletin MS05-002, one of the software giant's regular monthly updates.

In the short statement, a company representative stopped short of telling people to uninstall the update, noting that removal of the patch would still leave customers compromised.

"At this point, we have been able to confirm these reports and are currently working on a resolution," Jerry Bryant, of Microsoft's Security Response Center, said in posting. "Please note that by uninstalling the current update, the machine will return to a vulnerable state."

According to Bryant's post, Microsoft has yet to be notified by anyone who has experienced an attack related to the problem.

According to customer posts on the discussion site, the security issue is related to Microsoft's Internet Explorer and may cause computers to crash once the patch is installed.

[cecilw]

"Might Cause a Performance Issue"?

I only support two computers with Windows 98 these days. BOTH of them had major problems after this update was installed. One refused to reboot at all, the other BSOD'd every time IExplorer was opened. Did anyone at Microsoft even check this patch on a Win98 system before it was released?

[David Arbogast]

A better question

If you are "supporting" Windows 98 desktop machines, a better question might be... "Why didn't you test the patch before you applied it to a user's machine?"

[Prndll]

lol....

This is funny.

MS admiting that a fix to a problem created another problem. HA!

There is no such thing as a good Microsoft patch. Windows98se is still safer than XP. With or without this. As long as you stay away from MS updates....you'll be alright. MS is it's own worst enemy.

[aabcdefghij987654321]

98 safer than XP? -- You obviously don't know squat

There is NO way that Windows 95,98, 98SE or ME are safer than XP. The architecture of those older OSes is significantly less safe than the architecture of XP, in fact with those older OSes all the security they provide is simply a hollow facade providing no protection whatsoever.

Flawed Microsoft product? ... Say it isn't so.

The fact that Microsoft has released a flawed patch for their Windows 98 version should come as no suprise. They released a similar flawed patch in their security updates for Windows 2000. [microsoft hotfix update KB35732]. This supposed security update caused CPU usage to spike at 100% continuously as it tried to run drivers which were not present on the user's computer. The end result was that the system would eventually freeze-up and put the user our of work without any compensation.

The response from Microsoft on the Windows 2000 issue has been predictable. Try finding the patch for the patch on their site. It is there but you might want to put your Indiana Jones hat on first and pack a lunch.

It is to the point now where I have disabled Windows Updates on my computers and no longer use Internet Explorer for anything. I use the much more stable browser OPERA and I know of quite a few people who no longer use IE but have switched over to FireFox.

If Microsoft is going to issue patches for their patches for their patches for their flawed OS then atleast have the courtesy of testing them thouroughly before releasing them on the unsuspecting public. At least with viruses we get a warning and a solution. With Microsoft they just install their errors on their behalf on 'my' computer, cross their fingers, and let me and others clean up their mess.

This is why I don't download updates often.

I rely on my firewall and virus scanner to protect me, and those I keep updated and current. I've heard too many stories of MS patches causing performance issues.

Frankly, I've never had a security issue, so this method, combined with the occasional scan for spyware, seems to be working fine. After all, I'd rather not take the risk of downloading a MS patch as devastating as any virus. :)

[Bill Dautrive]

Yup

Saying flawed MS product or patch is like saying water is wet.

Microsoft messed up?

so i downloaded the kb891711 patch to supposedly update and protect my computer? it has now crashed, and completel useless to me. does anyonw know what i can do to make microsoft responsible for this? or how i could fix it, without loosing all my songs and pictures etc on my computer?

[Bill Dautrive]

Install it

Luckily, Microsoft did something semi-decent and they list 'hotfixes', in the install/unistall panel. Uninstall it and see if that fixes it.

As for getting MS to take responsibilty? Dream on. It is usually hard enough to get them to admit to flaws when they are found, much less fix them properly.

Your best bet is to either switch to a Mac, or install linux on your machine and just boot into windows if you ever need to. Linux takes a bit to learn, but it isn't that hard and is worth the effort.

[Prndll]

That question is asked alot

If you setup you partitions correctly at the beginning, you can put Windows on C drive and keep everything else on drive D. Doing this will allow you to format C drive and never lose anything. You have to install Windows (only) to C. Music, pictures, and all other files on D drive.

I do realize that this kind of setup might be a bit daunting to someone that had just bought an XP machine. But, this is one of the benefits to building you computer rather than buying one.

There are ways of dealing with things. Some ways are better than others, but I have found that it is better to just isolate windows from everything else.