Friday, May 3, 2024
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

ComputerWorld Independent 

Microsoft repairs buggy Win7 security patch with buggy hotfix KB 4039884

admin ,

Credit to Author: Woody Leonhard| Date: Mon, 28 Aug 2017 05:57:00 -0700

Two weeks ago, I talked about a bug in Windows 7’s August Monthly patch rollup KB 4034664 that left many people who have two monitors reeling. After installing the security patch, the first monitor would work properly, but the second monitor could have all sorts of rendering problems.

Günter Born had a full writeup about the problem, and Christian Schwarz not only nailed the problem, but he wrote a “proof of concept” program demonstrating what was happening and when.

The bug also appears in KB 4034679, the manually installed security-only patch for August, and in KB 4034670, the Preview of September’s Monthly rollup. Bugs as a Service.

Microsoft came up with a manual workaround. First, you enable Desktop Composition (see TechSupp247’s video), then you make sure the main monitor is in the upper left (the “1” position) in monitor layout. That worked, in general, but older graphics cards don’t support Desktop Composition, and the manual procedure is a typical convoluted Windows procedure — not suitable for non-combatants.

Friday night, Microsoft released KB 4039884, a manual-install-only patch of a patch. Quoth the KB article:

This update addresses an issue where UI elements, including menu bars, are missing from Windows and Java applications running on computers with multiple monitors (multimon). The issue affects console and Remote Desktop logons when the main monitor is not in the top left area of the monitor layout in Control Panel. Applications may also stop responding or not work properly when moved between monitors.

You can download KB 4039884 from the Microsoft Update Catalog, but before you install it, you should know that it’s broken, too. AskWoody denizen @javacatpaul says:

I installed the said “fix” and then Windows Update came back and told me I had over 20 important updates and a few recommended ones that needed to be installed. Apparently some of the files that are installed are rather old versions (dating back to aug of 2016), just a few are actually newer than 20aug17 (according to autoruns). It does change many dll’s… I did a system restore to the point that this “fix” made for me and it’s back to the way it was. It might be wise to hold off on this “fix” for a bit until this all gets sorted out…

And @PKCano confirmed, with a screenshot showing a dozen exposed old patches. It appears our shiny new patch-of-a-patch has a problem with its supersedence chain, calling back to life many old, undead patches.

That leaves multimonitor Windows 7 users in a lurch, with two unappetizing options. Either go through the manual steps to enable Desktop Composition and flip-flop your monitors around — assuming your graphics card is up to the task. Or ignore an onslaught of ancient, unwanted updates, and wait for Microsoft to fix the supersedence chain — hopefully before September’s Monthly rollup arrives.

Cue the walking dead.

As usual, we’ll be following the latest on the AskWoody Lounge.

http://www.computerworld.com/category/security/index.rss