"URGENT" Windows critical updates 14/10/14

[jaydor 345]

Folks, in this update, 14/10/2014  there are Critical and Important updates, around 15 of them for all Windows platforms. But...there is one update KB2949927 that has a critical error attached to it, and will BORK your Windows installation, whereby you will not be able to restart and successfully load Windows.



What this security update does, is security-update: BitLocker on your system. The trouble is...that if you are NOT running Bitlocker (that is..you are not running an encrypted file system), then this update will not only not install (failed installation notification) but will fail to install all the other 13 KB security updates. You will then be instructed to finish the update by rebooting your system, and then you will get the Windows could not restart..and the go to the automatic repair routine.



So...you can download and install EVERYTHING in this release of updates..BUT un-click the install box on the above update file and then right click on the file name to Hide Update. You can always bring it back with un-hide updates after Microsoft fixes the fact that this file does not check to see if you are running an encrypted (BitLocker) files system or not.



If you have already tired to run this series of updates and have had update file failures, or outright loss of a next-boot up of Windows...THIS one file is the reason...unless of course, you DO have a system BitLocked...and then it will install properly. Most of us do not....

[allardjd 1,853]

Thanks, James. I've just reset my updates to manual, so I can stop this one. I assume MS will fix it pretty quickly?

John

[hifly 925]

Thanks James.

[Kevin Firth 114]

pants, this automatically installed this morning for me...

[hifly 925]

Double thanks James, just after I switched to manual and posted above a popup offered me an MS update.

[Kevin Firth 114]

restarted my pc, no problems here thankfully

[britfrog 180]

much appreciated m8 luckily i stopped updateing windows a year ago after their last cock up

[mutley 4,498]

Thanks James, I have auto updates switched off so I will keep an eye out for this one.

[adrians69 159]

Double thanks James, just after I switched to manual and posted above a popup offered me an MS update.

 

Me too, I spotted this just as I was about to update. Nice one James!!

 

[Gunner 69]

Did the updates today...no issues (win 8.1, that is).

[Corsaire31 419]

Thanks for the info ! I am on manual updates as well and will wait for some more info. 

[mike H 456]

Looks like my auto updates from MS has worked ok as my laptop rebooted as normal. Have now taken onboard the advice and have now changed  the settings to manual Thanks James for your info I only saw it after the auto updates had finished.

[dogtrack 346]

Have updated four machines with W7 64 on board, 2 x Pro and 2 x Home Premium. No problem on any of them and none of them using BitLocker. All machines updated ok and boot normally, following the full compliment of updates.

[MyPC8MyBrain 273]

why in the world would anyone update a fully working stable platform you’re comfortable with; that shows no signs of trouble

yea yea, I’m going to get what if's, and i could get hacked and attacked, it’s all BS;

 

this hype of updating windows each time a patch comes out is ridicules; i never run updates, ever!

unless something is broken and not working; updated are disabled for me from day 1

never had any issue, my system is stable as the day i installed it

 

there will be no magic in the updates, your computer isn’t going to miraculously work faster than it did before

or fix its own knots with the latest and greatest; its never going to happen,

 

if it’s not broken, don’t fix it

[jaydor 345]

if it’s not broken, don’t fix it

I do not usually download the updates myself, but I spotted the advice on another forum and passed it on.

I only ever download updates after a clean install of windows and like you Chris never update again..

[Christopher Low 63]

For the record....what's the solution for anyone that suffers from this? I will have to check tonight when I get home (before any updates are installed).

[stu7708 244]

From what I've found it happens if you manually disabled the BitLocker service.. So I guess those that have had no issues still have the BitLocker service running even though the encryption of the drives aren't used.

 

As far as I can tell, going by this post, it will resolve it self after a reboot but it will take a LONG time.....

[allardjd 1,853]

I think the best policy is to install the Windows updates but delay a little when they come out. If one is a stinker it will be well known within the first 24 hours. If they've released an update and the world is not howling about it within a day, go ahead and install it.

John

[MartinW 0]

why in the world would anyone update a fully working stable platform you’re comfortable with; that shows no signs of trouble

Because Windows update contains important security updates. If you don't keep your OS up to date you are vulnerable to many viruses that take advantage of OS vulnerabilities.

It seems up to now you have been lucky, but I would strongly advise you to reconsider your "don't bother to update" philosophy.

I always have auto updates off, and update myself manually.

[MyPC8MyBrain 273]

It seems up to now you have been lucky, but I would strongly advise you to reconsider your "don't bother to update" philosophy.

 

 

Hi Martin

it’s a hard logic to argue with, it’s not wrong

in some situation this approach isn’t advised; but will suit most generic home users

 

i personally feel very confident with my choice;

it is not luck that brought me thus far; happy and content

some experience has played a role in shaping my opinion on this subject

http://www.joesdata.com/executive/Chris_Bell_789222880.html

[MartinW 0]

yea yea, I’m going to get what if's, and i could get hacked and attacked, it’s all BS;

Seriously Chris, it isn't "BS" at all.

In fact virus writers rely on people like you, that don't bother to install critical security updates. Virus writers just love loopholes left in the OS, it's the primary way viruses exploit an OS. This isn't open for discussion, it isn't debatable, it's simply fact.

Yes, occasionally a critical update has unforeseen consequences, but I have to say, after building and operating PC's for many years, I haven't once fallen foul of Microsoft's critical updates.

Effectively, by not fixing the vulnerabilities in your OS, you are leaving your backdoor wide open, effectively dispensing with your first line of defence. Yes, you may have got away with it for now, relying on your AV to deal with any potential threat, but logical, no, I don't believe so.

But hey, far be it for me to tell you how to look after your system. If you are happy with your choices so be it. However, I comment merely because I wouldn't want others to be influenced by your approach,an approach that any security expert would frown upon.

This from the University of Chicago on why you should patch your OS...

https://itservices.uchicago.edu/page/update-your-operating-system

Bit more...

http://en.wikipedia.org/wiki/Vulnerability_(computing)

[MyPC8MyBrain 273]

Hi Martin

it’s a hard logic to argue with, it’s not wrong

in some situation this approach isn’t advised; but will suit most generic home users

 

 

my opening statement is quoted right over this reply;

i am not forcing anyone to take my approach to security

ive served for several years as a Chief security engineer for the second largest pharmaceutical in the world

i know a thing or two when it comes to security; what i didnt bother to describe in my initial responce

i disable and lockdown all sharing including terminal services and client for Microsoft networks

server service, NetBIOS, terminal services and such built-in potential security vulnerabilities

 

i wish i could see your face when you read the next line

i don’t run any AV or FW of any kind

 

my policy in regards to viruses and such; i don’t bother

 

my user profile folder with my entire data; has been relocated to my second D drive

in the event i get compromised; it takes me less time to recover my system from a backup i make upon finishing my clean install

it take Acronis 8 minutes to restore my C drive; since my profile is located on my D drive; its seamless recovery for me

there is no better way to date to recover from a compromise other than the one i described above

 

every other approach is pointless and a complete waste of time imo

 

to sum this up; I’ve never had to use my backup to recover from an attack

if i have deployed my backup it was for completely different reasons then a virus attack

 

the fact of the matter, today you rarely deal with any viruses directly

all ISP strip them out way before they enter their network; and its never done at your application level

it is identified and stripped at the second to third level of the OSI model

99.99% of viruses and mutations signatures are known in advance

 

Just my two cents to clarify my approach

[MartinW 0]

i know a thing or two when it comes to security; what i didnt bother to describe in my initial responce

I disable and lockdown all sharing including terminal services and client for Microsoft networks

server service, NetBIOS, terminal services and such built-in potential security vulnerabilities

Oh right, you didn't give us all the info the first time you naughty boy, thanks for clarifying.  In which case the response to your first post should be...

 

why in the world would anyone update a fully working stable platform you’re comfortable with; that shows no signs of trouble

 

 

Answer: Because we need our PC's to be fully configured. And the majority don't have the technical expertise to shut down all vulnerabilities. You see Chris, in your first response you were referring to "anyone" hence all of us. You weren't referring to individuals like yourself that have significantly modified the OS to avoid vulnerabilities. Hence the confusion, hence my response. If you had told us initially that you shut down services and aspects of the system open to attack I would never have responded.

 

 

 

 

yea yea, I’m going to get what if's, and i could get hacked and attacked, it’s all BS;

 

 

Not BS for the same reasons mentioned above.

 

this hype of updating windows each time a patch comes out is ridicules; i never run updates, ever!

unless something is broken and not working; updated are disabled for me from day 1

never had any issue, my system is stable as the day i installed it

Not ridiculous at all for the 99% of us that haven't the technical expertise to severely cull significant aspects of our OS's, and wouldn't wish to.

 

if it’s not broken, don’t fix it

 

 

It is broken. Hence the security updates to fix vulnerabilities. Vulnerabilities you say you have bypassed by severely restricting your OS.

 

i wish i could see your face when you read the next line

i don’t run any AV or FW of any kind

 

 

 

Yep, I know someone else who does that. same philosophy and method as you. Vulcan B2 is his name, those that frequent or have frequented the Just Flight forum over the years will know his name, and perhaps smile.

[MyPC8MyBrain 273]

true, i didn’t explained the additional measures i personally take; simply because i didn’t think we will discuss this in depth here,

many of your points are valid; still... one must understand that not every vulnerability/update MS is offering pertain to your spesific setup

 

many of us devs do allot of work outside the box; we often install our DLL/exe or scripts that are not mainstream

we often run into incompatibilities or bugs that’s related to one’s specific work

MS doesn’t distinguish installed add-on or third party software

in fact some update could hurt you while helping another

as we saw with this specific update

 

you don’t know why it was issued; for who; and under which circumstances this was needed!

 

now back to little technicality to shade some light on my early statement

 

99% of home users are situated on their local network; behind their ISP modem/FW at home

(our Sim users most likely will have a desktop; none portable)

this alone eliminates a big security threat as the interfacing leg to the world is your modem's and not your PC

combine that with the notion that all ISP's eliminate 99.99% of viruses/trojans/worms at layer 2 of the OSI model

(low level tcp packet will be stripped before its reconstructed by the ISP Gateway routers and switches)

 

my statement still stand imo for most home users; my added security measures are in place since i am mobile with my laptop

which puts me on strange untrusted networks very often; eliminating any type of service offerings from my station

assures my assets are protected outside my home network,

 

We clearly don’t see eye to eye on this subject;

im not trying to sway your opinion with the above one way or the other;

rather explain my point of view and assumptions related to my statement 

 

 

[Kevin Firth 114]

chris that sounds really interesting, if I understood any of it Im sure it would be more helpful! Cheers K