Microsoft’s monthly security updates are supposed to resolve problems not cause them. However, the folks from Redmond have had to withdraw an update released in last week’s “Patch Tuesday” updates because it can trigger the dreaded Blue Screen of Death where your computer becomes locked and the screen displays a lengthy, complex and utterly impossible to understand explanation on a sky blue background.
Oh the memories!
Those of us who were using Windows in the 1990s became all too familiar with the Blue Screen of Death (BSDs). While Windows 3.x was hugely successful for Microsoft, converting old fashioned single tasking command driven DOS machines to a modern multi-tasking GUI system, it was pretty unstable. Because of weaknesses in its memory management systems it would frequently produce conflicts with the processor and the computer’s architecture, such as a “General Protection Fault” that forced the system to shut down a program and often lock up the entire system requiring reboot. BSDs became a part of life for about a decade, until Windows XP came along. They’ve never gone away completely, as witnessed by last week’s faux pas by Microsoft, but over time they have become increasingly rare.
The new problem was introduced last Tuesday in Security bulletin MS14-045. It was updated on August 15th to remove the bug. The bulletin includes fixes for three privately reported vulnerabilities in the Microsoft Windows kernel that could allow elevation of privilege. MS14-045 applies to Windows 7, Windows 8, and Windows 8.1, plus Windows Vista and Windows Server 2003. However, the bug will normally not apply to Windows 8.
Why was this not caught in testing by Microsoft before releasing the update?
The bug is triggered under specific circumstances that Microsoft testers clearly did not consider.
The fault is triggered on systems that have one or more OpenType Font (OTF) files, installed in non-standard font directories and are recorded in the registry with fully qualified filenames. In fact, OTF fonts are very popular because they are open source and free. Many users download them from web sites and are not limited to the standard directories to save and install from.
In other words, this is not uncommon.
What Should You Do?
Microsoft is recommending that anyone who received the earlier version of the update uninstall it.TEST YOUR EMAIL SECURITY GET YOUR INSTANT SECURITY SCORECARD FOR FREE