Reading Time: 2 minutes

thMicrosoft suffered great embarrassment this month when it was learned that a Windows patch it released with its August Patch Tuesday updates, could actually cause a “Blue Screen of Death” lockup under certain circumstance.  Almost as embarrassing is that it took 2 weeks to release a fix to the fix.

The bug in update MS14-045 is triggered under specific circumstances that Microsoft testers clearly did not consider.

The fault is triggered on systems that have one or more OpenType Font (OTF) files, installed in non-standard font directories and are recorded in the registry with fully qualified filenames. In fact, OTF fonts are very popular because they are open source and free. Many users download them from web sites and are not limited to the standard directories to save and install from.

Microsoft has downplayed the problem indicating that it could occur on a very small percentage of Windows PCs. However, with 1.5 billion computers using Windows world wide a small percentage could still be a lot of computers. In fact, shortly after the August 12th release of MS14-045 a flood of users were posting desperate messages on popular tech sites reporting that their computers were locked. One can only imagine the situation at Microsoft customer support centers.

On Aug. 15, Microsoft notified users that they should uninstall the components that made up MS14-045. However, they did make a general announcement preferring to keep thier error “hush hush, mush mush”.
Shortly thereafter they deleted the problem patch from the update.

With the patch, all is well. Right?
Not entirely.

The Knowledge Base article for the new update (KB2993651) lists known issues that remain after the update, including:

  • With the update installed, fonts in the system that are not in the default fonts directory (%windir%\fonts\) cannot be changed when loaded in an active session. For more detail, see the KB article.
  • With the update installed, the z-order (depth) of some windows is changed. This means they can be hidden and therefore invisible. Four other earlier updates also cause this problem:
    o 2965768 Stop error 0x3B when an application changes the z-order of a window in Windows 7 SP1 and Windows Server 2008 R2 SP1
    o 2970228 Update to support the new currency symbol for the Russian ruble in Windows
    o 2973201 MS14-039: Description of the security update for Windows on-screen keyboard: July 8, 2014
    o 2975719 August 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2

 

START FREE TRIAL GET YOUR INSTANT SECURITY SCORECARD FOR FREE