Microsoft patches huge Windows 7 RC bug

Applications installed prior to bug fix may be crippled, Microsoft says

By Gregg Keizer

May 8, 2009 12:00 PM ET

Comments

Security Alert

Securiity Center

Computerworld - Just days after it launched Windows 7 Release Candidate (RC), Microsoft has released a fix for a major flaw that slipped through testing.

The patch, which Microsoft describes as an "Important" update when it appears in Windows Update, was released yesterday. Depending on Windows 7's Automatic Updates setting, the fix may have already been downloaded and installed.

According to the accompanying support document, the problem affects only the English-language version of the 32-bit edition of Windows 7 RC.

"The folder that is created as the root folder of the system drive (%SystemDrive%) is missing entries in its security descriptor," Microsoft acknowledged in the support article. "One effect of this problem is that standard users such as non-administrators cannot perform all operations to subfolders that are created directly under the root. Therefore, applications that reference folders under the root may not install successfully or may not uninstall successfully. Additionally, operations or applications that reference these folders may fail."

Users will see a generic "Access is denied" error message when some chores, such as deleting a folder, are attempted.

Microsoft said the root cause was that Windows 7 RC 32-bit "incorrectly sets access control lists (ACLs) on the root." ACLs are essentially lists of permissions.

While the hotfix pushed through Windows Update fixes the flaw, it doesn't repair already-installed applications that may have been crippled by the bug. In fact, Microsoft recommended that to play it safe, users who have already installed Windows 7 RC, and subsequently installed any applications, essentially take a mulligan and do it all over again.

"To make sure that this update does not affect your user experience, we recommend that you take the following actions," Microsoft said, as it urged users to start the PC from the DVD, reformat the drive or partition where Windows 7 will be installed, re-install Windows 7, and then immediately apply the hotfix via Windows Update before restoring any backups or installing any software.

Ed Bott, who blogs for ZDNet, was the first to report the hotfix's release.

Microsoft debuted Windows 7 RC to the general public late Monday night.

Read more about windows in Computerworld's Windows Knowledge Center.

Comment Recommend Digg Twitter ShareThis

Email Print Send Feedback Reprints

Jump to comments

Windows 7

Additional Resources

WHITE PAPER

EFD vs. HDD - What You Need to Know

Enterprise flash drives provide a new Tier 0 storage layer capable of delivering high I/O performance at a very low latency. Proper use of EFDs in an Oracle environment can deliver increased performance compared to fibre channel drives. Read the recommendations for identification of the best DB components for EFDs.

WHITE PAPER

Gartner Research Report: Magic Quadrant for Application Delivery Controllers, 2009

The market for products to improve the delivery of application software over networks remains dynamic and innovative. Vendors focused on solving enterprises' most-pressing application problems have become the top players.

WHITE PAPER

Eight Criteria for Server Load Balancing

Server load balancers are a simple yet highly effective means to scale an application environment while ensuring its availability. Today's solutions should also address application performance and security. Read about the top eight criteria you should consider when choosing a server load balancer and how Citrix NetScaler meets those requirements.