The status of KB977165 and MS10-015

When reading quotes from lawyers and politicians wordsmithing is to be expected. But when it comes to Microsoft pulling a problematic patch, one in which it appears their code was not at fault, and the withdrawl was just for good luck until they were sure of all the facts, it's surprising that you need to parse words carefully.

  Pesky Patch Updates

Michael Horowitz:

Gregg Keizer:

When I read at The Microsoft Security Response Center that "We also stopped offering this update [MS10-015] through Windows Update as soon as we discovered the restart issues" I took this to mean that when Windows Update runs, it will no longer offer the problematic KB977165 patch, the one whose interaction with a nasty rootkit seems to have rendered some Windows machines unbootable.

I wasn't the only one to draw this conclusion.

Mary Jo Foley wrote on Feb. 11th that "Microsoft has removed one group of patches it released as part of this week’s Patch Tuesday — MS10-015 (KB977165) – from its Windows Update service..."

Likewise, Gregg Keizer of Computerworld wrote on February 16th that "Microsoft has not yet restored the MS10-015 patch to Windows Update, so users can safely download and install all remaining updates issued last week."  

Turns out, it wasn't that simple.  

In the next sentence Keizer quoted Jerry Bryant of Microsoft as saying "Automatic Updates for MS10-015 will remain disabled until our investigation into the restart issues is complete." 

Mr. Bryant's job at Microsoft is security communications and he, apparently, chooses his words carefully. The critical word here being "Automatic".

In response to my finding the pulled patch still being offered by Windows Update, Mr. Bryant said 

"Automatic Updates are still disabled. This means that customers who accept the recommended settings of checking for and installing high priority updates at 3:00 a.m. every day, will not get the update. However, customers can still choose to access the Windows Update screen and manually install this particular update; which seems to be the method described in your article."

In plain language, if you let Windows Update run automatically, it no longer installs the problematic patch. If you run Windows Update manually (IE -> Tools -> Windows Update in XP) you will be offered the MS10-015 patch.

But even this has a wrinkle.


When I run Windows Update manually, I opt for the Custom rather than the Express option because I like to review what's about to be installed. That KB977165 shows up in the list of patches to be installed is now understood to be expected.

But what about the Express option? You could say that this is manually running an automatic update. Will this install KB977165?

Yeah, me too. Enough is enough.

Copyright © 2010 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon