Microsoft finally fixes double-print bug, but more patching problems loom

The convoluted method Microsoft used to fix the MS16-098 double-printing bug is a harbinger of screw-ups to come with the new all-or-nothing approach to patching

Microsoft finally fixes double-print bug, but more patching problems loom

Microsoft finally acknowledged yesterday that it has fixed the bug that breaks certain kinds of print jobs. The problem was created by a security patch issued on Aug. 9, and in the intervening six weeks the company offered a rat's nest of partial fixes, preferential treatment, and botched communications that don't bode well for Windows 10 forced patching. It's also bad news for the anticipated October patchocalypse, when Windows 7 and 8.1 customers will start being treated to a new all-or-nothing approach to patching.

In order to understand the bizarre maze that Windows 7 and 8.1 users are about to encounter, it helps to unwind what went wrong with the double-print bug and exactly how it was finally fixed.

This saga started with MS16-098, a "Security Update for Windows kernel-mode drivers." The rather mundane patch -- not rated critical -- covered a handful of security holes that had not been publicly disclosed or exploited in the wild. MS16-098 replaced MS16-090, a kernel-mode patch that was released in July. MS16-098, in turn, has been replaced by the kernel-mode patch MS16-106, which was released this month.

See the pattern?

The double-print bug was distributed to every version of Windows. Those users who updated earlier versions of Windows (Vista, Windows 7, 8.1, RT 8.1, as well as Server 2008, 2008 R2, 2012, and 2012 R2) got bit by the patch known as KB 3177725. If those users wanted to get rid of the bug, they only had to uninstall KB 3177725. Of course, Microsoft has dire warnings about uninstalling security patches, but if you fell victim to this particular bug (as was the case if you use, among many, the Seagull Scientific bar-code printing package BarTender), you could back it out by uninstalling the faulty patch. When the patch went away, the bug did, too.

That's been pretty much standard procedure for a decade or two.

Windows 10 users weren't so lucky. With Windows updating-as-a-service, the only option for uninstalling the buggy patch was to unwind all of the Aug. 9 patches -- all of the security patches and all of the other patches -- then use wushowhide to hide the bad patch until a bug-free version rolled around. That's not an easy task.

Here's where the story gets complicated. Because of the nature of forced, one-way, cumulative updating, Microsoft's recovery from an obviously faulty patch for Win10 took two different roads, depending on which version of Windows 10 you were using.

If you were using Windows 10 Anniversary Update, version 1607 -- which is installed on only a fraction of all Windows 10 PCs -- you got the royal treatment. (Per Paul Thurrott's report, even at this late date only one-third of all Win10 users are on the Anniversary Update.) Microsoft delivered the buggy patch on Aug. 9, and fessed up on Aug. 12. Apparently the bug was fixed with the Aug. 31 cumulative update -- Build 14393.105 -- although I can't find any definitive statement from Microsoft to that effect. Microsoft didn't document the bug or its solution in the release notes. It took 22 days to push a fix for the Anniversary Update.

If you, like most Win10 users, were on the Fall Update version 1511, you experienced an odd implementation of cumulative update art. Microsoft didn't want to push out a full cumulative update at the end of August, so it created a small and largely unnoticed fix, KB 3186988. It wasn't pushed out the Windows 10 update chute, instead it was posted -- much like a hotfix, in an earlier age -- so those who knew about it could download and install the fix.

In the normal course of events in the not-so-good old days, when Microsoft posted a hotfix for a problem you could find instructions for what to do with the hotfix: Should you uninstall the hotfix prior to installing the big patch or could you install the patch over the hotfix -- and is there anything else you need to consider? In this case, there was silence.

When build 10586.589 -- the next cumulative update for version 1511 -- came out on Sept. 13, there wasn't a word about the double-print bug, not a clue on the hotfix page, nothing in the release notes -- nothing. Users had to guess if the big cumulative update even fixed the double-print bug and whether the hotfix was still necessary or needed to be re-installed -- and then keep their fingers crossed that the big update would peacefully co-exist with the hotfix.

Yesterday we got confirmation. Thanks to keen-eyed user Abbodi86 on AskWoody, who noted that the KB article describing the bug has been updated to include a crucial note: "This problem is resolved in Microsoft Security Bulletin MS16-106." That, in turn, leads to confirmation that the double-print bug fix is in build 10586.589, which was released 10 days ago.

Yes, it took Microsoft five weeks to fix the bug it introduced in Windows 10, and another 10 days to tell customers about it.

As Gregg Keizer noted in Computerworld yesterday, those of us who have to deal with Win 7 and 8.1 cumulative updating starting next month are nervous. Susan Bradley told Keizer, "Bottom line, everyone is holding their breath, hoping for the best, expecting the worst." Given this recent patching debacle it's easy to see why.

No matter how you slice it, Windows 7 and 8.1 customers are going to lose a key feature that they've had since the early days. Starting next month they won't be able to back out a bad patch without yanking the whole lot. Given Microsoft's track record with issuing bad patches -- and pushing patches that do things customers don't want -- that's a scary proposition.

Copyright © 2016 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon