Fri, Aug 16 2013 23:49
BSOD from MS13-063/2859537
So since I've been involved in a thread in the answers forum on this, I do not want in any way to not empathize with people suffering from a BSOD from this update. At the same time I want to stress that this issue is NOT widespread. If you google on KB2859537 and get concerned that you see massive amount of posts all saying there are BSOD's with this update, go follow where they are pointing to. They are all mirroring and amplifying the same posts over and over again. In this social/twitter enhanced world of ours, I'm finding it really difficult to get true "dead body counts".
So a little background on kernel updates and why I always say don't rush to install them. Kernel patches have always have a history of issues. The reason is because the kernel can be nailed by any number of not well behaved members of the software family. I've historically seen malware enter a machine and make the kernel unstable and thus throw off a BSOD in patching. I've seen Brazilian based banking software meant to protect against keyloggers throw off BSODs when the kernel is updated. I've seen antivirus vendors that hook incorrectly into the kernel throw off BSOD's when the kernel is patched. Bottom line there are many many historical examples of a BSOD is thrown off, not because the machine was healthy, but because the machine had bad or faulty code on the system.
As a translated blog showcases - http://translate.google.lv/translate?sl=ru&tl=en&js=n&prev=_t&hl=lv&ie=UTF-8&u=http%3A%2F%2Fwww.outsidethebox.ms%2F15229%2F if the kernel is fine, the system will be fine when it's patched. If the kernel isn't healthy, you won't get a healthy machine back from patching.
So I'm seeing two issues with KB2859537
1. BSOD - which I'll be honest, I have two official support cases set up with Microsoft that have BSODs. But I'll bet ahead of time that there's something software related, something third party triggering this. I'll be the first to admit I'm wrong if I'm wrong, but these kernel updates historically follow a pattern. Clean machines patch fine, funky machines don't.
2. And this one I have no one willing to let me open a case for them - is what appears to me - a wider spread issue of an interaction with various software (maybe antivirus?) that is causing the issue of an error code Error 0xc0000005 causing the inability to launch programs.
That's the one that I'm not sure we're getting a good handle on. (Nor to I speak Russian) The RIFT game has rebuilt some part of their game to not throw off this error, but I'm not convinced we've gotten to the bottom of whatever third party software is causing this issue.
Both of these issues are NOT (I repeat) not widespread. I am blogging in fact from a machine that has KB2859537 installed. I have it installed on about four machines thus far, none are having issues.
Unlike the Exchange patch that did indeed have issues, unlike the ADFS patch that indeed have issues, I still honestly think this is a case of slightly mangled machines with malware, bad kernel code, third party software, bottom line something non normal is triggering this. It is not widespread across the board, everyone is just echoing the same locations.
So here's where I need your help. If a customer of yours comes in with either a BSOD or a Error 0xc0000005 I need you to email me so I can get information from you, specs of the machine, log files, etc. But I want to set the expectation that this is not the same sort of scenario as the Exchange or ADFS updates, there's nothing conclusive at this time.
I wouldn't be pushing out the kernel update this weekend yet, because I never push out kernel updates this fast, I always wait for third party software to ensure they have all of their needed fixes in.
But bottom line, don't panic. This issue is not widespread. And I still strongly am of the opinion that it's third party software related. Stay tuned as I know more, reach out to me if you see any Error 0xc0000005
Filed under: Security