Microsoft Stealth Update and Windows XP repair don't mix

Microsoft Stealth Update and Windows XP repair don't mix

Summary: Remember that Stealth Update I talked about a couple of weeks ago? The one that Microsoft sent down the pipes to XP and Vista users and installed it irrespective of whether the user had given consent for updates to be installed? Remember too how the apologists claimed that there was nothing wrong with how Microsoft had behaved because there was no harm done? Well, it turns out that this update isn't as benign as we first thought and can indeed cause problems for Windows XP users if they try to repair their installation.

SHARE:

Remember that Stealth Update I talked about a couple of weeks ago?  The one that Microsoft sent down the pipes to XP and Vista users and installed it irrespective of whether the user had given consent for updates to be installed?  Remember too how the apologists claimed that there was nothing wrong with how Microsoft had behaved Microsoft Stealth Update and Windows XP repair don't mixbecause there was no harm done?  Well, it turns out that this update isn't as benign as we first thought and can indeed cause problems for Windows XP users if they try to repair their installation.

Full image gallery available here

Information uncovered by Scott Dunn of WindowSecrets.com indicated that a bug in this update prevented users from being able to download and install patches on XP systems that have been repaired:

However, after running the repair option from an XP CD-ROM, Automatic Updates defaults to "on," and the new 7.0.600.381 executables are automatically downloaded and installed. These new executables fail to register themselves with the operating system, preventing Windows Update from working as intended. This, in turn, prevents Microsoft's 80 latest updates from being installed.

Testing

I was lucky enough to get early access to this information, and regular readers by now must know that over at the PC Doc HQ we don't take anything for granted - so we set up a few systems to see if we could replicate this issue.

We approached this issue in much the same way that we approached the initial claims of a stealth update - with a healthy level or skepticism.  Because of this we set up several test rigs (with varying hardware configurations) onto which we installed Windows XP.  We then bought the OSes up to date with regard to patches and then booted up the systems off the Windows XP CD and carried out a system repair. 

After carrying out the repair we rebooted the systems and tried to update the OSes so that they was up once again to date with patches.  In all cases we were shocked to find that we couldn't update the systems.  Windows Update informed us that it needed to update itself, Windows Update woesand once that was done allowed us to continue as far as downloading the updates, but, and here’s the but, when it came to installing them, all 80 updates slated for installation failed with no indication as to why and with no offer of a remedy to the problem.  Trying to re-download the updates meets the same conclusion.

In case you're wondering, we also waited to see if Windows Update would fix itself if left to run in the background automatically based on a schedule.  We waited, and waited, and waited, but nothing happened.  Without a doubt, Windows Update is totally broken.

What to do if you are affected -->

A fix or two

The issue, as Dunn correctly concludes, is down to the update that Microsoft released upon Windows users stealthily back in late August.  On a repaired XP installation this update (identified as version 7.0.6000.381) is not registering itself properly and as a result isn't working properly.  This could mean that systems that have been repaired are left unprotected because they are running at a patch deficit.

Dunn offered two different fixes for this issue.  We tested both and concluded that both will work - so if you're suffering from this problem you’ve got a choice, with the batch file solution being simplest.

Manually register the unregistered DLL files

The first method we tried for fixing the problem was to manually register the following seven DLL files:

  • wuapi.dll
  • wuaueng1.dll
  • wuaueng.dll
  • wucltui.dll
  • wups.dll
  • wups2.dll
  • wuweb.dll

There are several ways to do this but the simplest was to create a batch file to automate the process as much as possible.  The file is a simple text file containing the following commands:

regsvr32 /s wuapi.dll regsvr32 /s wuaueng1.dll regsvr32 /s wuaueng.dll regsvr32 /s wucltui.dll regsvr32 /s wups.dll regsvr32 /s wups2.dll regsvr32 /s wuweb.dll

su2-0017-sm.jpg 

Running the batch file registers the named DLL files.  After registering the DLL files we tried the Windows Update process again and discovered that it worked fine this time, downloading and installing the 80 updates.

If you're interested in the batch file to register the DLL files but don’t want to create your own, you can download that from here.

Force an install of an older version of Windows Update files

Another fix is to download an earlier version of the Windows Update files and force a reload of these over the top of the later, buggier versions.  You can download Windows Update Agent 3.0 from here (scroll down to Step 2 to find the update).

But fixing this issue isn't as straightforward as installing the update.  Because you're trying to install old files over newer ones, you have to force the update. To do this you have to run the update from the command line or Command Prompt and use the /wuforce switch.

su2-0021-sm.jpg

Again, running this update allows the Windows Update process to download and install updates properly.

Conclusion

This issue highlights why it is vitally important that Microsoft doesn't release undocumented updates on the sly.  Even the best tested update can have unpleasant side-effects, but if patches are documented properly and released in such a way that users (especially IT professionals) know they exist, it offers a necessary starting point for troubleshooting. 

Windows Update woesWhat Microsoft did with the stealth Windows Update was not only push an undocumented patch to users (including those who expressed a desire to manually OK any updates), but they also pushed a patch that under certain circumstances doesn't work properly and can actually kill the whole Windows Update mechanism. 

Microsoft needs to urgently address this issue and come up with a better policy for updating all Windows components.  This should also be the last update that is sent to users stealthily and the last undocumented patch.  Clarity and honestly is of vital importance and Microsoft needs to learn some lessons from this episode.  When users state a preference for not wanting any updates installed on their systems without first OKing them, there's a reason for that - so that testing can be done and care taken to make sure that future problems are avoided, or at least mitigated.

Thoughts?

<< Home >>

Topics: Software, Microsoft, Operating Systems, Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

218 comments
Log in or register to join the discussion
  • As one f the "Microsoft Apologists" you ...

    ... speak of I must admit I was wrong. I agree that publishing the undocumented patch did cause harm and therefor was a bad move on Microsoft's part. I stand corrected.
    ShadeTree
    • I commend you

      Sincerely I do, for being man enough to stand up and say I was wrong. Gives a whole new level of respect for you. Too bad No Axe couldn't learn from you. ]:)
      Linux User 147560
      • I second that (nt)

        .
        Michael Kelly
      • There is one caveat

        Are we talking about a windows update problem or a problem with the "stealth" mode.
        <br>
        Afterall, if users had prompted for the new client and denied, they'd be in the same boat of not being able to get updates. <br>
        If they had accepted it, they would still be in this situation.
        <br>
        My ONLY point is the stealth mode install did not create this situation. <br>
        To say otherwise would impact 99% of the users. That would mean given the choice and everyone did not accept the client install, 99% of all users would be nearly 2 months behind on updates.
        xuniL_z
        • Wrong caveat

          Actually Stealth mode did do the damage as those who were unaware of the problem would have found themselves vulnerable without any awareness of why.
          The situation is not that there may have been an update problem nor that by evading the bad patch users would be in a better position but that the method in which the client was delivered offered no traceability to the users which then did have a problem.
          madfenris@...
    • Thirded (NT)

      NT
      Stuka
    • Not so sure you were wrong.

      I know I'm going to catch a lot of c*$# for this comment but the circumstances under which this problem appear are very unusual and likely to affect a tiny number of users. Specifically it involves using the repair option from the CD to initiate. Unless an end user is in the habit of regularly running the repair option from the CD this problem is almost a non-issue. If you have to use the repair option you've already experienced a serious problem with your Windows install.

      This is not to say that I agree with Microsoft silently downloading this install. I disagree with that completely and don't buy their explanation as to why they're doing it. But the problem described here is not of the nature where the update is silently performed and the system mysteriously fails to work afterwards. This is also not to say that something like that might happen and has not yet been discovered.
      ye
      • The issue is

        that for those who DO experience the problem, if no one discovered what MS was doing they would have had no idea what was causing the problem and how to fix it. And personally I don't find it any more or less acceptable whether 1% or 50% or 100% of the user base is affected by the problem. The problem, even if it is only 1%, is that you never know WHICH 1% gets affected. This time it's people who used the repair option. Next time it may be people who use MS-DRM media. Or people who defragment their hard drive once a week. Or people who set up a new user account after the unannounced update. You just don't know what could happen, because there are so many variables.
        Michael Kelly
        • That and...

          If around 1% of windows users were affected, that's still a whole lot of people. Saying 1% makes it sound as though no one's going to take a hit from this.
          zkiwi
          • Go...

            pick up your Monster OSX patch just in and realize the "stealth" mode had nothing to do with any users being affected while your waiting for the monster number of patches to install..
            xuniL_z
          • Stealth updates that It is not informed of are bad

            even if only 0.1% of windows users where affected by this problem that would still be a very large number of PCs when you consider the numbers running Windows XP. And if the IT guys don't know about an update they can not rule it out as the source of the problem meaning it could take much longer to track down the problem and get that PC back up and working. It costs a lot of money in lost productivity time for all those PCs that won't run.
            NZJester
          • You mean most companies don't check

            their even logs regularly? There are free programs out there and there are those that cost, but I thought everyone filtered their event logs housewide to keep track of issues? How would you konw if someone is trying to log onto one of your PCs as admin etc? <br>
            I'm not excusing what Microsoft did as being right. They should have simply prompted to take it or not. perhaps they were afraid people would not understand, say no and automatic updates would be messed up. I think they made a decision based on consumer interest and not the other way around. Yes in retrospect it was a bad move. <br>
            But let's move on. It turns out it was just a bug with an easy fix that was not dependent on the "stealth" mode update to be there. If you took the client update manually it would as well and you'd know of it. But seeing the problem was directly related to WU, i'm sure that is where most started to look.
            xuniL_z
          • Do you run event loggers on production PC's?

            Do you have spare PC's where you can reimage them and then wait for them to be updated to see the problem? Why would you even consider a stealth update as a source of problems? And where was it published (by Microsoft) anywhere that you could see that it was happening?
            zkiwi
        • For this particular issue the user is likely to conclude...

          ...the repair option didn't completely fix the Windows installation and re-install Windows. Remember there was already a significant problem which led to the repair option being used.

          I repeat: I'm not trying to justify Microsoft's actions wrt to this silent update. But it affects a small number of people. And yes, the affected population is something that should not be ignored.
          ye
          • Wrong answer

            Where is he going to get the Windows to re-install? After all most PC makers do not furnish a complete Windows installation any more. Instead you get, as I did, a CD which requires you to have a valid working Windows and then it repairs it.

            The other problem is that the user likely has never installed Windows in the first place so what is the likelihood of getting it right the first time? I am sure that the readers of this publication would probably be able to but what about all the others out there who unfortunately for themselves use Windows.

            M$ is just digging a bigger and bigger hole and doesn't seem to really address the problem at all.
            rhomp2002@...
          • Your joking...right?

            I hope you weren't being serious with your questions:

            "Where is he going to get the Windows to re-install?"

            I assume it would be the same Windows for which the performed the repair which got them into this situation to begin with.

            "After all most PC makers do not furnish a complete Windows installation any more."

            Then they wouldn't be in this position as they don't have the repair option.

            "Instead you get, as I did, a CD which requires you to have a valid working Windows and then it repairs it."

            Then you've got the CD you were asking about with your first question.

            "The other problem is that the user likely has never installed Windows in the first place so what is the likelihood of getting it right the first time?"

            Then they're unlikely to know about or have used the repair option. Thus they would never encounter this problem in the first place.

            I surely hope that your questions were meant to be in fun. If that was a serious post you may want to go back and re-think your questions.
            ye
          • Who is being oblivious here?

            Most people who experience this issue will probably either end up calling a professional and have to pay them to try reinstalling... and reinstalling... and reinstalling... Or the person will have to have to resort to wiping out everything on their entire system and lose all of their accumulated data. Whether it is a business or home user, that should never be the recommended solution. The fact that M$ releases undocumented patches just shows that they are afraid to admit that their software has issues. They are just trying to give the impression that their software is better than the competition when in fact it is usually worse when it comes to security and just plain glitches.
            JJQ1000
          • Apparently you are being oblivious

            "Most people who experience this issue will probably either end up calling a
            professional and have to pay them to try reinstalling... and reinstalling... and
            reinstalling..."

            Remember the problem only manifests itself after the user performed a repair. If the
            system needed a repair something serious already went wrong and it's unlikely the
            person performing the work is not knowledgeable.
            ye
      • What else might go wrong?

        You really missed the point. If this went wrong, what else might go wrong? For us mere mortals with no access to the source code, it's a sit, wait, and hope game.

        Have you seen how many corporate users' machines become unusable? What does help desk do? Start with the recovery CD. This may not affect you, but our help desk has a never-ending stream of this problem.
        davidr69
        • No, I don't miss the point. That's why I wrote:

          "But the problem described here is not of the nature where the update is silently performed and the system mysteriously fails to work afterwards. This is also not to say that something like that might happen and has not yet been discovered."

          Did you even bother to read and/or comprehend what I wrote? It surely doesn't seem like it.
          ye