The saga that started last Tuesday continues, with Microsoft finally acknowledging that some Windows 7 machines have Blue Screen problems caused by several Black Tuesday patches, and Windows RT, 8, and 8.1 machines may have Black Screen problems with some patches. The freezing doesn't occur immediately; it happens when the machine is rebooted; in the case of Windows 8.1, it may take two reboots. As of midnight Sunday, the patches were no longer available through Windows Update.
The problems are so bad that you'd be well-advised to uninstall the offending Automatic Update patches, even if your machine is working fine at the moment. It's possible, but by no means certain, that as long as the bad patches are at work, installing certain applications or modifying your fonts in specific odd (but entirely legitimate) ways may brick your machine. Microsoft buries that recommendation in the fine print of its FAQ for MS14-045:
Microsoft is investigating behavior associated with the installation of this update, and will update this bulletin when more information becomes available. Microsoft recommends that customers uninstall this update. As an added precaution, Microsoft has removed the download links to the 2982791 security update. [Emphasis added]
This particular patch rolled down the Automatic Update chute for four days. What percentage of Windows customers with Automatic Update turned on are savvy enough to find that little gem hidden in a Knowledge Base article and learn that they need to uninstall it? Of that small percentage, how many can/will follow through on the recommendation? You do the math.
You can wade through the main Microsoft Answers forum thread on the subject -- it has more than 400 replies and 53,000 views as of midnight Sunday, Redmond time -- but here's the gist of the timeline.
- On Tuesday, Aug. 12, around noon, Microsoft started releasing the patch down the Automatic Update chute.
- At 8:20 a.m. on Wednesday, Xformer posted a detailed, accurate description of the Blue Screen on a Windows 7 system, identifying KB 2982791 as the culprit. He noted that the problem disappears when reverting to an earlier restore point.
- At 3 p.m. on Wednesday, in an alternate Windows 8.1 universe, Yakumo.unr reported in a different Microsoft Answers forum post that he was encountering black screens on second reboot, after installing KB 2982791 or KB 2975719. At 9:20 a.m. on Thursday, unbeknownst to the folks on the Win7 forum, Yakumo.unr said that Microsoft "sent me a private message via this thread and have taken a data set from their automated trouble shooter tool, hopefully they can figure this out soon."
- Later that day, at 2:20 p.m., rvuerinckx posted a fix for Win7 that requireds booting from a Win7 DVD and deleting FNTCACHE.DAT. At that point, we had received no response from Microsoft, either on the forum or in the KB article, and the patches were still in the Auto Update chute. Many forum denizens had good luck with the fix. Many, lacking an installation DVD, couldn't boot to Safe mode, and several with installation DVDs reported they couldn't get into Safe mode either. One person ripped the hard drive out of his PC and deleted the file using a different machine. Desperate times.
- On Thursday at 7 p.m., meichelmanjr informed the Windows 8.1 thread that the Win7 thread had found a fix. Win7 and Win8 boot differently, so there are significant differences in applying the fix, but the root cause appears to be the same, and the solution (if you can get to it in Win 8.1) seems to work.
- At 9 a.m. on Friday, I confirmed that the patch was still being offered, and Microsoft had yet to respond (to the Win7 people). Microsoft MVP Susan Bradley posted detailed steps for removing/renaming the file, at the top of the forum thread.
- At 5:17 p.m. on Friday, KurtP, who appears to be a Microsoft employee but isn't identified as such on his post, stated that the patches had been pulled. But at 5:54 p.m., Bradley stated that the patches were still available on her machines.
- On Friday at 6:15 p.m., after close of business for the weekend for just about everybody in the United States, Eliyas Yakub, who is identified as a Microsoft employee, gave us the full news: The patches had been pulled, although it took a while to roll them back in all locations, and Microsoft had a working theory for the cause of the problem. The theory -- which has been confirmed -- is that the bad patches cause BSODs when the Windows boot sequence encounters links to OpenType fonts in the \Fonts folder. Of course, it's perfectly acceptable to have links to OTFs in your \Fonts folder, but for some reason the patches caused BSODs on reboot when they encountered a link.
- At 7:30 p.m. on Friday, Yakub told the Win 8.1 thread: "The team in Microsoft that provides these updates has been notified about this issue and they are investigating." At that point -- about 80 hours after the patch was released -- both major threads had been notified that Microsoft was working on a fix.
- Bradley continued to see the patches being offered on the West Coast until 8 p.m. Friday night.
- At 9 p.m., Yakub offered a second option:
There is a possibility of running into the issue if your system is rebooted again because the font cache will get regenerated on boot. When it gets regenerated, it could end up getting corrupted (depending on in what order the fonts are processed) due to this bug and cause the crash or show/print distorted font. So you can either remove the patch or follow the steps below to prevent the system from regenerating the font cache using files that are stored in a location other than %systemroot%\fonts.
And he gave a seven-step procedure that involved removing Registry entries.
- About the same time, KB 2982791 was modified to include detailed instructions for removing the FNTCACHE file, rebooting, editing the Registry, removing the bad patches, and optionally, restoring the Registry. It'll help if you have a Computer Science degree. At the same time, the TechNet post for MS14-045 continued, "Microsoft recommends that customers apply the update at the earliest opportunity using update management software, or by checking for updates using the Microsoft Update service."
I bet you never knew Windows works with the font cache in kernel mode -- or rather tries to work with the font cache in kernel mode.
That's why it's important for you to remove the bad patches. Until Microsoft releases new versions that work correctly, you may brick your machine if you install an OTF font file that's accessed with a link or if an application creates a link to an OTF file in your \Fonts folder.
But there is a bright side. If you never got Windows 8.1 Update 1 installed -- if KB 2919355 refused to cooperate with your machine -- you're fine. The botched patches were never offered to you scofflaws who didn't meet the mandatory Windows 8.1 Update 1 cutoff date.
Do all of us a favor and turn off Automatic Updates, OK?
This story, "Microsoft yanks botched Black Tuesday patches KB 2982791, KB 2970228, KB 2975719, and KB 2975331," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow InfoWorld.com on Twitter.