Windows XP update fails in infinite .NET patch loop Microsoft has issued guidance on how to fix problems created by its last bunch of patches. Redmond's patches for May brought pain to Windows XP users who have installed the .NET framework. The problem seems to involve updates KB2633880, KB2518864 and KB2572073. Each download the updates and installs them, but then insists on …
Not news, but if the Register insists on doing an article about it, they should try for something a bit more substantive. Not the first time I've noticed this kind of thing, and it's not limited to .NET stuff, and there was a bunch of this going on around the time of Patch Tuesday--though I'm already unsure if it was this month or last.
I'm always interested in hearing more about Microsoft's incompetence. Never liked that company. However, this article was NOT more. The headline actually managed to tell more of the story than the article, which is something of an accomplishment.
.Net on XP seems horribly fragile, I see lots of XP boxes brought in that will not install .Net 1.1 or 2 updates. On any number systems this has been an issue for a long time. What even worse is the process you have to go through to get all the Net crap off to reinstall. Java sucks with its security problems, but .Net takes the cake with its insidious fingers stuck deep in to system directories and the registry.
"Interesting. Tell me how do you know " the versions of dotnet I need"? Is their a magic Windows dependency tool I don't know about?"
My method is easy. Just strip all the .NET mess out of the PC and then reboot. Wait and see what complains. Too many little applications come with the need of this huge mess of a framework.
Once .NET has gone, you can then see which programs complain. Then check up their specs as to what they need. (Or find replacements written in a proper language)
I knew it!
Ran around today doing maintenance for various clients - even argued with one of my techs about it - told him it would be straightened out at some point since they seemed to install correctly.
It's the ones that repeatedly fail that concern me.
(to be fair or unfair, I did consider a conspiracy by MS to help phase out XP lol)
(to be fair or unfair, I did consider a conspiracy by MS to help phase out XP lol)
Y'know, I'm not even "officially" an IT guy -- I'm largely self-educated in that respect, so there's huge gaps in my knowledge* -- but based on everything else I've read here, I also wouldn't be the least bit surprised if it were discovered that this was deliberate, in order to force people to go to Windows 8. It was the first thought I had before I got even halfway through the article. Granted, most of your garden-variety conspiracy theories are totally whacked, but every once in a great while it turns out that it really is a conspiracy -- but, then, again, never attribute to malice, etc.
I'm reminded of that old geeks' joke from about twenty years ago, about the development of an early Windows version -- or was it a late DOS version: "It ain't done 'til Lotus won't run!"
-----
*...and I'm also using OSX. I could make some crack here about how MacOS has always "just worked", but that argument is pretty much beat to death, so screw it.
If it is a conspiracy then it isn't much of one. It appears to only to re-present an update it already installed. An update you can hide and never see again. I cant quite see how that would make me want to drop XP if I was running it. Add the fact that, according to these forums, this is something that has happened before, long before Windows 8 began to loom over our heads, then it would have to be a conspiracy of dunces. Its just a cock up, of which I, too, have made many.
@ Shannon: I can't blame the Reg for not having much to say. I've been worrying over this for two days (the affected computer is a business-critical machine), and looking all over the Web for information, and the only things to be seen are 1) a whole lot of p'd off users from all over the world, 2) massive silence from Microsloth, 3) smartasses (or an MS PR squad?) on every thread posting fixes that are quickly reported not to work, and 4) traces of closely similar instances from the past. At least the Reg makes it official, so I can show something to the lice at Trustwave ("false positives R us") if they flunk me for not having the latest security updates installed.
Count on MS to leave the world pulling its hair out when a brief statement would at least tell us we could stop wasting our time.
The moral is to not install untested patches straight on to business critical machines.
Microsoft can't and shouldn't escape the blame for their cock-ups but businesses have to take responsibility for what they do. Was this eventuality - and worse - not identified in a risk assessment?
I bet MS used their own new "engine" (so.cl) to search for information on this subject. Only to have some people tag it "Window 8" (or other crap) after which the topic suddenly takes a whole new turn with lots of extra (often unwanted) crap.
That's what you get guys from trying to re-invent the wheel :-)
You know the sad part? I didn't make up the stuff about so.cl :P
I removed all versions of .net which solved the problem. Nothing on the PC stopped working so .net was probably left over from some old and now removed program.
No help for anyone who needs it but might be worth checking anyway.
Waste of Blxxdy time though, 1 hour of messing around with a PC that had worked fine for years.
I heartily agree. Unless you have something that needs .NET, you should remove it. (No part of the basic XP system uses it. Sadly, this isn't true for later versions.) This advice applies separately to the three versions: 1.x, 2/3.x & 4.x. Fortunately, there's a handy tool for doing this.
See: http://blogs.msdn.com/b/astebner/archive/2008/08/28/8904493.aspx
I tried to look at the link provided (on a Linux box) and got
"System Tip: This article applies to a different operating system than the one you are using. Article content that may not be relevant to you is disabled."
Oh, fuc*king sensible! I might be using a different computer, with a different OS, in case this 'strange behaviour' flagged up in my suspicious mind as malware....
Muppets!
And you failed to look at the page properly. If you did you would have seen the link to click to look at the info anyway. I like this move from MS as it stops many home users following incorrect information when they are trying to solve problems themselves. Not their fault if you don't pay enough attention.
>> If you did you would have seen the link to click to look at the info anyway.
I just looked at the article (from the US, at 19:45 GMT), and saw no "link to click to look at the info anyway"--not anywhere on the page. If it existed, then apparently this information leak has been fixed--presumably because it just encourages use of non-Windows OSs.
Me TOO!!!!
What a bunch of dumb fuckwits!
Recently, I got a new 'puter loaded with WindbloZE 7 on it.
As a diehard Linux user, I could not tolerate the prospect of a WindblowZE infection existing on my 'puter.
After purchasing a new, larger hard drive, I took the anti-static bag it came in, and put the old WindblowZE 7 hard drive in it, and plastered the bag with `biohazard` labels.
WindblowZE - dangerous to the health of a 'puter.
Perhaps it's stealth tactics to convince people to upgrade.
Get them so damn frustrated, they throw in the towel and get windows 7.
I'm amazed XP is still so popular after a decade - then again, it was built on win 2k, Microsofts finest release to date - they got that one right!
Microsoft really have a problem on their hands with XP now and they're making life more difficult with windows 8. Where I work, 70% of the office computers are still on XP and I bet that's pretty much the figure globally.
If it ain't bust, don't fix it, 'cos microsoft will bust it for you ...
when I attended a .NET bash before it came out and was told how the DLL hell was a thing of the past.
I also remember the day when .NET got upgraded to 2.0 and all the earlier stuff stopped working with no fix. It wasn’t an XP problem it was an MS problem.
Well its not a problem for them - the whole point is to make you upgrade to the next version if the OS with all the costs involved.
You still running XP? Not if we can help it...
> DLL hell was a thing of the past
I never understood why DLL bothered people until I started using .NET. Prior to that I'd always used explicit DLL loading and a generic command dispatching mechanism so that the number of imports/exports rarely changed.
Sadly it's the usual story. Third party solutions might be cheaper than ones you implement yourself but are rarely as hassle free. .NET is basically all about third party solutions. Saves a lot of time during development but can be hell when it goes wrong since half the time you have no idea what the problem is very little help from error messages.
This happened to my work PC recently - it updated my recent vendor specific network driver to an older MS nonworking one.
Win7 though I have not found a quick shutdown option which does not do updates so if I need a quick shutdown I shut everything down then switch off at wall, safer than the power cut mid update. (dodgy power near here - we have regular power cuts - every few months, to trim trees around power cables)
A tip for your sanity
If your hardware drivers need updating do it properly - download the driver, uninstall the hardware and reinstall pointing at the new driver. Never use any kind of inline update service. Networking controllers drivers are as notorious as graphics cards for not tolerating hot updating.
And remember - just because a newer driver is available doesn't mean you should install it. What was wrong with the old one?
As for .NET why bother. If you have .NET reliant apps and they work fine you don't need the update. Check the issues and download only if it fixes something you need fixing. If you don't know if you need .NET uninstall it. If something stops working check the documentation and get the right version.
If you are in business support you don't need MS to tell you that you have installed certain updates to certain machines as you will, of course, have your own logs and you would never, ever have installed untested patches to business critical machines.
This is a security update, you should definitely install it even if all your .NET apps are reliable.
All three relate to Code Access Security, which sandboxes what the code is allowed to do depending on what is hosting the code, and where it came from. Microsoft provided a plug-in for Firefox to support loading .NET components (particularly 'XAML Browser Applications', XBAPs) in addition to the support in IE; the plug-in reportedly also works in Chrome but I don't think there's any formal installer for it. If an attacker can convince you to click a link to an XBAP, they may be able to escape the sandbox and execute arbitrary code. That's the potential threat, for client computers.
IIRC the Firefox plug-in was installed by default in some releases of .NET Framework 3.0 and 3.5, but I think not installed by later ones. Perhaps this is where the problem lies.
ASP.NET can be configured to run hosted web pages and services in Medium Trust mode, again sandboxing what the code can do - an attacker could be able to break out of the sandbox if they could replace the code for the page.
This will NOT be downgraded to any newer version of windows, I think I will remove .NET then.
It is staying XP as newer windows remove things, Vista and 7 have bolloxed full screen DOS, 7 32bit has bolloxed NETBIOS, great fun (remote to a customer) when your system reindex utility is still in DOS and requires Netbios to connect to the server. Luckily the system was small enough to zip and bring back to our office.
32 bit Win7 is crap - cannot run DOS apps full screen, no NETBIOS so what is the point in it? May as well have 64bit
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
