Reload Loop! Updating Microsoft fix old update ends breaking new update ...

  1. Just for safety
  2. Connection to MS15-025
  3. What to do?

Surprised?

We!

That's how things seem to be unfolded.

One of the commentators on our March 2015 Update Tuesday article warning issued talking about the "reboot cycle" on 25% of computers in one place:

Reboot Loop, of course, is where the update requires you to reload, but when you do, reboot the reboot, and so on.

Our commentator used System Restore to rollback, and repeated its updates without an unpleasant one.

If you are on a separate computer, you can use other workarounds, such as booting in safe mode, which will help if the reboot cycle is caused by a component that does not boot in safe mode.

Then you can remove the latest updates and wait until the update update is available.

Just for safety

Confusing is that patch KB3033929 That is not included in the list of security updates for March 2015.

This is because it was just for security, not a full-blown Security Bulletin.

Oddly enough, the patch was a reprint KB2949927 , which in itself were withdrawn in October 2014 for causing a problem.

Even more ironic, KB2949927 is not a patch for the existing error, but an attempt to prepare a cryptographic future.

KB2949927 added support for SHA-2 in signatures code on Windows 7 and Windows 2008 R2.

SHA-2 later a cryptographic hashing algorithm that replaces its predecessor, SHA-1, which is currently considered to be bottom of cryptographic security .

But you cannot leave SHA-1 until you are ready and able to move forward to SHA-2, and this is what KB2949927 had to prepare for.

In addition, the update was to be "canceled" to use the word Microsoft, due to problems.

After this false start in October 2014, Microsoft tried again in March 2015, just hit another snag: the above reboot cycle.

Connection to MS15-025

Problem Reload Loop seems to be related to MS15-025 Also known as KB3035131, which is a security bulletin that sets up unauthorized access rights in the very core of Windows.

There it is a horse-to-horse problem with two updates, like explains Microsoft :

For Windows 7 and Windows Server 2008 R2, update 3035131 described in this stock bulletin affected binaries with an update release at the same time using security 3033929. This overlap in the affected binary files requires that one update replaces the other, and in this case wears a recommendation update 3033929, which replaces update 3035131.

In plain English: you must install security bulletin MS15-025 before Security Advisory KB3033929.

Obviously, if you let Windows organize your updates, you should be fine, because the windows will do them in the correct order.

But if you have your own update approval process, you can mix them up.

It sounds as though the original warning from Microsoft underestimates the impact of several:

Scenario: Customer first installs advisory update 3033929, and then tries to install update 3035131.

The result: the installation will inform the user that update 3035131 is already installed in the system; and update 3035131 is not added to the list of installed updates.

Obviously, this is a problem here, because windows will at best tell you that you have an important security patch installed when, in fact, you do not.

But it looks as if the side effects may be worse than, therefore, the terrible Loop Reboot mentioned above.

The fact is that the problem was caused by non-Critical Fix, which was replacing the previously broken-Critical Fix badly enough.

The additional fact that a non-critical fix caused problems due to the interaction with Critical Fix published at the same time just makes things worse.

This is bad news for Microsoft, and bad news for future updates on Tuesdays.

This will probably bring at least a few months to the understandable “Patch reluctance” of many companies, as our commentator Deramin noted at the top of this article.

What to do?

  • If you are not using Windows 7 or Windows 2008 R2, you can relax because it should not affect you.
  • If you have installed both KB3033929 and KB3035131 and have no problems, you can relax, but make sure that both updates are shown as correctly installed.
  • If you have not yet fixed, make sure you apply KB 3035131 first, or let windows make all the update decisions for you.
  • If you have already installed the wrong side, you will need to go back and start again.

You are probably wondering what we think about this.

Will we stick to our often stated mantra "Patch early, patch often", which we not only wrote , but also said loudly this month?

To tell you the truth, the jury is still reviewing its verdict this time.

Ask us again in April 2015 ...