KB932596 breaks unsigned drivers in x64

Be careful of the KB932596 "update" it stops the "bcdedit -set load options
DDISABLE_INTEGRITY_CHECKS" option working, that a lot of vista x64 users
were using to load unsigned drivers, and the associated MS KB article
doesn't see fit to mention the fact that this is probably the only thing
this ""update" does.

32bit OS users don't have to worry of course as MS never dared to put
"kernel patch protection" in 32bit OSs anyway, because it knew the howls of
outrage that would have happened. I suppose MS figured there were so few
64bit OS users anyway and they were having so many driver issues already one
more thing to put up with wasn't going to make much difference

Peter Lawton

You are correct. KB932596 definitely breaks unsigned drivers. For me, it
killed VMWare Server on Vista X64. If it killed anything else, I don't know
because I rolled back to a restore point and installed all the new updates
except KB932596.

I hope Microsoft undoes this undocumented feature change disguised as a
critical security patch. When critical patches are used for marketing
advantage, it wrecks confidence in the entire Windows Update model.


Dale

--
Dale Preston
MCAD C#
MCSE, MCDBA


"Peter Lawton" wrote:

> Be careful of the KB932596 "update" it stops the "bcdedit -set load options
> DDISABLE_INTEGRITY_CHECKS" option working, that a lot of vista x64 users
> were using to load unsigned drivers, and the associated MS KB article
> doesn't see fit to mention the fact that this is probably the only thing
> this ""update" does.
>
> 32bit OS users don't have to worry of course as MS never dared to put
> "kernel patch protection" in 32bit OSs anyway, because it knew the howls of
> outrage that would have happened. I suppose MS figured there were so few
> 64bit OS users anyway and they were having so many driver issues already one
> more thing to put up with wasn't going to make much difference
>
> Peter Lawton
>
>

Yes, if this "feature" was at all critical for the users security MS would
have rolled it out to 32bit Vista as well.

I 'm getting the feeling that when MS says Vista has much improved security
what they mean is that they've improved security for all their DRM, at the
expense of functionallity for all their paying customers who definately
don't like it or want it.

Rather ironic that MS has just spent so much time and effort jumping on the
DRM/activation bandwagon just as everyone else, even the record industry, is
finally realising it's counter productive and only succeeds in alianating
all your paying customers.

Peter Lawton

"Dale" <> wrote in message
news:37F65297-F83F-457D-AFDC-...
> You are correct. KB932596 definitely breaks unsigned drivers. For me, it
> killed VMWare Server on Vista X64. If it killed anything else, I don't
> know
> because I rolled back to a restore point and installed all the new updates
> except KB932596.
>
> I hope Microsoft undoes this undocumented feature change disguised as a
> critical security patch. When critical patches are used for marketing
> advantage, it wrecks confidence in the entire Windows Update model.
>
>
> Dale
>
> --
> Dale Preston
> MCAD C#
> MCSE, MCDBA
>
>
> "Peter Lawton" wrote:
>
>> Be careful of the KB932596 "update" it stops the "bcdedit -set load
>> options
>> DDISABLE_INTEGRITY_CHECKS" option working, that a lot of vista x64 users
>> were using to load unsigned drivers, and the associated MS KB article
>> doesn't see fit to mention the fact that this is probably the only thing
>> this ""update" does.
>>
>> 32bit OS users don't have to worry of course as MS never dared to put
>> "kernel patch protection" in 32bit OSs anyway, because it knew the howls
>> of
>> outrage that would have happened. I suppose MS figured there were so few
>> 64bit OS users anyway and they were having so many driver issues already
>> one
>> more thing to put up with wasn't going to make much difference
>>
>> Peter Lawton
>>
>>

And if it were really a security patch it would be described clearly in the
KB article rather than disguised as an update to kernel patching protection.

They didn't fully disable the use of unsigned drivers but they did remove
the ability to persist that setting in boot configuration using the bcdedit
tool. Now you have to press F8 to get the boot menu and choose Disable
Driver Signature Enforcement.

So that change has nothing at all to do with kernel patching protection but
is simply a feature change disguised as a "critical update".

--
Dale Preston
MCAD C#
MCSE, MCDBA


"Peter Lawton" wrote:

> Yes, if this "feature" was at all critical for the users security MS would
> have rolled it out to 32bit Vista as well.
>
> I 'm getting the feeling that when MS says Vista has much improved security
> what they mean is that they've improved security for all their DRM, at the
> expense of functionallity for all their paying customers who definately
> don't like it or want it.
>
> Rather ironic that MS has just spent so much time and effort jumping on the
> DRM/activation bandwagon just as everyone else, even the record industry, is
> finally realising it's counter productive and only succeeds in alianating
> all your paying customers.
>
> Peter Lawton
>
> "Dale" <> wrote in message
> news:37F65297-F83F-457D-AFDC-...
> > You are correct. KB932596 definitely breaks unsigned drivers. For me, it
> > killed VMWare Server on Vista X64. If it killed anything else, I don't
> > know
> > because I rolled back to a restore point and installed all the new updates
> > except KB932596.
> >
> > I hope Microsoft undoes this undocumented feature change disguised as a
> > critical security patch. When critical patches are used for marketing
> > advantage, it wrecks confidence in the entire Windows Update model.
> >
> >
> > Dale
> >
> > --
> > Dale Preston
> > MCAD C#
> > MCSE, MCDBA
> >
> >
> > "Peter Lawton" wrote:
> >
> >> Be careful of the KB932596 "update" it stops the "bcdedit -set load
> >> options
> >> DDISABLE_INTEGRITY_CHECKS" option working, that a lot of vista x64 users
> >> were using to load unsigned drivers, and the associated MS KB article
> >> doesn't see fit to mention the fact that this is probably the only thing
> >> this ""update" does.
> >>
> >> 32bit OS users don't have to worry of course as MS never dared to put
> >> "kernel patch protection" in 32bit OSs anyway, because it knew the howls
> >> of
> >> outrage that would have happened. I suppose MS figured there were so few
> >> 64bit OS users anyway and they were having so many driver issues already
> >> one
> >> more thing to put up with wasn't going to make much difference
> >>
> >> Peter Lawton
> >>
> >>
>
>
>

I tried uninstalling the patch, but even after uninstalling, it forces
me to use the F8 option. I checked that the DDISABLE_INTEGRITY_CHECKS
loadoption was set.

Hooray, now I have to buy a new TV tuner card... for no reason.

Does anyone know of a way to recover from this patch?

Because there has been no word from Microsoft on this issue, and no patch to
the patch, I am quickly coming to the conclusion that what was earlier just
an assumption is, in fact, a fact: that this feature change poorly disguised
as a security patch was an intentional ploy by Microsoft to force driver
makers to update and sign their drivers.

Before this change, users could get around unsigned drivers so they probably
did not exert much pressure on the driver creators to update those drivers.

The behavior of this patch is such that users still have a way around the
unsigned drivers but now that work-around becomes a real nuisance. Could it
be that Microsoft is doing this to shanghai their customers into the fight
against unsigned drivers?

Dale
--
Dale Preston
MCAD C#
MCSE, MCDBA


"" wrote:

> I tried uninstalling the patch, but even after uninstalling, it forces
> me to use the F8 option. I checked that the DDISABLE_INTEGRITY_CHECKS
> loadoption was set.
>
> Hooray, now I have to buy a new TV tuner card... for no reason.
>
> Does anyone know of a way to recover from this patch?
>
>

"Dale" <> schrieb:

> Because there has been no word from Microsoft on this issue, and no patch to
> the patch, I am quickly coming to the conclusion that what was earlier just
> an assumption is, in fact, a fact: that this feature change poorly disguised
> as a security patch was an intentional ploy by Microsoft to force driver
> makers to update and sign their drivers.

You may wanna make note of
http://www.microsoft.com/whdc/driver...patch_FAQ.mspx and
http://www.microsoft.com/technet/sec...ry/932596.mspx and i.e.
http://www.heise-security.co.uk/news/94424

Bye,
Freudi

I think one of the recent Vista "performance" patches also stops the kernel
patch protection workaround.

Despite all the helpful references people are giving to MS documents about
kernel patch protection I can't find any that inform us that any of the
recent updates stop the "bcdedit -set load options
DDISABLE_INTEGRITY_CHECKS" working, when at least two, possibly three of the
recent patches do exactly that.

My suspicion is that stopping "bcdedit -set load options
DDISABLE_INTEGRITY_CHECKS" working is the only thing that KB932596 does, at
least MS has published nothing at all about what it does to say any
different

Also if kernel patch protection is so vital for users security that the
option to disable it has to be removed without warning, then why does MS
think it's only the few users of x64 versions that need this "protection",
who are mostly very technically aware anyway, rather than the multitude of
32bit version users who largely aren't as technically savvy and would
presumeably need the "protection and stability" far more?

Something stinks about this whole thing

Peter Lawton


"Dale" <> wrote in message
news:98527E5E-D5BC-499E-8C31-...
> Because there has been no word from Microsoft on this issue, and no patch
> to
> the patch, I am quickly coming to the conclusion that what was earlier
> just
> an assumption is, in fact, a fact: that this feature change poorly
> disguised
> as a security patch was an intentional ploy by Microsoft to force driver
> makers to update and sign their drivers.
>
> Before this change, users could get around unsigned drivers so they
> probably
> did not exert much pressure on the driver creators to update those
> drivers.
>
> The behavior of this patch is such that users still have a way around the
> unsigned drivers but now that work-around becomes a real nuisance. Could
> it
> be that Microsoft is doing this to shanghai their customers into the fight
> against unsigned drivers?
>
> Dale
> --
> Dale Preston
> MCAD C#
> MCSE, MCDBA
>
>
> "" wrote:
>
>> I tried uninstalling the patch, but even after uninstalling, it forces
>> me to use the F8 option. I checked that the DDISABLE_INTEGRITY_CHECKS
>> loadoption was set.
>>
>> Hooray, now I have to buy a new TV tuner card... for no reason.
>>
>> Does anyone know of a way to recover from this patch?
>>
>>

what about system restore ! move back before the patch


"" wrote:

> I tried uninstalling the patch, but even after uninstalling, it forces
> me to use the F8 option. I checked that the DDISABLE_INTEGRITY_CHECKS
> loadoption was set.
>
> Hooray, now I have to buy a new TV tuner card... for no reason.
>
> Does anyone know of a way to recover from this patch?
>
>