Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

KB932596 breaks unsigned drivers in x64

78 views
Skip to first unread message

Peter Lawton

unread,
Aug 15, 2007, 2:15:39 AM8/15/07
to
Be careful of the KB932596 "update" it stops the "bcdedit -set load options
DDISABLE_INTEGRITY_CHECKS" option working, that a lot of vista x64 users
were using to load unsigned drivers, and the associated MS KB article
doesn't see fit to mention the fact that this is probably the only thing
this ""update" does.

32bit OS users don't have to worry of course as MS never dared to put
"kernel patch protection" in 32bit OSs anyway, because it knew the howls of
outrage that would have happened. I suppose MS figured there were so few
64bit OS users anyway and they were having so many driver issues already one
more thing to put up with wasn't going to make much difference :(

Peter Lawton

Peter Lawton

unread,
Aug 20, 2007, 4:50:39 AM8/20/07
to
Yes, if this "feature" was at all critical for the users security MS would
have rolled it out to 32bit Vista as well.

I 'm getting the feeling that when MS says Vista has much improved security
what they mean is that they've improved security for all their DRM, at the
expense of functionallity for all their paying customers who definately
don't like it or want it.

Rather ironic that MS has just spent so much time and effort jumping on the
DRM/activation bandwagon just as everyone else, even the record industry, is
finally realising it's counter productive and only succeeds in alianating
all your paying customers.

Peter Lawton

"Dale" <dale...@nospam.nospam> wrote in message
news:37F65297-F83F-457D...@microsoft.com...
> You are correct. KB932596 definitely breaks unsigned drivers. For me, it
> killed VMWare Server on Vista X64. If it killed anything else, I don't
> know
> because I rolled back to a restore point and installed all the new updates
> except KB932596.
>
> I hope Microsoft undoes this undocumented feature change disguised as a
> critical security patch. When critical patches are used for marketing
> advantage, it wrecks confidence in the entire Windows Update model.
>
>
> Dale
>
> --
> Dale Preston
> MCAD C#
> MCSE, MCDBA

Dale

unread,
Aug 20, 2007, 10:22:00 AM8/20/07
to
And if it were really a security patch it would be described clearly in the
KB article rather than disguised as an update to kernel patching protection.

They didn't fully disable the use of unsigned drivers but they did remove
the ability to persist that setting in boot configuration using the bcdedit
tool. Now you have to press F8 to get the boot menu and choose Disable
Driver Signature Enforcement.

So that change has nothing at all to do with kernel patching protection but
is simply a feature change disguised as a "critical update".

Message has been deleted

Ottmar Freudenberger

unread,
Aug 23, 2007, 3:15:53 PM8/23/07
to
"Dale" <dale...@nospam.nospam> schrieb:

> Because there has been no word from Microsoft on this issue, and no patch to
> the patch, I am quickly coming to the conclusion that what was earlier just
> an assumption is, in fact, a fact: that this feature change poorly disguised
> as a security patch was an intentional ploy by Microsoft to force driver
> makers to update and sign their drivers.

You may wanna make note of
http://www.microsoft.com/whdc/driver/kernel/64bitpatch_FAQ.mspx and
http://www.microsoft.com/technet/security/advisory/932596.mspx and i.e.
http://www.heise-security.co.uk/news/94424

Bye,
Freudi

Peter Lawton

unread,
Aug 24, 2007, 4:32:17 AM8/24/07
to
I think one of the recent Vista "performance" patches also stops the kernel
patch protection workaround.

Despite all the helpful references people are giving to MS documents about
kernel patch protection I can't find any that inform us that any of the
recent updates stop the "bcdedit -set load options
DDISABLE_INTEGRITY_CHECKS" working, when at least two, possibly three of the
recent patches do exactly that.

My suspicion is that stopping "bcdedit -set load options
DDISABLE_INTEGRITY_CHECKS" working is the only thing that KB932596 does, at
least MS has published nothing at all about what it does to say any
different

Also if kernel patch protection is so vital for users security that the
option to disable it has to be removed without warning, then why does MS
think it's only the few users of x64 versions that need this "protection",
who are mostly very technically aware anyway, rather than the multitude of
32bit version users who largely aren't as technically savvy and would
presumeably need the "protection and stability" far more?

Something stinks about this whole thing

Peter Lawton


"Dale" <dale...@nospam.nospam> wrote in message

news:98527E5E-D5BC-499E...@microsoft.com...


> Because there has been no word from Microsoft on this issue, and no patch
> to
> the patch, I am quickly coming to the conclusion that what was earlier
> just
> an assumption is, in fact, a fact: that this feature change poorly
> disguised
> as a security patch was an intentional ploy by Microsoft to force driver
> makers to update and sign their drivers.
>

> Before this change, users could get around unsigned drivers so they
> probably
> did not exert much pressure on the driver creators to update those
> drivers.
>
> The behavior of this patch is such that users still have a way around the
> unsigned drivers but now that work-around becomes a real nuisance. Could
> it
> be that Microsoft is doing this to shanghai their customers into the fight
> against unsigned drivers?


>
> Dale
> --
> Dale Preston
> MCAD C#
> MCSE, MCDBA
>
>

> "andrew....@gmail.com" wrote:
>
>> I tried uninstalling the patch, but even after uninstalling, it forces
>> me to use the F8 option. I checked that the DDISABLE_INTEGRITY_CHECKS
>> loadoption was set.
>>
>> Hooray, now I have to buy a new TV tuner card... for no reason.
>>
>> Does anyone know of a way to recover from this patch?
>>
>>


spearmant

unread,
Sep 7, 2007, 10:56:00 PM9/7/07
to
what about system restore ! move back before the patch
0 new messages