Wednesday, October 27, 2010

KB976902 - "Black Hole" update

Update February 27, 2011 - Windows 7 Service Pack 1 appeared in my update queue with the checkbox unchecked. Hmm. To update or not to update?

Update January 14, 2011 - This appeared again in my Windows Updates. I figure installing it is okay now that Microsoft appears to have their ducks in a row. After the first fiasco, they probably took their time to release it correctly. This is the precursor to installing Windows 7 SP1. From Microsoft's website: "Windows 7 SP1 Release-to-Manufacturing (RTM) will be available in the first half of calendar year 2011. When released, it will be made available as an integrated release." This updates the installer in Windows 7 so it can upgrade to SP1 later. SP1 isn't available yet.

What follows is the original post.

Today, a mysterious Windows Update was released to all Windows 7 users. I'm going to preface this by saying what some Microsoft MVPs are saying: DO NOT INSTALL!

The update says, "Install this update to enable future updates to install successfully on all editions of Windows 7 or Windows Server 2008 R2. This update may be required before selected future updates can be installed. After you install this item, it cannot be removed."

This update appears to only be known as the "Black Hole update". No one knows precisely what this does but it appears to be a precursor requirement to installing Windows 7 SP1 - why it can't included with SP1 itself is unknown. There is no knowledgebase article (HIGHLY UNUSUAL!) despite having a KB article number.

---

Update (Oct 27, 2010): Korablikovas (see comments) pointed out that this update is not localized. In my extensive experience, Microsoft localizes just about everything that they publish. Which makes this update even more of an oddity and quite disconcerting. No official word yet from Microsoft on this issue (although someone decided to mark a reply an answer in the "semi-official" Microsoft forum post). Still no KB article. It appears that this update creates a System Restore point prior to installation, so if you accidentally installed the update and want to roll back the installation, you can use System Restore to do so.

Update #2 (Oct 27, 2010): Reports of this update disappearing from the "hidden" updates queue are cropping up. I can confirm that this update has vanished from my own queue and can also confirm that it wasn't installed. Looks like Microsoft redacted this update from any computer that hadn't applied it yet. As I somewhat suspected as I learned more from various sources, this was possibly just an accidental release of a piece of the RC build of Service Pack 1 - some sort of precursor component upgrade related to Windows Installer/MSI stuff. There's some people freaking out over this being a WGA update - apologies if anyone was lead to believe that from this post. And then there are the idiots who believed the TechArp April Fool's joke. It does bother me a bit that Microsoft can remotely redact updates but I've got mixed feelings on this particular update regarding redaction. I'd rather have remote redaction than have it still in everyone's queue who hasn't installed it. The problem Microsoft has to deal with now is those people who installed the update prematurely to roll them all back to a consistent state with the rest of us. That's probably a more difficult problem and Microsoft will likely take the approach of leaving well-enough alone until Service Pack 1 officially releases. I do recommend that Microsoft change the language of this update to not be so mysterious/suspicious and to get an actual KB article for the update put together ASAP. However, the potential disaster this could have been seems to have been averted for the time-being.

Update #3 (Oct 29, 2010): There is now a KB Article that goes along with this update. I didn't actually come up with the name "Black Hole", I just saw other people using it to describe the update because when a search was made for a KB article of the same number on the support site, no search results occurred. That is, the link and search went nowhere - a black hole. And, since it was redacted from the queues of those who did NOT install it, we can assume that Microsoft made a mistake by releasing it early. Of course, there is no word yet on what Microsoft plans to do for those people who installed the update prematurely.

What follows is original content for historical purposes.

---

The best information I've seen about this update is here, which says:

"In preparation for supporting a new Windows image, this update is updating the servicing stack to 6.1.7601.17105 including Component Based Servicing, Component Management Infrastructure, Package Manager, and Windows Management Instrumentation. This is to support Windows 7 and Windows 2008 R2 SP1."

I ran a quick Google search for portions of that text and simply came up with that blog entry again. So I have no idea how that person got that information (perhaps an internal TechNet memo). It looks like something Microsoft might write - just generic enough to be basically meaningless except to the few people who are nerdy enough to know what it likely means. I recognize a few terms but it is rather vague on the details.

Before people go crazy, I should point out that someone on that page linked to an "article" that will scare people who don't pay careful attention. It took me a while to figure out that it was an April Fool's joke. Bloggers and other media sources need to be VERY careful when republishing on this one.

The description indicates that it is an update to the installer components and therefore could merely be a mistake on Microsoft's part for not publishing a KB article. However, it could be a lot more sinister than that as well. As we already know, Microsoft is evil. Google, of course, does no evil.

Due to the speculation and the weird message in Windows Update, hold off on installing it until we know for sure what it is that is being foisted off on us. If anyone from Microsoft reads this - you need to work on being more transparent about your updates and seriously improve your public relations image. The way this update is worded and the mysteriousness surrounding it makes it look like another WGA-style fiasco in the works - and trying to sneak it by hoping it goes unnoticed. Guess what? I noticed it right away. Your pants are down...again.

Microsoft is baffled as to why people prefer Google. Straighten up, fly right, and stop treating your customers like we're unintelligent and incapable of running Google searches. Keep in mind that I'm a software developer. Here - have a reminder of who you actually cater to:



Developers! Developers! Developers! Developers!
...
Deodorant! Deodorant! Deodorant! Deodorant!

40 comments:

  1. Just keep on putting your foot in your mouth, it makes for a good read. :)

    Oh and thanks for the heads up!!

    I'm Glad i dont use Windows so often.

    ReplyDelete
  2. Thanks. This updated immediately set off my B.S. detector with the vague wording and the lack of a KB article.

    Most people wouldn't know to check, but I don't need Microsoft breaking my install... again. :)

    As for now, I strongly suggest everyone take op's advice and *DON'T INSTALL IT UNTIL SOMEONE POSTS EXACTLY WHAT IT DOES TO YOUR SYSTEM*.

    ReplyDelete
  3. I wonder why they haven't integrated spyware on Windows installation DVD? Why they have to do the tricks with Windows Update?

    ReplyDelete
  4. I saw this update too, and what make me research for it (and arriving here), is that my windows is in Portuguese, so (naturally), every update shows in portuguese too, except for this one, that shows up in the list of updates in english. Its strange that a update is released for everyone, without been localized (at least i've never saw this before). And googling about it shows that there is more strange facts about this one, so i'll folow your advice and dont install it yet :)
    thanks,
    Rafael

    ReplyDelete
  5. @pandorasbox - Not sure how to take that but I'm glad I can entertain while also providing a useful resource!

    @Korablikovas - That's a bit disconcerting. I agree that Microsoft always localizes updates before releasing them. That makes this update even more unusual. I'll update the article.

    ReplyDelete
  6. The update wound up on my computer last night. With my lazy habits, I just kept auto updates enabled. It doesn't seem to have had any effect on the computer itself. As a version of Windows ages (happened with XP, 2000, 98), they've required minor updates here and there for newer ones to install and they usually pertain to how software is delivered and/or installed so possibly that could be something to do with it.

    ReplyDelete
  7. I indeed noticed the same thing as I wanted to shut down my PC, and it notified me that there were updates available.
    'After installation this cannot be removed'....BS-detector went through the roof ;)
    After some more reading, I found out that it can be removed via system recovery. When windows installs updates, it makes a system recovery point. Use that one (or an earlier one for that matter) and its gone again.
    I have hidden the update for now, and will check the interwebs for more information as it emerges.

    ReplyDelete
  8. He's right. I thought the same thing when I looked at the description. Also, gross gross gross he's sweating like a pig. Yuck.

    ReplyDelete
  9. This update was auto-installed last night at 3 AM. I woke up to my machine telling me my copy of Windows 7 was not genuine - with the Black screen. HELLO - MY COPY IS GENUINE. In addition - the Mcafee Firewall was broken, as was the system log. A number of services would not run, and the network card in the device manager had an error, telling me that there were registry errors preventing it from running. At first I thought I had bad sectors on my HD, or the computer acquired a virus. After doing backups on critical data, I did a system retore to the point before last nights update - and walla - back to normal, with a message that four updates were awaiting. I already had turned off autoupdate. One of the updates was in fact KB976902. DO NOT INSTALL THIS UNTIL MORE IS KNOWN. G. Powell Sierra Vista, AZ

    ReplyDelete
  10. Love it, well put. Not a developer, but a private tech myself. Windows keeps us troubleshooters in business you know ;). Checking my updates, manually of course(auto-update is the devil), I noticed, specifically, the vagueness of the description immediately preceding "...it cannot be removed". Then noticed the lack of official kb article. I don't know what MS thinks we're smoking, but we all remember WGA and know WAT is WAT. People with nothing to hide, hide nothing. Lets at least see a kb sheet.

    ReplyDelete
  11. MS are sneaky bastards!

    ReplyDelete
  12. @Mrph - I don't know about that. It is more like they are human but they just happen to make more mistakes than most people. I'm generally willing to let people have the benefit of the doubt. Microsoft has 50,000+ employees. Mistakes are bound to happen. Perhaps this update was unintentionally pushed out early. In which case, people who installed this update will possibly end up having to install another update later to fix any issues with this update and perhaps they may redact this update for those who wait. There is probably a Microsoft engineer, powered with either coffee or beer*, in a cubicle somewhere working on fixing this issue.

    * Microsoft literally has a cart that goes around that offers alcoholic beverages to employees. I affectionately call it the "beer cart". Supposedly Ballmer got upset when they stopped deploying the beer cart once upon a time - it was supposedly restored shortly after that.

    ReplyDelete
  13. Hilarious video! And jeez imagine Bill Gates jumping around like that! Ridiculous. The man has made a mockery out of himself. If it weren't for people like Steven Sinofsky who developed Windows 7 which was the saving grace of Microsoft, who knows how much farther into the stone-age Microsoft's Chief Software Architects would have taken the company. I guess Balmer deserves some credit for giving Sinofsky a free hand to get it right.

    You're completely on the money. Microsoft shouldn't push out updates belligerently and without proper KB articles to boot. It's fine if you don't want to jump the gun on an SP1 announcement, but at least don't act sneaky! Be transparent and bundle the update with SP1.

    Microsoft PR, what are you doing? With the amount of bad press you've been getting with your sneaky updates, any half-wit would realize if you were so compulsively bound to release such shady updates, you should release a press release at least a day in advance detailing what the possibly suspect update is all about. And if you can't even do that, at least post a proper KB article! The bloggers who're gonna bad mouth you are the ones who read the update descriptions carefully. The average Windows user doesn't care and doesn't bother until something goes wrong with their system and they look cross-eyed and indignant. Learn a few lessons from Apple who've been trying to bundle Safari installers with their iTunes updates (what was that all about!?)

    This won't hurt your bottom line, but it hurts Windows users who stay loyal to you not because they've been using Windows because Microsoft made it, but because they themselves have invested time and resources into this OS and feel a part of its development cycle.

    Microsoft gathered input about feature requests from several ordinary PC families before the release of Windows 7. Maybe they should visit a few developer families and see what they have to say about the OS. It's them who're going to write about your OS later.

    ReplyDelete
  14. Just noticed even more suspicious WU activity. I clearly remember I hid the 10.2 MB update and just now when I ran WU, it showed up again! Can anyone confirm or is it just me being paranoid?

    ReplyDelete
  15. " If it weren't for people like Steven Sinofsky "
    Perhaps you don't read the Mini-Microsoft Blog:
    http://minimsft.blogspot.com/

    See what the comments say about him from present and past MS employees. He's not held in high regard and I won't use some of the language that is posted there on this blog.

    ReplyDelete
  16. I have seen the update and tried to install it, well, with: Intel Corporation - Display - Mobile Intel(R) 4 Series Express Chipset Family update, media center update and the 2 other kb. I do not know why but I had a black screen and a reboot...

    I just thinked it was because of the intel chipset update, it does that everytime when it have to update, but... now I'm not sure... so when my computer rebooted the kb976902 and intel chipset were not in windows update and they were not in the list of update installed, the 3 others were (media center and the 2kbs).

    So I restored my system and the intel chipset update reappeared, but no trace of the KB976902...

    Do I have to manually find that update? download and install it? or will it reappear in Windows Update?

    ReplyDelete
  17. I hid this update earlier this morning, and now it isn't showing up when I go to restore hidden updates. Anyone else have this happen?

    ReplyDelete
  18. I have Windows 7 64bit, installed this last night. Tried to do a system restore back on 10-25, this patch is "still" installed, if it was not, then Windows Update would be prompting it to be installed after this system restore. This is definetly a really screwed up patch. Also noted around the internet Microsoft "STILL" has not posted a description of what this patch is on the KB976902 link. Two things. Either one, this is a comprise of Windows Update, (which would bring in a whole new security vector to start thinking about) and Microsoft is not notifying the public yet because they are trying to fix this with another update (damage control) or
    2) This was a beta that got slipped in somehow and Microsoft trying to make a patch to verse the install (again, damage control)

    ReplyDelete
  19. Ug. I de-selected this update but ran some other optional updates. However KB976902 is now in the list of installed updates. Be careful!

    ReplyDelete
  20. PreyingRazor said he hid 976902 and it came back - I just left it unhidden and uninstalled and it WENT AWAY. Nothing in installed updates, hidden updates, waiting updates. Windows thinks it is up to date, but the Black Hole has disappeared!!

    ReplyDelete
  21. It would appear that Microsoft has the ability to redact updates. I've updated the article to reflect that some people are experiencing that this update simply vanishes from their queues, including myself.

    The ability to remotely redact is slightly disconcerting but I'd rather they do that in this particular case than leave it in the queue. As long as remote redaction is a VERY rare event for special circumstances like this, then it is probably fine.

    ReplyDelete
  22. After observing this MS update and was leery of it. I unchecked it but did not hide it. When I shut down windows 7 it started doing a update so I did a hard shut down. I have not noticed any problem with my system. However, I decided to search my registry for KB976902 and this showed up.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB976902~31bf3856ad364e35~amd64~~6.1.1.17105
    It is in my registry a lot and will not let me delete any of the entries. Not sure what this means but I would like to get it out of my reg.

    ReplyDelete
  23. If you forced a shutdown of Windows prematurely, then who knows what state your computer is in. You should try a System Restore to see if you can get rid of it that way (and fix the system).

    ReplyDelete
  24. Compromising Windows Update would be a hacker's dream come true. All Windows Updates are signed - so any hacker would have to get their hands on the code signing certificate - or forge their own...which would carry a whole slew of implications. It is hopefully quite impossible to pull off either stunt from the outside. There is hopefully a whole sign-off process that takes place to get an update onto the Windows Update server that separates signing the code and putting it on the server. There should probably also be a post-signing process as well that signs something on the Windows Update servers saying it is okay to release something, who signed off on it, etc. So, when something goes "horribly wrong", there is an audit trail.

    ReplyDelete
  25. I found the same reg entry as hot_rod4555 when searching for KB976902, but I found only one occurrence of KB976902.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB976902~31bf3856ad364e35~amd64~~6.1.1.17105

    I haven't noticed any strange behavior, but I was curious to see if this was in my registry as well. I have my updates set to "Check for updates, but let me choose", so it shouldn't be on my computer at all, right? I had the update hidden and didn't install it. I did install the other updates, but the KB967902 was still in my list of hidden updates after rebooting. Of course, as I stated in my earlier post, it was redacted several hours later though. I don't want to get paranoid, but I do wonder if something was installed without my knowledge. It doesn't show up in the list of installed updates.

    So does anyone else have this reg entry or know what it means? I really don't know enough about the registry to understand why it's there.

    ReplyDelete
  26. Its no longer a "black hole" anymore. It now have its own KB article: http://support.microsoft.com/kb/976902. You are right. It is related to Win7 Service packs

    ReplyDelete
  27. @cripple - The Windows Registry is where Microsoft and most software applications dump information. It is probably one of the dumber things Microsoft has ever built but we are stuck with it. If you hid this update, it put a reference to it in the Windows Registry so that, even after a reboot, Windows would know that particular update was hidden.

    Of course, when the real update comes along, we'll have to go into our hidden updates to install it. A minor nuisance.

    ReplyDelete
  28. Thanks Thomas. I do have a basic idea of what the registry is, but I had no idea something as simple as hiding an update would create its own reg entry. Seems like it would get pretty bloated over time if it stores that much useless information and probably causes some bugs in the system as well.

    ReplyDelete
  29. @cripple - Welcome to Windows. :)

    ReplyDelete
  30. The update is back today.
    Should I install it or what?

    ReplyDelete
  31. So, here it is January 4, 2011. I didn't install the update before. Today, it surfaced on my update list again, along with 4 other updates.

    ReplyDelete
  32. appeared in update list today for me.
    It still looks strange even with the kb decription.
    ..and google lead me to this page.
    What's the current consensus on it ?

    ReplyDelete
  33. The update needs your Windows 7 to be Genuine. If I am not wrong MS has initiated a new policy for SP 1 welcoming. We may not upgrade to SP 1 if we are running non-genuine (read pirated) Windows 7.

    ReplyDelete
  34. This KB article popped up again today in my choices to download (in the UK). By default it is un-ticked. There also appears to be a proper KB article for it this time, complete with a list of all files affected.

    ReplyDelete
  35. Interestingly, the KB article says it does not require rebooting but my Windows Update said it might. Not being able to uninstall something is a bit unnerving but I installed it this time. No apparent issues.

    I only just received the update today. Looks like it might be a "slow push" so that only small numbers of people get the update at a time instead of everyone all at once.

    ReplyDelete
  36. I installed it and my legal copy of Windows...now isn't!

    ReplyDelete
  37. No problems here. None of the WGA components appear to be updated with this update. Maybe something tripped WGA on your system? This post:

    http://social.technet.microsoft.com/Forums/en/w7itprosecurity/thread/1c3ddce6-ebc0-4e47-8b87-d2591cd87612

    Might help you.

    ReplyDelete
  38. This update was applied automatically by windows update yesterday, and this morning I now have no LAN connectivity. DHCP fails to obtain an IP address. My copy of Win7 is genuine.

    ReplyDelete
  39. Didn't install it when it appeared localized one month ago. But it was applied automatically yesterday. All my former restore points were listed, but suddenly, they disappeared. Anyway, no problem until now.
    (Why does Microsoft not apply updates automatically, for web browser, for example?)

    ReplyDelete
  40. Some news: it looks like, for some reason, the parameters of Windows Update I set (just check for updates, do not install nor download any of them and let me the choice), changed to "Automatically install updates" before this KB976902 got installed. Now I saw it, I wanted to change and return to my previous settings. Windows does not like it, as I have the Action Center icon in the task bar all the time, with the message "Change your Windows Update settings"...

    ReplyDelete