On Patch Tuesday, as I was finishing up the column that follows lamenting the sorry state of Windows 10 patches and providing copious examples of things gone very wrong, a big, fat example landed in my lap (but happily not in my laptop).
Word emerged that Microsoft had accidentally leaked news about a new Server Message Block (SMB) bug with a maximum severity rating, a.k.a. SMBGhost. The leak also said that this bug wasn’t patched in that day’s releases.
I’ll get back to this latest outrage, but first, let’s review the past several months.
I’ve written a lot about Microsoft’s Windows 10 patch foul-ups. Frankly, I’m tired of it. But you know what else I’m tired of? Another month with yet more show-stopping Windows 10 update messes.
And I don’t even use Windows 10 as my main desktop. I primarily use Linux Mint on my desktops and Chromebooks, with Debian Linux running on the side, as laptops. Woe to all of you who have to rely on Windows for work.
I mean, when I look at the Windows 10 patching landscape, I can almost understand why some of you are still sticking with Windows 7. It may be out of date and vulnerable to potential attacks, but at least when you patched it, you didn’t have to wonder what would happen the next time you rebooted your computer.
In February, we saw a standalone security patch — that’s a thing again? — KB 4524244. It was a screw-up. It knocked out a bunch of machines, primarily HP PCs with Ryzen processors. If you had Secure Boot enabled — which you’re supposed to have to keep your PC “safe” — your PCs wouldn’t reboot normally and, in the worst cases, you would have to restore your system. Oh, and even that might fail. Does Microsoft know how to give us a fun time, or what?
Microsoft finally pulled that patch. Thanks, guys, for closing the computer door after the bytes have all ran away.
Then there was KB 4532693. That one, the trusty Woody Leonhard tells us, gobbled desktop icons and moved files on Windows 10 1903 and 1909. It also caused trouble with Windows Server containers up to and including this tidbit: “32-bit applications or processes running inside the container might silently fail.” I love silent failures. Don’t you?
And silent is what Microsoft has been about fixing this one. As I write this, on March 10, these problems are alive, well and causing trouble. Aren’t you glad you paused your updates? Oh, you didn’t? I’m so sorry.
OK, so much for specifics, although if you want more about the details of these and other Windows patch shenanigans, follow Woody. He knows his stuff, and he’ll keep you informed about when to pause updates and how to go about it.
What I want to know is why Microsoft Windows quality assurance (QA) has become a joke, with our machines as the punchline.
I don’t get it. Microsoft introduced its Windows 10 Insider “slow, fast and release rings” to avoid just this kind of nonsense. Windows Insider got its start way back on 30 September 2014. Microsoft has had plenty of time to get the bugs out of this program.
And the latest count I’ve seen has 10 million people enrolled in the Windows Insider program. That’s a lot of beta-testers. No other software testing program even comes close.
To quote Microsoft, “Slow ring builds include Quality Update service packages to fix key issues and also receive the latest Microsoft Security Response Center security fixes shortly after public availability.” So why do the updates fail so hard?
Well, maybe as Woody — smart guy, that Woody — pointed out a few years back, the Insider program is much more marketing than it is a beta-tester program. His preferred term for the beta-testers: “cannon fodder.” In addition, Microsoft doesn’t really do a decent job of helping Insiders post helpful beta reports.
And of those 10 million Insiders, how many are providing useful information? Quick! Which version of Windows 10 are you running? To find out, press the Windows logo key + R, type “winver” in the Open box, and then select OK. Did you know that? Without that basic information, an Insider “bug” report is useless. Microsoft needs to make better use of all those brave early adopters.
Finally, I don’t know how many people Microsoft has working on Windows 10 QA, how much money it pours into the program, and what the expertise level of those people is. But because the results speak louder than words, I do know that Win10 QA is understaffed and under-resourced, with staff that aren’t as experienced as they should be.
Now, about that SMB bug, the latest bombshell from Microsoft. I’m not sure there is a patch for it yet. In case you don’t remember, SMB security holes are the ones responsible for the infamous WannaCry and NotPetya ransomware.
And now, as I wrap this up, it appears that the Patch Tuesday patch will also be delayed. I presume because Microsoft now needs to shoehorn an emergency patch into the Patch Tuesday roundup.
Come on, Microsoft! Enough is enough. Get your QA act together already!