Microsoft squashes SmartScreen security bypass bug exploited in the wild Microsoft fixed 149 security flaws in its own products this week, and while Redmond acknowledged one of those vulnerabilities is being actively exploited, we've been told another hole is under attack, too. The bug the IT giant said was being abused in the wild is CVE-2024-26234, described as a proxy driver spoofing …
Will the subsequent patches keep applying over the failed patch, or will these machines fall off the patching train due to the stalled patch?
Having machines falling off the patching train no matter how many times the user tries to apply updates is a bigger security threat than the recovery partition issue is. Smartscreen bypass and RCE level bugs under active exploit.
For bonus points the recovery partition can be updated or rebuilt successfully and still have the patch report a fail. So you may have both unfixed boxes and ones where the standalone repair script was run successfully both reporting an install failure. All because both the patch and the M$ "repair" script set temp files and registry keys that they may not clean up in the event of a failure followed by a successful installation.
We need to keep publicly and privately hammering on M$ to roll back it's all or nothing patch bundles, or M$ needs to commit to re-issuing an "everything but the problem" patch that will keep people on the patching train when something like this happens, with a suitable window to let staff address fixing dumpster fires that require scrapping your disk provisioning and starting over.
That and maybe update the windows 95 era code and tools for managing disks and volumes. Resize and move operations that actually work aren't an unreasonable ask. So are repair permissions scripts, and expecting the tools to be able to handle secureboot/bitlocker/GPT/UEFI gracefully after 30+ years. Third party tools can do all of this stuff, buy one and make it part of windows if no one left can read the NTFS or bootloader source code any more.
Is there ever any thread on here where somebody doesn't feel the need to post the tedious 'just use Linux' or one of its variations? The readership of a site like this knows about Linux. Most of us have experience with it. If we are using Windows, there's a good reason for doing so. This is a thread about a patching issue with Windows. It's not about Linux.
You fanbois really don't get it, do you?
Do you honestly think that IT staff can make a unilateral decision to make a major switch like this across their organisation? Windows is the standard for client devices (and to an extent with servers) across the board for many organisations. That's just how it is, here in the real world.
And as regards consumer devices, they mostly just aren't available with Linux (other than heavily customised commercial versions such as Android / ChromeOS). The average home user has neither the knowledge nor the interest in trying to install a different operating system on their computer.
If Anon wants to rewrite the ERP system that runs my industry (seriously > 80% share), just so it runs on Linux to stroke his/her ego then crack on. Remember, it starts at order processing, covers design, creates print and CNC files (for machine tools that are controlled by Windows PCs), and includes invoicing and customer service amongst other aspects.
I know (from experience) that Linux powers vast swathes of the world, but the bedroom fantasists who comment here about everyone switching like it's a five minute job just make themselves look like deluded morons.
So your average home user goes down to Currys to get a new laptop. How many Linux options does he/she see (excluding ChromeOS). Almost certainly, that will be none.
They go on the website of any major laptop manufacturer and look at the comsumer laptops. How many will they see with a form of Linux (excluding ChromeOS). Again, probably none (and if there are any they are likely to be at the higher end of the market)
Ask the average user have they even heard of Linux. A few will, but most won't (or at most will have vaguely heard the name). So they ask what is Linux? What does it look like on a computer? To which of course there is no single answer. Start trying to explain about different distros, a common kernel with various shells available, etc, and watch them glaze over.
Hence we are not going to see any sudden increase in home Linux desktop use, outside of the world of IT enthusiasts (plus a few of their relatives who they maintain computers for). Most users will just buy something they've heard of - probably Windows, sometimes a Chromebook or Macbook.
And the same applies in a large number of businesses when it comes to the client devices. They (as in those at the top) want something which they and their users will be familiar with, and which they know will run their business software (including Microsoft Office, which they and their users will all be familiar with). That's mostly going to mean Windows (or Chromebooks in education, Macs in design and communications businesses).
So your average home user goes down to Currys to get a new laptop. How many Linux options does he/she see (excluding ChromeOS). Almost certainly, that will be none.
That wasn't what I said. I said Linux is fine for most home use now. Now you're talking about Currys. I know you can't walk into Currys and buy it because there isn't a big corporation pushing it.
As you originally said "This is a thread about a patching issue with Windows" - and over three months later there is still no fix for the home user. The official mitigation is for the home user to fuck about with diskpart - madness, that's enough to make me blanch. What happens when it gets stuck in a boot loop because the recovery install is b0rked? If MS can't or won't sort this out then alternatives like a well-known Linux distro or ChromeOS Flex are completely viable.
Ask the average user have they even heard of Linux. A few will, but most won't (or at most will have vaguely heard the name). So they ask what is Linux? What does it look like on a computer? To which of course there is no single answer. Start trying to explain about different distros, a common kernel with various shells available, etc, and watch them glaze over.
It looks like Mint, PopOS, or Zorin. Which one do you like the look of the most, that's the one I'll install.
Hence we are not going to see any sudden increase in home Linux desktop use, outside of the world of IT enthusiasts (plus a few of their relatives who they maintain computers for). Most users will just buy something they've heard of - probably Windows, sometimes a Chromebook or Macbook.
When the computer disappears up its own wazoo again and it's out of action until they can find someone to fix it or pay money to get it fixed, they're going to be more receptive to an OS which doesn't blow up when it updates. When the computer starts bugging everyone to throw it away and get a new one for no reason, they're also going to be more receptive.
As for your latest criteria - is it going to be commercially successful? No, apart from ChromeOS and Steam Desk. But is it fine for most home use? Absolutely.
And the same applies in a large number of businesses when it comes to the client devices. They (as in those at the top) want something which they and their users will be familiar with, and which they know will run their business software (including Microsoft Office, which they and their users will all be familiar with). That's mostly going to mean Windows (or Chromebooks in education, Macs in design and communications businesses).
Compare the new Outlook with the old one or look at features coming and going in Word and Excel. Microsoft Office is what MS wants it to look like this year, consistency has gone out the window. So the main reason for sticking with MS has disappeared.
A lot of businesses use the PC as a thin client now and Linux is also fine for that.
A lot of businesses are software houses and Linux is also fine for that.
It's not sold in Currys though, as if that were any measure of quality.
I think you are still missing the point as regards home users. The average home user wants to buy something that works as a simple retail purchase, They aren't going to faff around getting someone (who?) to show them different distros and decide which one they like. And as regards this awkward update, most won't even be aware of it as they won't be checking for failed updates. When W10 EOL comes, they will in many cases just ignore the warnings (as many did with W7 - a common belief seemed to be 'I have antivirus software installed so it will be fine').
You do have a point with business software (new Outlook is shit), but it remains to be seen whether M$ have to roll back on this and keep the existing Outlook.
For those home users where the January update puts their computer into a boot loop and they have no choice but to faff around (or the similar mid-2023 update which could do the same), they might install a noob-friendly Linux distro for their aged clunky desktop or someone they asked to fix their computer might suggest that to them.
I'm not saying 2024 is the year of Linux on the desktop, but Linux is now at 4% of desktop share (6.34% if you include ChromeOS), and the number is creeping up as Windows reliability goes down. Also the ads in Windows can't help either.
They will never have heard of Linux. They won't know where to get Linux. Because they usually have only one computer, even if they knew about Linux and how to get it, they can't, their one computer is not working. They won't know what the problem is. They won't know how to fix it. If they take it to the local computer fix-it guy, he might/might not be able to fix it. If he says that he can install something which will ensure that the user never sees this problem again, great... until he explains that in doing that he will be removing all user applications (including games) and data (including photos and music and movies). Or, worse, if he doesn't warn the user and drops a Linux distro on the system and the user can't get to their stuff and becomes quite annoyed.
Let me make it simple: Joe User is NOT going to go to Linux because of this. Or anything like it. Joe User does not know Linux exists. Joe user wants to play his bought and paid for games; even if the games work under Linux he might have to repurchase, or might have to screw around with WINE or something, and Joe User DOES NOT CARE THAT MUCH. Joe User wants his stuff to work. Joe User wants his documents and photos and music and movies to be where he left them and to work with his apps. Joe User DOES NOT WANT TO LEARN TO USE NEW SOFTWARE, no matter how superior LibreOffice might be to MS Office. He wants his old stuff. Moving to Linux will prevent him from accessing his old stuff the way that he did before. He will not like this.
Joe User might, instead of fixing his old computer, get a new computer. Joe User will not be seeing any Linux machines, except maybe Chromebooks. He will see Macs. He will see Windows. Joe User will buy a new machine, almost certainly a Windows machine because that's what he's used to, and drive on. Perhaps sometime in the future someone could get to Joe User and convince him to give Linux a try, and if he likes it, perhaps he'll move. Right now, all he wants is a working machine which allows him to do what he was doing before, in the way that he was doing it, and doesn't make him learn anything new.
JOE USER IS NOT GOING TO GO TO LINUX.
"JOE USER IS NOT GOING TO GO TO LINUX."
Yep, absolutely. And to add to your list, he may well also want to run iTunes / Apple Music or one or more other subscription music / video services. And those will generally only be available for Windows / Fruity OSs / Android.
"For those home users where the January update puts their computer into a boot loop"
It doesn't cause a boot loop - I've been monitoring a number of machines with the issue since the update was first released. Unless you go into the updates section of the settings, the problem isn't visible. The behaviour is the same with both W10 and Server 2022.
Ok, so here's KB5034441 putting the computer into a boot loop + automatic recovery + failure to fix + reboot + rinse + repeat. It might have been KB5034275 instead of KB5034441, but in either case it's the January 2024 update. And here's another example.
Right, now what:
If he says that he can install something which will ensure that the user never sees this problem again, great... until he explains that in doing that he will be removing all user applications (including games) and data (including photos and music and movies).
Linux has Proton for games these days, you just use Steam to download and launch games... and... er... well... was the ever a time where a Linux distro couldn't open photos, music, and movies? And why would you need to remove photos, music, and movies?
Yep, absolutely. And to add to your list, he may well also want to run iTunes / Apple Music or one or more other subscription music / video services.
It might be news to some people but you can browse websites with Linux too, so that's everything covered apart from perhaps the iTunes music if Joe/Jo User can't get that via the iCloud website (no idea).
In this race the reasons for owning Windows (supposed reliability, consistency) are declining, MS and Apple stops supporting old hardware, and noob Linux distros are getting easier to use. The usage statistics appear to bear that out, non-ChromeOS Linux desktop has risen 1% in the past year, so that's 1% of Joe/Jo Users switching.
"Ok, so here's KB5034441 putting the computer into a boot loop + automatic recovery + failure to fix + reboot + rinse + repeat. It might have been KB5034275 instead of KB5034441, but in either case it's the January 2024 update. And here's another example."
Well I've not seen any boot loops (and I have seen quite a lot of computers with this issue), nor are any mentioned in the threads in the forums I've been following. Which would suggest that it's a very rare problem. On everything I've seen, the installation just fails whenever it's tried.
As regards why people don't move to your favoured Linux, you can come up with all the reasons under the sun why you think they ought to, but the reality shows that they aren't doing so, and there are absolutely no signs that this is going to change. Like a lot of computer enthusiasts, you seriously over-estimate the willingness of the general public to change when they can't see a reason.
"The usage statistics appear to bear that out, non-ChromeOS Linux desktop has risen 1% in the past year, so that's 1% of Joe/Jo Users switching."
Is it? It's entirely possible that this small increase could be due to expansion of Linux use in businesses where it's more likely to be favoured (i.e. the tech and science sectors).
"Will the subsequent patches keep applying over the failed patch, or will these machines fall off the patching train due to the stalled patch?"
Yes, subsequent patches do install, but this one perpetually returns an error.
"Resize and move operations that actually work aren't an unreasonable ask. "
If they have to do it, they need to automate it as part of the patching process. It is not reasonable to expect users to go fiddling around with scripts to resize and move partitions - and that applies to both live servers and to client devices.
Apparently, Mickeysoft has abandoned all its physical, bricks and mortar, stores except for one on 5th Ave in New York. There used to be three near me, now there are zero. All three were in locations which had a Apple Store, all of the Apple Stores were there before MS arrived, all of the Apple Stores are still there.
I blame Brexit. It reached across the Atlantic and torpedoed poor MS. Evil, I tell you, evil. Free Julie the Ass now, so that he can investigate this nefarious plot!
In any case, the only place where we will be seeing Dancing Sales Associates will be in El Reg.
Hmm. El Reg, did you do a story on MS dumping their stores? I must have missed it. Perhaps you could illustrate it with Ballmer doing the Monkey Boy Dance if you ever do one.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
