Do NOT remove security update kb917422 to play BF 2142!

Smilin · Oct 20, 2006

If you remove that update to get BF 2142 to run you are not only leaving yourself vulnerable you are providing a mechanism for your vulnerability to be known.

All anyone has to do to get a list of vulnerable machines is start a BF 2142 server and record the IPs that connect. Every IP is a machine with a known vulnerability.

Please let this sink in.

I recommend the boycott (see sticky here in software forum). Otherwise I recommend you wait patiently until EA releases a fix.

Edit: See if this hotfix allows you to leave the security update in place and still run 2142:
http://support.microsoft.com/kb/924867/

If not, I again urge you to wait for a fix from EA. Don't take that security update off; it's a big one.

n0cmonkey · Oct 20, 2006

You're giving away my strategy. Penis spam was going to pay for my vacation. :|

Smilin · Oct 20, 2006

Funniest thing I've read all day.

I think it's probably killed any chance of this thread getting a sticky though. Nice work

Kromis · Oct 20, 2006

Ahh, nice! Penis spam! Thanks for the heads up, mate!

pontifex · Oct 20, 2006

so you guys won't be playing the game until January then, right? lol

BladeVenom · Oct 20, 2006

You really think they'll have it fixed that soon? It's only a security problem; it doesn't effect them or their advertisers. You don't think the people running EA actually play BF 2142, do you?

Maximilian · Oct 20, 2006

Thats a really really good idea! (if your a hacker type) I wonder if the hacker types will have figured out that they can find out whos vulnerable with BF2142.

pontifex · Oct 20, 2006

Originally posted by: BladeVenom
You really think they'll have it fixed that soon? It's only a security problem; it doesn't effect them or their advertisers. You don't think the people running EA actually play BF 2142, do you?

hehe, oh yeah, i forgot. the patch to fix it will come out in january but it won't actually fix it. Rather, it will add several new bugs on top of it.

Syppion · Oct 21, 2006

While I agree that removing the security update is a bad idea, the blame for the conflict falls on Microsoft - not EA or DICE.

Apparently this 'bug' in kb917422 has been around since it's release, conflicting with several "low-key" applications. Fortunately Microsoft released a hotfix (here) on the 19th.

I suspect the influx of bf2142 players (or EA's clout?) convinced Microsoft to release a hotfix. Either way, this problem is solved.

MemberSince97 · Oct 21, 2006

Originally posted by: Syppion
While I agree that removing the security update is a bad idea, the blame for the conflict falls on Microsoft - not EA or DICE.

Apparently this 'bug' in kb917422 has been around since it's release, conflicting with several "low-key" applications. Fortunately Microsoft released a hotfix (here) on the 19th.

I suspect the influx of bf2142 players (or EA's clout?) convinced Microsoft to release a hotfix. Either way, this problem is solved.

Thanks for the link, I was wondering when this was going to be fixed...

This issue with kb917422 has been affecting many other games from playing (FEAR, MM Dark Messiah) over 2 months later a fix has come.

Stuxnet · Oct 21, 2006

Regardless of who's fault it is, the whole BF2142 debacle gets better and better every day.

Captante · Oct 22, 2006

Originally posted by: Syppion
While I agree that removing the security update is a bad idea, the blame for the conflict falls on Microsoft - not EA or DICE.

Apparently this 'bug' in kb917422 has been around since it's release, conflicting with several "low-key" applications. Fortunately Microsoft released a hotfix (here) on the 19th.

I suspect the influx of bf2142 players (or EA's clout?) convinced Microsoft to release a hotfix. Either way, this problem is solved.

I have no plans to play BF2142, but that security update caused problems playing FEAR & Prey so I had removed it & was unaware of the MS fix ... gonna go & install it now & thanks!

JackBurton · Oct 22, 2006

Originally posted by: Syppion
While I agree that removing the security update is a bad idea, the blame for the conflict falls on Microsoft - not EA or DICE.

Apparently this 'bug' in kb917422 has been around since it's release, conflicting with several "low-key" applications. Fortunately Microsoft released a hotfix (here) on the 19th.

I suspect the influx of bf2142 players (or EA's clout?) convinced Microsoft to release a hotfix. Either way, this problem is solved.

Awesome man, thanks! I've had this problem with FEAR.

Smilin · Oct 22, 2006

Originally posted by: Syppion
While I agree that removing the security update is a bad idea, the blame for the conflict falls on Microsoft - not EA or DICE.

Apparently this 'bug' in kb917422 has been around since it's release, conflicting with several "low-key" applications. Fortunately Microsoft released a hotfix (here) on the 19th.

I suspect the influx of bf2142 players (or EA's clout?) convinced Microsoft to release a hotfix. Either way, this problem is solved.

Heh. I highly doubt 2142 had anything to do with the fix since it was being worked on before 2142. I know the guys who work on this stuff and they start pounding away at it the moment they find out. The people with the 'clout' to make this stuff happen are MS premier tech support customers. I've seen them get a fix within hours. Heck, depending on what they want done they can get changes made to the OS even when there isn't a bug. Had EA done any form of half-assed testing, the dev support guys at MS would certainly help them fix 2142 or the fix the update.

Often this stuff results from shenanigans that 3rd party apps are doing. We had once recently 06-41, 51 maybe? can't remember. Anyway it shifted where a particular .dll was loaded in memory. People using sloppy programming practices *ahem*sunjava*ahem* and hard coding memory allocations broke. In this case I don't know exactly what's getting broken but those "low-key" apps seem to be mostly CD/DVD copy protection software (which I hate) so I'm not crying much

That said, yes security updates can have regressions. This won't be the last time. Once they get rolled into a sp they have undergone full regression testing but security takes precedence when deciding to get them released.

I find it irresponsible that EA would tell consumers to remove a security update rather than: 1) Fixing 2142 or 2) Asking MS to fix the update. EA are grown ups. They know better. When SUN had problems with a security update and Java did they tell customers to remove the security update? No, they called MS. Fix was out within days.

This reminds me of the same $$ first mentality they had about the BF 1942 DOS attack..

You could send a request for info to a server but give the wrong return address (app layer here, not spoofed ip stuff). The server would send back the info to the victim. It allowed something like an 8 to 1 data ratio so a couple PCs could DOS attack big-iron servers this way. EA never fixed it until someone DOS attacked them with their own 1942 servers.

So can I get a couple confirmations the hotfix from MS fixes the issue without having to remove the security update? If so, I'll update the original post up top. Once EA releases a permanent fix or the MS fix gets rolled into a critical update (so everyone gets it via WU instead of manually) we'll let the sticky die off.

Captante · Oct 23, 2006

In fairness, EA never told anyone to remove the security update as far as I know. I only became aware that kb917422 was the problem after I was unable to get Prey to launch & went searhing on Google to try & figure out what the problem was... I found a thread on some forum (forget the name) where a couple people had the same issue & were able to fix it by removing the update.

Btw I havn't tried to launch Prey or FEAR since re-installing kb917422 & applying the hot-fix... I'll update this post as soon as I do.

Edit: FEAR & Prey are both working fine now.

pontifex · Oct 23, 2006

Originally posted by: Captante
In fairness, EA never told anyone to remove the security update as far as I know. I only became aware that kb917422 was the problem after I was unable to get Prey to launch & went searhing on Google to try & figure out what the problem was... I found a thread on some forum (forget the name) where a couple people had the same issue & were able to fix it by removing the update.

Btw I havn't tried to launch Prey or FEAR since re-installing kb917422 & applying the hot-fix... I'll update this post as soon as I do.

I've had this problem with Titan Quest and most recently Dark Messiah of M&M. For Titan Quest, I originally removed the update. For Dark Messiah, I patched it with the link above and it works now.

apoppin · Oct 23, 2006

Originally posted by: Smilin

Originally posted by: Syppion
While I agree that removing the security update is a bad idea, the blame for the conflict falls on Microsoft - not EA or DICE.

Apparently this 'bug' in kb917422 has been around since it's release, conflicting with several "low-key" applications. Fortunately Microsoft released a hotfix (here) on the 19th.

I suspect the influx of bf2142 players (or EA's clout?) convinced Microsoft to release a hotfix. Either way, this problem is solved.

Click to expand...

Heh. I highly doubt 2142 had anything to do with the fix since it was being worked on before 2142. I know the guys who work on this stuff and they start pounding away at it the moment they find out. The people with the 'clout' to make this stuff happen are MS premier tech support customers. I've seen them get a fix within hours. Heck, depending on what they want done they can get changes made to the OS even when there isn't a bug. Had EA done any form of half-assed testing, the dev support guys at MS would certainly help them fix 2142 or the fix the update.

Often this stuff results from shenanigans that 3rd party apps are doing. We had once recently 06-41, 51 maybe? can't remember. Anyway it shifted where a particular .dll was loaded in memory. People using sloppy programming practices *ahem*sunjava*ahem* and hard coding memory allocations broke. In this case I don't know exactly what's getting broken but those "low-key" apps seem to be mostly CD/DVD copy protection software (which I hate) so I'm not crying much

That said, yes security updates can have regressions. This won't be the last time. Once they get rolled into a sp they have undergone full regression testing but security takes precedence when deciding to get them released.

I find it irresponsible that EA would tell consumers to remove a security update rather than: 1) Fixing 2142 or 2) Asking MS to fix the update. EA are grown ups. They know better. When SUN had problems with a security update and Java did they tell customers to remove the security update? No, they called MS. Fix was out within days.

This reminds me of the same $$ first mentality they had about the BF 1942 DOS attack..

You could send a request for info to a server but give the wrong return address (app layer here, not spoofed ip stuff). The server would send back the info to the victim. It allowed something like an 8 to 1 data ratio so a couple PCs could DOS attack big-iron servers this way. EA never fixed it until someone DOS attacked them with their own 1942 servers.

So can I get a couple confirmations the hotfix from MS fixes the issue without having to remove the security update? If so, I'll update the original post up top. Once EA releases a permanent fix or the MS fix gets rolled into a critical update (so everyone gets it via WU instead of manually) we'll let the sticky die off.

Smilin, do you work for Microsoft?

it really should be in your signature.

full disclosure, ya know.

like the AEG guys.

anyway, does the hotfix work?

Smilin · Oct 23, 2006

Yea, I work for MS. Quite a few people around here know it but I generally don't disclose because:

1. I do not post here on behalf of Microsoft. I joined here before I worked at MS. I confer no warranties and the opinions are my own. I'll leverage my position to help people as much as I can but again: no warranty. I'm here as 'smilin' not 'that guy from ms'.
2. There is enough MS bashing going on here that I don't need a continuous ration of crap from people who are still bitter about netscape or novell or the virus that their grandma got for some reason

. It also carries the automatic prejudice that makes people think I hate *nix. The veteran *nix guys around here know me better than that though.

I have not tested the hotfix as a means to get BF2142 running. I'm in the boycot 2142 crowd right now so I never purchased it.

Hopefully for the guys that did buy it the hotfix will do the trick. If it does I hope EA is resposible enough to update their docs and point out the hotfix as a resolution instead of removing a really important critical update.

As a side note, I'm seeing folks here having problems with Fear and Titan Quest...haven't had those issue myself. The apps listed in the hotfix article are predominantly copy protection apps. My game collection is really, really big so I use no-cd patches whenever I can to avoid the hassle. Not sure if there is a connection. I've been too busy to dig into the internal info on that update+hotfix for it.

Syppion · Oct 23, 2006

Originally posted by: Smilin
Heh. I highly doubt 2142 had anything to do with the fix since it was being worked on before 2142. I know the guys who work on this stuff and they start pounding away at it the moment they find out. The people with the 'clout' to make this stuff happen are MS premier tech support customers. I've seen them get a fix within hours. Heck, depending on what they want done they can get changes made to the OS even when there isn't a bug. Had EA done any form of half-assed testing, the dev support guys at MS would certainly help them fix 2142 or the fix the update.

Often this stuff results from shenanigans that 3rd party apps are doing. We had once recently 06-41, 51 maybe? can't remember. Anyway it shifted where a particular .dll was loaded in memory. People using sloppy programming practices *ahem*sunjava*ahem* and hard coding memory allocations broke. In this case I don't know exactly what's getting broken but those "low-key" apps seem to be mostly CD/DVD copy protection software (which I hate) so I'm not crying much

That said, yes security updates can have regressions. This won't be the last time. Once they get rolled into a sp they have undergone full regression testing but security takes precedence when deciding to get them released.

I find it irresponsible that EA would tell consumers to remove a security update rather than: 1) Fixing 2142 or 2) Asking MS to fix the update. EA are grown ups. They know better. When SUN had problems with a security update and Java did they tell customers to remove the security update? No, they called MS. Fix was out within days.

As much as I dislike coming across as defending EA (or large corporations in general)... This hotfix has been needed since it's release, or at least since FEAR's release (Oct. 17, 2005) - I don't remember which came out first. Yes, it is possible it took a year to tack it down, but as you said "I've seen them get a fix within hours". From looking at the hotfix page there are still known applications having the same issue - so it's not a complete fix yet. (And yes, I do consider John Deere Manuals a "low-key" app.)

My statement of "the influx of bf2142 players (or EA's clout?)" was meant to imply that something spurred Microsoft to release this hotfix (and update kb917422 to v4.1). Given that this was released two days after 2142, it seems plausible that EA made a (spendy) phone call to MS and maybe used its clout to convince MS to post a hotfix sooner than later to resolve the issue with bf2142. Similar to what you describe SUN as having done.

As to the effectiveness of the hotfix. I have not encountered any issues since installing it (~6 hours playtime), but I also didn't have any issues for the day (~2 hours playtime) I played before it's release. Hopefully a less casual gamers can add some more confirmation.

If you do work for a relevant part of MS and the hotfix works for bf2142 - then I thank you for fixing it a day before you posted it was broken.

Otherwise kudos for whoever at MS did so, and possibly EA for being active.

Smilin · Oct 23, 2006

What gets fixed within hours comes from MS premier customers. I do not know if EA has a premier account and I couldn't reveal even if I did. Know this: MS premier customers get support unlike anything I have ever seen in 16 years of IT work.

The dates I see on this:
MS06-051, 917422 was released on August 8th.
The regression this update has was correctly ..mm..at some point shortly thereafter

..internal info and not really important, sorry) after testing it was then released publicly on August 11th under kb924066 three days later (kb article last reviewed August 29th).
Others discovered the regression through different means and a new kb924867 with these symptoms described in it was released on August 29th (last review 10/19).

The 'last update' date on kb924867 may give the impression it came out after 2142 but it did not.

BF2142 was released on Oct 17th right?

All of this info is public. The public KBs *I think* only show the last review date...the original date was also public at the time but it might take like google cache or something to go peek now.

My point of view is very unique I admit but a problem was corrected by MS back on the 11th of August, and now over two months later, EA is telling you to uninstall a critical update as a workaround for a problem that already has a fix?? As a general consumer that doesn't go over very well with me.

Other than the companies listed in the public version of the KB article I can't mention who reported a problem to us or who didn't. That's customer info and unless they give permission otherwise that info is locked away behind 20ft of steel. You have to decide for yourself if you think EA drove this process.

This is the most "MS-ish" post I've ever made here so let me go ahead and spew the disclaimer: This is my opinion only, does not represent the view of MS, confers no warranty of any kind. To underscore this point please know that I may or may not have made up this whole thing up or parts of it. Seriously: enjoy my ramblings but I do not stand by these statements in any way.

Smilin · Oct 23, 2006

Correction. I believe the hotfix in kb924066 mentioned above was release aug 14th, not aug11th.

swaytech · Oct 27, 2006

Just do it

archcommus · Oct 27, 2006

Funny, my roommate and I just removed that patch on his system last night for him to get Chaos Theory to work. The next morning we saw automatic updates had installed it again, so...we uninstalled it again. Heh.

Smilin · Oct 27, 2006

Originally posted by: archcommus
Funny, my roommate and I just removed that patch on his system last night for him to get Chaos Theory to work. The next morning we saw automatic updates had installed it again, so...we uninstalled it again. Heh.

Genius.

Did you try either of the two hotfixes mentioned in this thread that may correct your problems without having to remove the security update?

archcommus · Oct 28, 2006

Originally posted by: Smilin

Originally posted by: archcommus
Funny, my roommate and I just removed that patch on his system last night for him to get Chaos Theory to work. The next morning we saw automatic updates had installed it again, so...we uninstalled it again. Heh.

Click to expand...

Genius.

Did you try either of the two hotfixes mentioned in this thread that may correct your problems without having to remove the security update?

Yeah we tried the one from the link in the OP and it didn't help. Although I'm not sure if he restarted after installing it.

Do NOT remove security update kb917422 to play BF 2142!

Diamond Member

Elite Member

Diamond Member

Diamond Member

Lifer

Lifer

Lifer

Lifer

Member

Senior member

Diamond Member

Lifer

Lifer

Diamond Member

Lifer

Lifer

Lifer

Diamond Member

Member

Diamond Member

Diamond Member

Senior member

Diamond Member

Diamond Member

Diamond Member