X

More about patch KB932823

More about patch KB932823, thanks to a Microsoft spokesperson

Michael Horowitz

Michael Horowitz wrote his first computer program in 1973 and has been a computer nerd ever since. He spent more than 20 years working in an IBM mainframe (MVS) environment. He has worked in the research and development group of a large Wall Street financial company, and has been a technical writer for a mainframe software company.

He teaches a large range of self-developed classes, the underlying theme being Defensive Computing. Michael is an independent computer consultant, working with small businesses and the self-employed. He can be heard weekly on The Personal Computer Show on WBAI.

Disclosure.

See full bio
Michael Horowitz
3 min read

As I wrote a couple days ago, Microsoft released a new bug fix, KB932823, on May 28th which seemed suspicious for a number of reasons.

For one thing, the patch was released at the end of the month instead of Patch Tuesday. It turns out, according to a company spokesperson, that Microsoft releases patches twice a month, not just once a month. "While we release security updates on the 2nd Tuesday of the month, non-security updates are usually released either the 2nd or 4th Tuesday of the month." Who knew?

Since KB932823 is not a security related patch (terminology: "updates" means "patch" which in turn means "bug fix"), it doesn't show up in the list of latest security patches. The Microsoft spokesperson was unable to find a web page that explains or documents the fourth Tuesday bug fix schedule.

Still, this particular bug doesn't strike me as high priority, so I wouldn't install the patch. As I wrote previously, there are two workarounds, and according to Microsoft, the problem only "occurs if the Japanese Input Method Editor (IME) is the default keyboard layout."

The Microsoft spokesperson added that the problem only occurs on multi-core machines. So why was my English-only copy of XP running on a single-core processor offered this patch? Doesn't inspire confidence.

In addition, the problem also occurs on Windows Server 2003 where it is considered a "hotfix" rather than a critical bug. A hotfix is a bug fix that not only doesn't get installed automatically, you can't even download it. Instead, you have to call Microsoft and convince them you need it. For Windows Server 2003, Microsoft says:

Apply it only to systems that are experiencing this specific problem ... if you are not severely affected by this problem, we recommend that you wait for the next service pack that contains this hotfix.

In other words, the patch status on Windows Server 2003 is totally opposite from that in Windows XP. Strange.

I also checked the IE blog and the IE home page at Technet. Neither said a thing about this bug fix.

Another Microsoft spokesperson noted that this patch also applies to the Media Center Edition of XP. They said, "Media center is just a variant of Windows XP so all fixes that apply to Windows XP Pro apply to Media Center Editions. Windows Update handles this automatically by delivering the correct version of the fix."

In addition, they pointed out that KB932823 applies to both 32 and 64 bit versions of Windows XP. Quoting: "The x64 version of Windows XP uses the Server 2003 version of the fix - this is true for all x64 XP fixes. Windows Update handles this automatically by delivering the correct version of the fix. (However, only WinXP x86 fix is available from the Microsoft Download Center. Customers who want the fixes for ... Windows XP x64 need to contact Microsoft to get the fix.) "

If you have Windows/Microsoft Update set to operate automatically, then you can't pick/chose the patches to install. Next time, some thoughts on dealing with Windows/Microsoft Update.

Update June 2, 2008: Added comments from second Microsoft spokesperson.

See a summary of all my Defensive Computing postings.