MS update for Windows KB2641690

Dear Forum Members

First, My O/S is WinXP Pro SP3 and I use Opera 11.52 as my main browser. Today, I updated my O/S with KB2641690, which resolves an issue with the certificate revocation list on Windows systems and keeps the systems certificate list up to date (I've edited the text).

However, since the update I can no longer shop at Tesco .com, Opera seems to revert back to the main page rather than go onto my grocery list so that I can amend it.

Anyway, I do have Firefox, which is unaffected by KB2641690, and used it to update my grocery list instead.

But the problem I have is that whenever Microsoft do a security update Opera, out of the three browsers I use (Opera, Firefox and IE) seems to be affected the most and starts to behave unpredictably. And until the Opera org. releases a new update my Opera browser almost becomes unusable.

I know that I have to wait for the next Opera browser update/upgrade to overcome this current problem but I am getting wary of my main browser being incompatible with MS's security updates.



UK Bob

Opera has its own certificates which are totally separate from those used by Windows IE so there is no way it can be affected. In any case the certificates it revoked are from a far eastern certificate authority which certainly won't be used by Tesco. It sounds like you have a different problem.

Opera does not use the MS certificate repository, so that update will not affect Opera at all.

My guess is that it is a coincidence, and that the real reason is something Tesco (in this case) did. (Of course, it is possible that some other software on your computer uses that repository and interferes with what Opera retrieves)

You can read more about the issue that Microsoft was concerned about, and what Opera did about it at http://my.opera.com/rootstore/blog/2011/11/04/blacklisting-22-certificates-with-512-bit-rsa-keys . The Firefox versions that were released this week implements an update similar to the MS action.

As you do not provide the specific URL(s) that fail, I cannot say anything specifically, but I will note that the certificate blacklist action Opera implemented (somewhat equivalent to KB2641690, which has been distributed to all Opera installations during the past 7 days) have (due to a bug) a tendency to appear to navigate back to the previous page (when you try to navigate to a server with a blacklisted certificate from a server that does not have such a certificate), while showing a blank page when accessed directly. If that is what is happening then somebody may be trying to trick you into visiting a fraudulent site.

Hi davews & yngve

Thank you for your quick replies, I will try to explain the problem from my point of view and based on my experience.

davews

I accept what you have written unreservedly, however I have had problems with Opera and an MS KB release before. Aproximately two years ago, when Opera version was 9.xx, my O/S was WinXP Home SP2 and my PC was a Pentiun 4, MS released a security update for Movie Maker. On installation Opera could no longer play You Tube videos and, as an aside, Firefox would no longer run, only Internet Explorer continued to work as normal.

Although that KB release had nothing to do with browsers it still had a detrimental affect on two out of the three browsers I have.

BTW, I uninstalled that KB and Firefox returned to normal but Opera remained broken until an Opera update (or two) got released.


yngve

As said before, I accept without any argument that KB2641690 should not affect my Opera browser (v11.52) but I can't help but wonder if on installation a memory register was overwritten or a dll got modified in some way, that for me would explain Opera's unexpected behaviour since the arrival of MS's latest KB release.

However, on reading the last part of your reply, namely:

As you do not provide the specific URL(s) that fail, I cannot say anything specifically, but I will note that the certificate blacklist action Opera implemented.... which has been distributed to all Opera installations....have (due to a bug) a tendency to appear to navigate back to the previous page (when you try to navigate to a server with a blacklisted certificate from a server that does not have such a certificate), while showing a blank page when accessed directly. If that is what is happening then somebody may be trying to trick you into visiting a fraudulent site.

First, I must say, the behaviour you describe is exactly the one I am getting but, as a someone that takes PC security very seriously, is extremely conservative when surfing the net and is constantly running my six or so protective apps, I am the most unlikely person to get caught by redirection malware.

But it may be that the Opera bug does not recognise that I am being re-directed to an internal Tesco server rather than being directed to a blacklisted one.

I must also point out that before I start my online Tesco grocery shopping I always insure that the "Cookie Manager" is empty and Opera's cache is cleared.

As for a specific URL, unfortunately you will have to log onto Tesco's grocery section to recreate my problem and, since you are in the US, that may not be possible.

Nevertheless, here it is:

https://secure.tesco.com/register/?vstore=99&from=http%3a%2f%2fwww.tesco.com%2fsuperstore%2fdefault.aspx


Yours


UK Bob

Originally posted by ukbobboy01:

since you are in the US

I am located in Norway.

From my location, the page shows up OK, also on a WinXP SP3 machine with the recent MS update.

Perhaps there is something special about your location? Have you tried a clean install, just in case? Or from a different computer?

Originally posted by ukbobboy01:

As for a specific URL, unfortunately you will have to log onto Tesco's grocery section to recreate my problem and, since you are in the US, that may not be possible.

If the problem is with SSL/TLS certificate handling, then I only need to know the server name.

If you have to be logged in to the service, on the same server as above, then the problem is almost certainly not related to SSL/TLS, but to something Tesco have done to their web page (HTML/Javascript), or CGI scripts (It might be that they are redirecting you right back to the URL you came from; that have happened in several cases at other websites). Using Opera DragonFly to debug might provide some indications of what is happening.

Yngve

Sorry, in your address I mistook ASA for USA.

Since replying to your post I have found that Opera is more unstable than I first thought, If I try to use it for 15 or so minutes it crashes my PC.

A clean install seems like a good idea but, as you can guess, I do not want to loose my settings, i.e. Speed Dials, Bookmarks, Appearances, Preferences, etc.

Anyway, you could be right about Tesco updating their web-pages but I am somewhat sceptical about that but either way this problem will have to be cured by an Opera upgrade or two. And unfortunately for me, although I can find my way around most software, in order to get the best (or what I want) out of them, I cannot debug applications.

Thanks for your suggestions


UK Bob

PS. I might try new install of Opera over my current install, that will allow me to keep my current settings and might resolve the instability caused by KB2641690.

Originally posted by ukbobboy01:

A clean install seems like a good idea but, as you can guess, I do not want to loose my settings

What I meant is to do a clean install in a different location on your system, so that the problem can be tested separately from your current installation, to eliminate a configuration problem.

Copying (backing up) your profile folder regularly will preserve your settings, and it can then later be copied back into the profile folder of a new installation.

Regarding crashes of the entire system, since you indicate that this is a new problem, that sounds to me like something have been updated on your system that breaks it, such as device drivers or other system software. There have been previous cases where OS drivers have crashed the system due to normal usage tripping over some bug, or which data have been given them. Given that you just updated Windows, it is quite possible that one of those patches cause that instability. I doubt that it is Opera that is directly responsible. You may have to report this problem to Microsoft.

It might be an idea to make a note of what sites you were visiting when the crashes occur.

Yngve

Once again, I must thank you for your suggestions and, especially, your clarifications of "clean install".

Again, your explanation of why my system is now starting to crash seems very sensible and, after another crash, I have come to a similar conclusion. However, the remedy I have chosen is somewhat different, i.e. I have decided to uninstall KB2641690, which I have now done.

You see, I prefer to have my applications working and my PC secure above anything else, since I had these things before KB2641690 there is a good chance things will revert back to normal once this KB is no longer on my machine, so now it is gone. Plus, since you have informed me that I don't need this KB because both Opera and Firefox have their own updated certification then KB2641690 becomes a burden I no longer want to carry.

Once again, thanks for your help and although I have not taken any of your suggestions you have helped me to reach a conclusion that may have taken me a little longer to reach on my own.

Yours


UK Bob

At least for some of my machines this most recent update contained several packages, also on the XP machine. Unless you activate udpates manually (like me) it might be an idea to check the update logs to see if other components were updated at the same time.

It are other applications that you use on you machine need access to the Windows Rootstore, including the windows installation system, and there are clear indications that several of the weak certificates issued by the revoked CA were used to sign malware.

Please keep me updated on whether what you have done seem to remove the problem (note that I said remove, not fix).

yngve

Your last posting has puzzled me, apart from my browsers what other applications could possibly make use of certifications? For example, I am aware that other applications "phone home" for updates but as far as I am aware certification is not necessary, am I wrong?

At this stage, I realise my solution is not a fix, it's more like a work around, but unless you say otherwise I don't believe that I require KB2641690 to maintain my PCs security.

Finally, I will let you know, by this time next week, whether stability has returned to my PC.


UK Bob

Originally posted by ukbobboy01:

Your last posting has puzzled me, apart from my browsers what other applications could possibly make use of certifications? For example, I am aware that other applications "phone home" for updates but as far as I am aware certification is not necessary, am I wrong?

The Windows Operating System relies on certificates for Object Signing of executables and drivers, including Win XP. Additionally, Java and possibly other similar systems have the same functionality, and some of these may depend on the OS certificate repository to provide trust information rather than have their own rootstore system.

The certificates issued by the revoked CA could be used for Object Signing, because they were issued without the extensions that would prevent that use (this was one of the reasons why the Root CAs revoked their CA certificate), and one or two of the weak (and compromised) site certificates have been positively associated with signing of malware payloads, used to trick the Operating System into installing them without warning the user.

yngve

The Windows Operating System relies on certificates for Object Signing of executables and drivers, including Win XP. Additionally, Java and possibly other similar systems have the same functionality, and some of these may depend on the OS certificate repository to provide trust information rather than have their own rootstore system.

Thanks for that bit of info, it all adds to the constant (and enjoyable) learning experience that using a computer affords.

However, since this morning my PC has worked flawlessly, so far, with Opera, therefore I am not prepared at this stage to re-install KB2641690, along with all the problems it brings. I will only install this KB again if it becomes part of a collection within an "SP4" release, by then I believe MS will have sorted it out.

I'll get back to you next week to either confirm my PCs stability or it's continual instability.

Yours


UK Bob

Hi yngve

As promised, I am back to relay my findings, about my PC's behaviour, since the deletion of KB2641690.

First, I must report, Opera has returned to the stability it had before I installed this KB update, I know you and davews said that it should not affect Opera's operation but it did. Opera became so unstable that I could not even complete a posting in this forum, Opera would just crash after a minute or two of my typing and after rebooting my PC I would have to type my posting into my word processor and then copy and paste into the forum page.

Also, I have to say, that my Firefox browser has also returned to normal.

Finally, I do agree that there is probably some bug within my O/S that is causing KB2641690 to affect both Opera and Firefox in such an adverse manner but now that it is gone I can actually use my computer again and do the work that my family and I actually need to get done.


UK Bob

PS. I almost forgot to mention, I can once again shop at Tesco.com without the circular navigation problem mentioned before.

One possibility that have crossed my mind concerning the system problems you experienced, is that you may have some drivers installed on your system that was issued by the now-revoked CA. However, I do not know how to discover which component caused it, although it may be that Windows crashlog information could provide hints.

Do you recall what you were doing at the time of the system crashes?

BTW, I have already informed Microsoft about the possible problem with that patch.

Originally posted by yngve:

I have already informed Microsoft about the possible problem with that patch.

You have done a good job - but I wonder Microsoft will ever release a hotfix for affected users; because not offering a hotfix not only gives Microsoft the opportunity to hide it's mistake but also gives an opportunity of making users believe that there are problems with Firefox and Opera; something beneficial for IE.

Swapnil99pro: If the problem is caused by what I think is causing it, it may be just an accident that it did not trigger for MSIE at the time, or for any other applications.

Originally posted by yngve:

it may be just an accident that it did not trigger for MSIE at the time,

So means that it is possible that at this time an IE user (why do we call it MSIE - we don't call Opera as 'Opera Software Opera or OSO' ) might be experiencing the same problem or another application user might be also experiencing this problem?

Originally posted by Swapnil99pro:

So means that it is possible that at this time an IE user (why do we call it MSIE - we don't call Opera as 'Opera Software Opera or OSO' ) might be experiencing the same problem or another application user might be also experiencing this problem?

Yes, if my hypothesis about what could be causing the issue is on the right track, it is possible that a user with a configuration that contains the some of same components as UKBob's system experience the same issue in other applications. It all depends on which API calls and parameters are needed to trigger the problem.

My guess is that it is requires use of plugins, but I know of cases where the browser have directly accessed system components and caused system crashes due to problems with the input.

It is not possible to get any closer without more detailed information about the system, and possibly crashlogs, that Microsoft can analyze, as well as information about which websites were visited at the time.

Thankyou for your detailed replies.

Hi yngve (& Swapnil99pro)

I must thank you, yngve, for reporting my problem to Microsoft but, as Swapnil99pro said, it is unlikely that anything will be done to provide a solution unless a significant amount of XP users have the same, or similar, problem. Also, I am inclined to agree with Swapnil99pro about MS's intentions in getting users to use their browser instead of the competition's.

Way back in the dim and distant past, MS was going to make MS Dos 4.0 their last Dos because at the time they were working on O/S2 with IBM. However, a company called "Digital Research" released a Dos for IBM and compatible PCs called DR-Dos 5.0. But this got killed off by insuring that this new Dos was incompatible with MS's new, up and coming Windows platform.

And when windows became established with Windows 3.0/3.1 & Windows for Workgroups 3.11, MS refused to release the necessary window programming codes to rival software companies so that the rival's word processors, spreadsheets, databases, etc. crashed when working with windows.

Plus, have you ever wondered why it is so difficult to buy a PC with a non-windows O/S? Well, that's because any store selling PCs have to pay MS a windows licence fee for each PC sold, regardless whether or not windows is actually installed on the machine.

Now, there are loads of other marketing and technical tricks MS plays to keep it's marketing dominance, most work and some don't. However, that is not to take away from them some of the very good (and user friendly) products they have released over the years, it just got to be remembered that MS is primarily there to maintain market share and generate profit, which in itself is not a bad thing but they can be ruthless when they "need" to be.

And finally, back to KB2641690, since my PC is now working and stable I will not be reinstalling this KB.


UK Bob

Originally posted by ukbobboy01:

I will not be reinstalling this KB.

Actually I do not intentionally install any security updates - it's Automatic Updates which installs it; and sometimes I even delete the installation files kept in "%systemroot%/SoftwareDistribution/Download" folder for the update when the Automatic Update notification disturbs me too much.

The only updates I feel important to install are Windows and Office security updates - excluding any IE updates; since the simplest IE security update requires a PC restart - while Office updates do not; and Windows updates are a critical part so I need to restart anyway.

Why to update IE when you don't use it? IE is a crap browser and I use Opera - which I barely have to update; maybe one in 2 months, that's much convenience.

Hi Guys

Just to finish up this sorry saga with KB2641690, since the last time I submitted a post to this thread I was using Opera v11.52 as my main browser and, as I said before, this KB caused me a lot of problems.

However, now Opera has been updated to v11.60 and today I did the last MS security updates for this year, as billed in the on-line security news media. I checked to see if KB2641690 was included, by MS's auto-system, in the pile of today's updates that I initiated, and it was. And guess what, it no longer affects Opera (and Firefox) the way it did before.

I can log onto the Tesco.com (grocery) site without any problems whatsoever.

I'm not sure if the experience I have had today proves anything but it seems to me that, from time to time, a KB update comes along and causes Opera to behave unpredictably. A few weeks later Opera org. releases an update of it's own and everything it back to normal.

Maybe there is another more technical explanation for what I am experiencing, but at the moment I just can't tell.

Yours


UK Bob