Beware of MS hotfixes KB2735855 and KB2750841

Discussion in 'ESET NOD32 Antivirus' started by Marcos, Sep 25, 2012.

  1. etretat

    etretat Registered Member

    Joined:
    Oct 19, 2012
    Posts:
    9
    Location:
    Brazil
    Re: Beware of MS hotfix KB2735855

    Dear Marcos:

    Sorry to bother you again but is there any evolution and / or solution for the MS Hotfix KB2735855?

    I've uninstalled it but I'm a little bit concerned about the MS Update System that keeps warning me about this security breach.

    Regards,

    etretat.
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    Re: Beware of MS hotfix KB2735855

    Unfortunately, there are no news yet; we haven't heard from M$ since they thanked for providing all the stuff necessary to reproduce the bug in WFP. However, you can apply this fix which works even better than the MS hotfix in question.
     
  3. Janus

    Janus Registered Member

    Joined:
    Jan 2, 2012
    Posts:
    587
    Location:
    Europe - Denmark .
  4. etretat

    etretat Registered Member

    Joined:
    Oct 19, 2012
    Posts:
    9
    Location:
    Brazil
    Re: Beware of MS hotfix KB2735855

    Dear Marcos:

    Some considerations on the the fix you proposed:

    1) When I go to the indicated Registry Key, I have not 1 but 5 different {Interface GUID} directories. Which one is "the one" that must be changed?

    2) When I choose to add the new registry value (the article indicates "type: DWORD"), as I'm on Windows 7 64 bit, I have 2 options:
    - DWORD value (32 bits)
    - QWORD value (64 bits)

    Which one must I choose? One of then (32 or 64) or both for the added key?

    Regards,

    etretat.
     
    Last edited: Oct 25, 2012
  5. jimwillsher

    jimwillsher Registered Member

    Joined:
    Mar 4, 2009
    Posts:
    667
    Re: Beware of MS hotfix KB2735855

    DWORD. The other is QWORD.
     
  6. etretat

    etretat Registered Member

    Joined:
    Oct 19, 2012
    Posts:
    9
    Location:
    Brazil
    Re: Beware of MS hotfix KB2735855

    jimwillsher:

    Thanks for the correction.

    etretat.
     
  7. rpremuz

    rpremuz Registered Member

    Joined:
    Jan 18, 2005
    Posts:
    100
    Location:
    Croatia
    Re: Beware of MS hotfix KB2735855

    Marcos, if I follow that link I get a ESET KBA which suggests installing the KB2735855 update from Microsoft. So, how does it work better? Did you mean to give another link?

    -- rpr.
     
  8. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    Re: Beware of MS hotfix KB2735855

    I'm sorry for the confusion, the KB article has just been updated.
     
  9. etretat

    etretat Registered Member

    Joined:
    Oct 19, 2012
    Posts:
    9
    Location:
    Brazil
    Re: Beware of MS hotfix KB2735855

    Marcos:

    So, what to do?

    a) Reinstall KB2735855?

    b) After that, modify/add the registry key (HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{Interface GUID}\TcpAckFrequency)?

    c) How to identify the correct {Interface GUID} that represents the ID of my network adapter? In my case, I have 5 different {Interface GUI} in my registry.

    Thanks,

    Etretat.
     
  10. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    Re: Beware of MS hotfix KB2735855

    The hotfix was meant to fix the same issue than can be fixed by modifying the mentioned registry value. Apart from the new issues introduced in the hotfix, we've found modifying the registry value to be a more reliable way of fixing the initial network issue. As for the GUID, it shouldn't hurt to set the value for all adapters.
     
  11. pacek

    pacek Registered Member

    Joined:
    Sep 27, 2012
    Posts:
    4
    Location:
    Poland
    Re: Beware of MS hotfix KB2735855

    The issue with KB2735855 is not resolved in Windows 7 64-bit. The solution from this URL: http://kb.eset.com/esetkb/index?page=content&id=SOLN2654&ref=wsf is not related to Windows 7 in my opinion. In Windows 7 there is no TcpAckFrequency DWORD in the registry. I added TcpAckFrequency for test for every interface GUID without success. My connection is broken everytime when I use client-server connection. The article http://support.microsoft.com/kb/328890 is related to Windows XP/2003.
    When I disable HTTP filter in ESET, everything is OK. I'm waiting for a working solution.
     
  12. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    Re: Beware of MS hotfix KB2735855

    It is indeed related to Windows Vista, Windows 7 and Windows 2008 (not sure if MS addressed the issue in Windows :cool:.

    We haven't been reported such issues with the TDI filter in Windows XP/2003 regardless of this setting. The issue should only concern WFP implemented in Windows Vista and newer.

    I'd suggest that you make sure the Windows update 2735855 is removed until MS addresses the issue.
     
  13. pacek

    pacek Registered Member

    Joined:
    Sep 27, 2012
    Posts:
    4
    Location:
    Poland
    Re: Beware of MS hotfix KB2735855

    The Microsoft patch KB2735855 is for every version of Windows (XP, Vista, 7, 2008 and 8 perhaps too). I noticed issue with broken communication (incl. downloads) in Windows 7, only when HTTP filter is turned on in ESET Endpoint Antivirus. So where is the problem:
    1. In Microsoft patch KB2735855 (the solution with TcpAckFrequency is not working and it's related to XP and 2003 only, because in Windows 7 there is no such an option)?
    2. In your HTTP filter?
    I'm waiting for response from your tech support (1 month), and still no useful answer. Maybe you should tell us, who is responsible for this mess.
     
  14. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    Re: Beware of MS hotfix KB2735855

    For instance, it was discussed here at the MSDN forum.
    The problem is in the hotfix KB2735855 which was demonstrated to Microsoft using a minimalistic driver. Since we haven't heard from Microsoft after acknowledging the receipt of the driver and all necessary information, I couldn't update you on the status yet as we haven't got any news from them so far.
     
  15. Bones81

    Bones81 Registered Member

    Joined:
    Nov 12, 2012
    Posts:
    17
    Re: Beware of MS hotfix KB2735855



    Same here geekpryde but unfortunately for me I just recently found this out the problem and after downloading a big file like 5-6 times and wasting so much bandwidth on it, which I will probably have to pay for now for going over my limit. :/

    I didn't uninstall the ms hotfix though.. all I did was not select my browser in active mode but have it selected in protocol filtering excluded list which everything seems to be fine now. I hope though Eset can get this all sorted out already tell Mircosoft to hurry the Fup already or I will switch to MAC...ok I won't really. hehe
     
  16. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    Re: Beware of MS hotfix KB2735855

    With protocol filtering disabled, you lose a strong protection layer protecting you against newly emerging threats. I'd prefer uninstalling the hotfix and setting the TCPAckFrequency to 1 as suggested. According to our tests, this is even a more efficient fix to the performance issue that the hotfix was supposed to address.
     
  17. Wallaby

    Wallaby Registered Member

    Joined:
    Jan 1, 2011
    Posts:
    202
    Re: Beware of MS hotfix KB2735855

    @Marcos
    Can you check if with today's update the malfunction has been fixed?
     
  18. Bones81

    Bones81 Registered Member

    Joined:
    Nov 12, 2012
    Posts:
    17
    Re: Beware of MS hotfix KB2735855



    Now wouldn't that be something after I just uninstalled the hotfix they come out with the fix. :D


    Marcos if the update isn't the fix but when it does actually come out should I than reinstall the hotfix KB2735855 and undo the registry that I edited for TCPAckFrequency?

    btw When I edited my registry I am now getting a constant popup saying additional log in information my be required also my network says I have no connection when I do?
    :doubt:
     
    Last edited: Nov 13, 2012
  19. geekpryde

    geekpryde Registered Member

    Joined:
    Mar 22, 2012
    Posts:
    7
    Location:
    USA
    Re: Beware of MS hotfix KB2735855


    I'm now getting this too a few days after editing the registry. After installing this months batch of MS updates and restarting, I am getting a VERY annoying message ever 60 seconds or so, "additional logon information may be required..."

    My NIC is fine, and I am connected to the internet. Something about the TCPAckFrequency registry edit in conjunction with todays (11/13/2012) MS updates seems to create this strange behavior.

    Hopefully one of you smart people will tell us what to do. :)


    EDIT / UPDATE:

    I am seeing this pop-up on machines that I did NOT do the registy edit. It seems to be related to Win7 and OpenDNS. (might be specifically Win7 64 bit). See here: http://forums.opendns.com/comments.php?DiscussionID=16465
     
    Last edited: Nov 13, 2012
  20. rockshox

    rockshox Registered Member

    Joined:
    Oct 23, 2009
    Posts:
    261
    Re: Beware of MS hotfix KB2735855

    The "Addition log on information may be required" popup is unrelated to this thread. Microsoft added new IPv6 registry keys to their Network Connectivity Status Indicator (NCSI) that is causing issues with OpenDNS.

    As for the other updates released by MS today, I didn't see any in the list that mentioned anything about resolving the problem in this thread.
     
  21. etretat

    etretat Registered Member

    Joined:
    Oct 19, 2012
    Posts:
    9
    Location:
    Brazil
    Re: Beware of MS hotfix KB2735855

    Marcos:

    Since the appearance of the KB2735855 problem, I've proceeded with the following steps:
    1) Confirm the problem
    2) Uninstall the culprit KB
    3) No Windows 7 64 Bit modification

    I was waiting for a definitive solution from Microsoft and/or ESET, but yesterday I got hit by the same problem, but this time due to another KB. I regularly use the Microsoft Windows 7 (1 update / day), so I may consider my system correctly up to date!

    After some Office 2010 updates (31 in total) and also Windows 7 ones (10 in total), the same behavior originated by KB2735855 reappeared.

    I've started to test each one of the W7 updates and I've found another culprit one: it is the KB2750841. The description of the update is on http://support.microsoft.com/kb/2750841.

    To discover the guilty one I was obliged to uninstall one by one, until the problem completely disappeared.

    Your comments on that are extremely welcomed.

    Regards,

    Etretat.
     
  22. se2k

    se2k Registered Member

    Joined:
    Nov 14, 2012
    Posts:
    8
    Location:
    Canada
    Re: Beware of MS hotfix KB2735855

    I also noticed this update causes the same problems as KB2735855. I analyzed the files that are updated by KB2750841 and it updates all the same files as KB2735855 (and more). I guess Microsoft still hasn't fixed the problem with those files even in the slightly updated versions used in KB2750841.

    This topic title should probably be updated to say "Beware of MS updates KB2735855 and KB2750841"
     
  23. bulldozerlf

    bulldozerlf Registered Member

    Joined:
    Nov 14, 2012
    Posts:
    3
    Location:
    U.K
    Re: Beware of MS hotfix KB2735855

    Just like to say I'm having the same problem as the last 2 posts regarding the new KB2750841 and KB2735855.

    Pretty much same situation as etretat.
    Kinda sucks that they did it again.

    I guess that's why they put the hide update function in lol
     
  24. Bones81

    Bones81 Registered Member

    Joined:
    Nov 12, 2012
    Posts:
    17
    Re: Beware of MS hotfix KB2735855

    Well this is becoming ridiculous maybe it's time to find a new Anti-virus. :oops:
     
  25. seg_fault

    seg_fault Registered Member

    Joined:
    Aug 10, 2012
    Posts:
    15
    Location:
    United States
    Re: Beware of MS hotfix KB2735855

    I've ran into this problem with EES 5.0.2126.0 and Windows 8 ( fully updated through 11-13-2012 'patch tuesday' releases for windows 8 )
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.