Is the 2.0 patch based on 2.0 that shipped in Vista? Yes.
3rd post in a series about a patch that MS released this week that slows down computers (with lots of disk activity) for a while. Read all related posts here: Ngen Patch.
These Comments came from a comments section on The Register.
We experienced a break with our product at work
Posted Thursday 12th July 2007 17:29 GMT
I work for an ISV, and the update broke our product. We’re still scrambling to make sure that all our customers are okay. We investigated the reason for the break, and we’re 99% sure that the change that broke our product had no security impact whatsoever. It is, however, a change that has been made to later revisions of .NET. It looks like, rather than releasing a patch just for the security issue they were trying to fix, Microsoft actually pushed their latest code version, with lots of changes that were previously Vista-only (or part of the later versions of .NET?)
Feels to us like Microsoft are taking short-cuts with security, and ignoring the customer impact. A few hours saved at Microsoft, man-years of productivity lost globally. That’s the real Microsoft tax!
Posted Thursday 12th July 2007 17:56 GMT
Yes, you’re correct: most MS fixes involve fresh builds of their top-of-tree code for the affected component, not a small patch applied to a release branch.
I’m not really sure what else they could do; they’d be maintaining thousands of release branches by now if they didn’t do that, and every patch would then have to come in a thousand different versions (or a million if it included fixes to *two* dlls instead of just one, a billion for three dlls, etc….!)
I’ll work internally to understand if there were any changes in the .Net 2.0 patch that were only on the .Net 2.0 version on Vista. My guess is that is the case. My guess is that the ISV would already have seen this issue by testing on Vista, but I’m not sure.
[Update: it sounds like this patch will bring a few .Net 2.0 changes that shipped with Vista to XP as well.(the culture name issue in the list below)]
Please comment here if you have more details on any "fixes" here that broke anything.
I’ll keep a list of issues that I see here:
- Exchange Servers using Sunbelt Ninja Email Security appears to be affected by the patch. They have a fix.
- Somebody says the update changes ACLs for a directory that .Net requires for compilation… (don’t know…)
- Security patch MS07-040 for .Net 2.0 breaks some culture names for .Net 2.0 on Windows XP/2003/2000
- Also, see KB 931212.