posted by App on Tuesday, July 24, 2007
KB936357 is a Windows Update patch you have to watch out for and be careful.
It is microcode for the BIOS of certain affected systems.
Only systems with the following CPU's need this:
- Mobile: Intel Core 2 Duo mobile processor.
- Desktop: Intel Core 2 Duo desktop processor, Intel Core 2 Quad desktop processor, and Intel Core 2 Extreme processor.
- Server: Intel Xeon processors 3000, 3200, 5100, and 5300 series.
The problem with this patch is that it is installing itself on systems not affected and causing problems.
If you have your Windows Update settings set to automatically download and install patches, you might want to change this to downloading, but asking before installing.
When a new update downloads and you are asked, do not select the typical or express install. Choose the advanced option and check for this patch in the list.
If you don't have one of the affected CPU's, unselect this patch and do not install it.
You will have to do this every time, so keep the patch number handy so you'll remember the name of it.
I know of at least 1 person that ended up with this patch that didn't need it.
For one guy with an older P4 CPU, it messed up his router causing him to have a problem with it disconnecting every few hours.
Another guy...I haven't heard from him since he rebooted after an update tonight(he has an AMD64 CPU). I suspect he ended up with this patch and it may have caused problems, but I can't be sure at this time.
So please be careful with this one. Don't install it if you don't need it.
But if you do have one of the CPU's affected, please install it...you do need it, even if you are not currently having problems. There is a flaw in the listed processors that creates an exploitable vulnerability and your BIOS needs this patch to correctly deal with it and protect you.
The alternative to installing this patch on affected systems is to install a BIOS update from your motherboard manufacturer. Not all manufacturers have released a BIOS update to address the issue, and some require your system to have a floppy drive to install it. It is just easier to use the update from Microsoft for affected systems.
Full patch info from Microsoft
Details on the vulnerability with select Intel processors