« Fourmilab: WeatherCam joins FloodCam | Main | Fourmilab: HotBits Secure Server Request Form Now Delivered Via HTTPS »

Monday, April 24, 2006

Windows: Cygwin OpenSSH Service vs. Media Player KB911565/KB911564 Patch and iTunes Installation Hang

Microsoft issued two patches in February 2006, KB 911565 and KB 911564, to correct a serious vulnerability which permits remote code execution. These patches installed without problems on all of the Windows systems here with the exception of the Windows 2000 machine I use as the system management station for the Alcatel PBX, the Check Point Firewall software, and assorted other gizmos which run only on Windows. On that system, installation of the KB 911565 patch hung halfway through, and only killing the installer task would get rid of it. I even tried installing the patch after booting in Safe Mode (which, of course, in the interest of “safety” destroys the positioning of all your carefully-arranged icons on the desktop—feel safer now?) Nothing doing: it still hung. The hang only affected these two patches; I had no problem whatsoever installing all subsequent patches up to the present. I even tried re-installing Media Player from scratch, but Windows Update still required the patches, and attempting to apply them hung as before.

Being more or less out of ideas, I simply ignored these patches and removed them from the list to be applied when updating the system. Today, I tried to install iTunes for Windows on this system to permit downloading free “podcasts” without having to reboot my development machine into Windows and sit around while lengthy downloads complete, and the iTunes installer also hung before displaying its welcome screen. I popped up the task manager and noted that the CPU was pegged at 100% and, curiously, most of the CPU time was being consumed by the OpenSSH service installed under Cygwin. Even more curiously, when I terminated that task, the iTunes installer immediately popped up an “installation failed” dialogue. This was repeatable.

Now, there's no legitimate reason the iTunes installer ought to be using any Cygwin component, not to speak of the OpenSSH service. Since I've never actually used the SSH login facility on this machine, I opened up the Services applet under Administrative Tools and changed the run status for the service from “Automatic” to “Disabled”. After having done so, I restarted the iTunes installer and it worked perfectly. This hang was so reminiscent of the ones I'd experienced with the Media Player patch (and, after all, iTunes and QuickTime are similar in function to Media Player), I decided to try applying the two patches and guess what? They also both installed just fine.

After the obligatory reboot after patching Media Player (in the interest of brevity I shall refrain from heaping scorn on an operating system whose architecture requires a reboot to update the movie player application), the system came up normally and everything appears to work. At long last, Windows Update reports the system current, with no high priority patches outstanding. Once bitten, and having no real need for it, I decided to leave the OpenSSH service disabled. Note that this report applies to a machine running Windows 2000 with Media Player 9; as I noted in the introduction, I have not had any problems installing these patches on other Windows systems running Windows 98 and XP, most of which also have Cygwin installed. I have no reason, therefore, to suspect this problem applies to systems other than Windows 2000, but if you're installing something sound-and-light related on a machine with Cygwin and it hangs, take a peek at the task manager to see if OpenSSH is devouring your CPU.

Posted at April 24, 2006 21:09