Desktop Bridge-Powered Apps Can Crash Windows, Stay Away For Now

Posted on October 5, 2016 by Rafael Rivera in Windows, Windows 10 with 36 Comments

bugcheckMicrosoft acknowledged a bug in its Desktop Bridge technology last night that could crash Windows 10 with the error KERNEL_SECURITY_CHECK_FAILURE and potentially put your machine into an endless boot loop.

Yikes.

You may recall that Desktop Bridge (previously Project Centennial) is a new feature in Windows 10 Anniversary Update that allows developers to take Win32 and .NET apps and plug them into the Universal Windows Platform and ship them via the Windows Store.

I used this technology to get handy utility EarTrumpet into the Windows Store last month. It’s fantastic stuff.

But it’ll be even better when it’s safer to use.

Right now, simply launching an affected app – like EarTrumpet, Kodi, Tweeten, Arduino IDE, or Evernote – could crash your machine. Or they could work for a while and crash the machine later. Worse, if any of those apps are configured to start at boot, you could end up in an endless reboot-crash-reboot cycle.

Users running Windows 10 and the latest AMD Catalyst drivers represent the popular class of folks having the issue. But the problem isn’t specific to AMD customers. It could snag you via another driver that Microsoft hasn’t seen yet.

Looking at the crash dumps I’ve received from EarTrumpet users, it seems the issue boils down to some bad assumptions made by both driver makers and Microsoft surrounding registry access from kernel space.

Driver makers, for example, are still accessing the registry (via RtlQueryRegistryValues) in a manner that hasn’t been safe for several years. But that dusty code may not have been updated because the operating system wasn’t moving around the registry cheese, so to speak. Assumptions held true and everything worked great until now.

Microsoft should have found this in its testing. But the feature didn’t get a lot of attention because it shipped non-functional Desktop Bridge tooling in many of its Windows Insider builds, and apps built on the stuff weren’t allowed in the Store until last month. (Though, it’s not clear Windows Insider testing would have caught this issue due to the low variability of machine configurations. Ars Technica’s Peter Bright has written about this topic great length and it is worth a read.)

Hindsight is 20/20, of course. And there is some good news to be had here: Microsoft already fixed the issue internally. You should see a fix go out to Windows Insiders very soon and, barring any issues, to everyone else this month.

I’ll follow up with an all-clear when that happens.

Tagged with ,

Join the discussion!

BECOME A THURROTT MEMBER:

Don't have a login but want to join the conversation? Become a Thurrott Premium or Basic User to participate

Register
Comments (36)

36 responses to “Desktop Bridge-Powered Apps Can Crash Windows, Stay Away For Now”

  1. 473

    I really wish MS would get back to doing proper testing.  This stuff is hurting Windows and Microsoft's credibility. I am struggling with Windows 10 as it's one disaster after another and businesses cannot afford the upheaval.

    MS please sort out your sh1t.

    • 442

      In reply to Siv:

      People used to complain that MS took too long testing and didn't release stuff.  Now they release it early and people gripe?  Make you wonder doesn't it?

  2. 5504

    To me this problem is evidence that Desktop Bridge is just a kludge. I don't think there's much reason to port Win32 apps to UWP, but if you want to do it better to just rewrite the application as core UWP app. You can probably still reuse existing "business logic" code when you rewrite. Also if you really need those few capabilities that are unique to UWP, it makes more sense to exploit those features in your first UWP version than just deliver a UWP version that duplicates the Win32 functionality.

    • 5664

      In reply to skane:

      I kinda think the bridge is going to be much more important for converting custom LoB apps designed and deployed within a business. Instead of having to start from the ground up wit ha UWP app, they can convert it and put it in the Store for Business, then lock the box down, allowing only Windows Store apps.

      Boom, suddenly that's a more secure seat because the user can't install their own crap.

      • 5504

        In reply to jimchamplin:

        IMO, it's a lot of effort for very little return. Businesses already lock down PCs so that users can't install unauthorized applications. And of course, most businesses aren't even running Win10. 

    • 5592

      In reply to skane:

      More realistically, it could have been put as "Microsoft has found a rare condition where a small number of very specific computer configurations may experience a system failure running Desktop Bridge software. A fix is in place and will go out soon."

      As Paul pointed out this is a bug that only hits in very specific hardware configurations. Hardly the mark of a "kludge". Just a mark of a vastly rich ecosystem.

      • 96

        In reply to MikeGalos:

        That's not quite right. They currently aware of 1 condition in which this fails but the bug is generic and can affect anyone and everyone. This is why I'm sounding the alarm.

        re: lack of edit, I totally feel your pain. I pinged the web guys and that feature is rolling out shortly.

      • 5504

        In reply to MikeGalos:

        Perhaps it's best go read what MS actually said about it: http://bit.ly/2dSCVQc

        I don't see anything there that suggests a "very specific hardware configuration", a rare condition, or a compreshensive list of affected apps. It's the first time I've ever heard that a bug establishes the existence of "a vastlhy rich ecosystem".

      • 5530

        In reply to MikeGalos:

        The author of this post is not Paul, it's Rafael Rivera. See above

  3. 5530

    Lol, such heightened stability and security from all these Modern (tm) platforms.

  4. 442

    Wait, a program crashes an OS?  Wow, that's never happened before... ;)

  5. 3216

    Will this nonsense ever end?  Everything coming out of Microsoft for the past 18 months has been at least partially broken.  What little is left of their reputation is slowly spiraling down the flusher.

     

  6. 1377

    If drivers are at fault, are those drivers included in Windows Store desktop apps, or are they part of the underlying Windows 10 in its fully driver-laden glory? If drivers included with apps, then deprecated Registry calls should have been caught by the Desktop Bridge. If drivers not included, that raises the more fundamental question whether Desktop Bridged desktop software may be fundamentally MORE DANGEROUS to run than standard desktop software which could work in Windows 7. Either way, this doesn't look like hindsight to me. Rather it looks like MSFT just plain failed to test thoroughly.

    That leads to very awkward questions. Is Windows too big to test? Or is it just too expensive for a for-profit company to test Windows adequately?

    • 5234

      In reply to hrlngrv:

      Drivers are often the problem of Windows - it doesn't matter where they come from.

       

      In answer to your last question, Windows is too big for Microsoft to properly test.  They obviously saw it as being too expensive to test, since they laid off all kinds of internal testers and aren't contracting QA firms anymore - it's all up to the public: a bunch of amateur users that have never been trained to be proper testers, don't have access to internal API's, don't know how to document anything accurately, and aren't being paid for any of their work....oh, and what Microsoft calls "Experience Data", which is essentially just logs of what your computer is doing - ANYTHING it's doing.

      • 1377

        In reply to Waethorn:

        Re drivers, my concern is that Desktop Bridge might EXACERBATE driver problems precisely because the added security that Desktop Bridge is supposed to provide might actually be more fragile with drivers using deprecated system calls or approaches to interacting with the Windows kernel or registry. IOW, maybe Desktop Bridge makes desktop software less robust.

      • 442

        In reply to Waethorn:

        I'd think that people are the main problem of any computer system.  PEBKAC <- look it up.

        Also, keep in mind there is no such thing as bug free software (look that up too....)

        • 1377

          In reply to Narg:

          Granted no such thing as bug-free software or error-free processes, but one hopes for improvement in software and processes over time. Little evidence of any improvements in MSFT's Windows Update processes.

  7. 1294

    And here I was planning on switching from the deaktop Kodi to the App so it would automatically update as needed

  8. 5234

    This thing still won't convert iTunes.

     

    Just saying....

  9. 5234

    Just another point of contention:

    Windows 10 AU build 222 is crashing on boot with the Chinese IME installed.

    "Software problems are hard" can be heard echoing through the now-empty QA lab halls in Redmond.

  10. 5394

    "Microsoft already fixed this issue."  That's not what you should be saying... "They are fixing this issue."

    • 5643

      In reply to glenn8878:

      Unless, as it seems to suggest, they have a patch that fixes the problem, but it's moving through the various test rings to ensure that it doesn't break anything else in the process.

      • 5394

        In reply to darth3pio:

        Until it is out, it's not fixed.

        • 96

          In reply to glenn8878:

          If a kid gives you a toy to fix and you repair it but missed an opportunity to return it, is it then not fixed?

          • 5234

            In reply to WithinRafael:

            Welcome to the world of computer repair.  People leave computers all the time at my shop that they don't pick up after they've been fixed (or in some cases can't be fixed).  I figure they go out and see something on sale somewhere else to replace it with, and stand me up, rather than facing the diagnostic and/or repair bill - which I might add, is cheaper than ALL of the other computer shops in the area, especially the big box electronics stores nearby (but I'm not tooting my own horn here).

          • 5484

            In reply to WithinRafael:

            Philosophically, I guess that depends on whether you have a copy of the toy, and promise to fix the kid's toy when you're done. :-)

            Sure MS might have a fix, but for ~400 million customers, their computers aren't fixed.  (Obviously it's only affecting a subset..)

          • 180

            In reply to WithinRafael:

            I think it's fair to say it wasn't as clear as it could be, although perhaps a little pedantic. "Microsoft is currently testing a fix. You should see it go out to Windows Insiders..." might be a bit better. And get these folks off your back, more importantly.

          • 5394

            In reply to WithinRafael:

            I guess not because it wasn't returned. Do you also tell your teacher the dog ate your homework? Many software fixes are buggy that can crash a computer. So are they fixed? Not until they fix the buggy fix.