Just days after it launched Windows 7 Release Candidate (RC), Microsoft has released a fix for a major flaw that slipped through testing.
The patch, which Microsoft describes as an “Important” update when it appears in Windows Update, was released. Depending on Windows 7's Automatic Updates setting, the fix may have already been downloaded and installed.
According to the accompanying support document, the problem affects only the English-language version of the 32-bit edition of Windows 7 RC.
“The folder that is created as the root folder of the system drive (%SystemDrive%) is missing entries in its security descriptor,” Microsoft acknowledged in the support article. “One effect of this problem is that standard users such as non-administrators cannot perform all operations to subfolders that are created directly under the root. Therefore, applications that reference folders under the root may not install successfully or may not uninstall successfully. Additionally, operations or applications that reference these folders may fail.”
Users will see a generic “Access is denied” error message when some chores, such as deleting a folder, are attempted.
Microsoft said the root cause was that Windows 7 RC 32-bit “incorrectly sets access control lists (ACLs) on the root.” ACLs are essentially lists of permissions.
While the hotfix pushed through Windows Update fixes the flaw, it doesn't repair already-installed applications that may have been crippled by the bug. In fact, Microsoft recommended that to play it safe, users who have already installed Windows 7 RC, and subsequently installed any applications, essentially take a mulligan and do it all over again.
“To make sure that this update does not affect your user experience, we recommend that you take the following actions,” Microsoft said, as it urged users to start the PC from the DVD, reformat the drive or partition where Windows 7 will be installed, re-install Windows 7, and then immediately apply the hotfix via Windows Update before restoring any backups or installing any software.