The case of the missing Microsoft security update

Graham Cluley
Graham Cluley
@

 @grahamcluley.com
 @[email protected]

Missing patchAs pre-announced last week in Microsoft’s advance notification, there were supposed to be 14 security bulletins released in this month’s swathe of “Patch Tuesday” updates.

However, it seems only 13 made the grade, leaving many system administrators scratching their head as to whether they’re missing something.

MS13-067 through to MS13-079 were released, combatting a range of vulnerabilities ranked variously as “Critical”, “Important”, “High”, Medium” and “Low”, and dealing with software as diverse as Sharepoint, Outlook, Internet Explorer, Windows, Office, and FrontPage amongst others.

It seems that the missing bulletin failed to adequately pass testing, and has held back until it’s ready for future release.

Sign up to our free newsletter.
Security news, advice, and tips.

That seems to me like a sensible move by Microsoft. After all, it were to issue buggy security updates (such as those that happened last month) they might cause more trouble for users than the problem they are trying to fix.

And, after all, Microsoft claims that the vulnerabilities dealt with by the missing security update are not being exploited by hackers at this time:

We are committed to delivering high-quality security updates for our customers and extensively test each bulletin prior to release. During some additional testing after advance notification, we determined one of the updates was not quite ready. We have not detected any attacks against this issue, or any of the others addressed today, and we’ll continue to work on the bulletin and release it once it is ready, through our regular bulletin release process.

My advice? Go and grab yourself Microsoft’s latest Patch Tuesday updates, and cross your fingers that they are able to iron out the remaining problems in the missing update as soon as possible.

Oh, and while you’re at it, make sure that you are also aware of the critical patches that Adobe released on Tuesday – protecting against flaws in Adobe Reader and Flash.

PS. Meanwhile I read that a non-security update for Outlook 2013 is causing problems for some users today.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky, Mastodon, and Threads, or drop him an email.

One comment on “The case of the missing Microsoft security update”

  1. sky

    Microsoft needs to test windows patch intensively. Office 2007 patches trapped in installation loop ( http://answers.microsoft.com/en-us/windows/forum/windows_7-windows_update/updates-trying-to-install-over-and-over-again/2a624908-f4b1-46d8-87ed-caa09674ff4f )

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.