Regular readers of grahamcluley.com will know that we’re very keen for computer users to keep on top of the latest security patches, ensuring that their systems are defended from potential attack by hackers.
But what happens when the patches go wrong?
Unfortunately, Microsoft has (once again) found itself in the embarrassing position of admitting problems with some of its latest Patch Tuesday fixes.
A blog post by the firm confirms that it has re-released a host of security updates, after the patches wanted to be installed over and over and over and over again…
Since the shipment of the September 2013 Security Bulletin Release, we have received reports of updates being offered for installation multiple times, or certain cases where updates were not offered via Windows Server Update Services (WSUS) or System Center Configuration Manager (SCCM).
We have investigated the issue, established the cause, and we have released new updates that will cease the unnecessary re-targeting of the updates or the correct offering of these updates.
Here is the list of bulletins that have been reissued in order to fix the updating bug:
Microsoft Security Bulletin MS13-067:
Security Update for Microsoft Office SharePoint Server 2007 (KB2760589)
Microsoft Security Bulletin MS13-072:
- Security Update for Microsoft Office 2007 suites (KB2760411)
Security Update for Microsoft Office 2010 (KB2767913)
Microsoft Security Bulletin MS13-073:
Security Update for Excel 2003 (KB2810048)
Security Update for Microsoft Office Excel 2007 (KB2760583)
Security Update for Microsoft Office Excel Viewer 2007 (KB2760590)
Security Update for Microsoft Office 2007 suites (KB2760588)
Microsoft Security Bulletin MS13-074:
Security Update for Microsoft Office 2013 (KB2810009) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145)
Update for Microsoft PowerPoint Viewer 2010 (KB2553351)
Microsoft described the problem as being caused by “a version incompatibility between outlook.exe and mso.dll”.
If both versions are earlier (lower) than 4535.1000, or both versions are later (higher) than 4535.1000, the problem does not manifest. If one file is updated but the other is not, the problem is evident. The incompatible state is created by installing either the September Public Update OR the August Cumulative update, but not both. Users of MSI-based products that have automatic updates enabled are those that are most likely to have encountered the issue.
Microsoft has pulled the offending Outlook 2013 update, while it works on creating a version that works properly.
Following so soon after last month’s buggy security update, one has to wonder what’s going wrong at Microsoft Quality Control.
The company can’t afford to keep messing up like this. The risk is that millions of users around the world will begin to question Microsoft’s ability to properly patch security vulnerabilities, and lose trust in the firm.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.