Microsoft goofs up Patch Tuesday, forced to re-release security patches

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Buggy Microsoft OfficeOh dear oh dear oh dear.

Regular readers of grahamcluley.com will know that we’re very keen for computer users to keep on top of the latest security patches, ensuring that their systems are defended from potential attack by hackers.

But what happens when the patches go wrong?

Unfortunately, Microsoft has (once again) found itself in the embarrassing position of admitting problems with some of its latest Patch Tuesday fixes.

Sign up to our free newsletter.
Security news, advice, and tips.

A blog post by the firm confirms that it has re-released a host of security updates, after the patches wanted to be installed over and over and over and over again…

Since the shipment of the September 2013 Security Bulletin Release, we have received reports of updates being offered for installation multiple times, or certain cases where updates were not offered via Windows Server Update Services (WSUS) or System Center Configuration Manager (SCCM).

We have investigated the issue, established the cause, and we have released new updates that will cease the unnecessary re-targeting of the updates or the correct offering of these updates.

Here is the list of bulletins that have been reissued in order to fix the updating bug:

Microsoft Security Bulletin MS13-067:

    Security Update for Microsoft Office SharePoint Server 2007 (KB2760589)

Microsoft Security Bulletin MS13-072:

    Security Update for Microsoft Office 2007 suites (KB2760411)
    Security Update for Microsoft Office 2010 (KB2767913)

Microsoft Security Bulletin MS13-073:

    Security Update for Excel 2003 (KB2810048)
    Security Update for Microsoft Office Excel 2007 (KB2760583)
    Security Update for Microsoft Office Excel Viewer 2007 (KB2760590)
    Security Update for Microsoft Office 2007 suites (KB2760588)

Microsoft Security Bulletin MS13-074:

    Security Update for Microsoft Office 2013 (KB2810009) 64-Bit Edition

Non-security updates:

    Update for Microsoft PowerPoint 2010 (KB2553145)
    Update for Microsoft PowerPoint Viewer 2010 (KB2553351)

Furthermore, Microsoft has now confirmed the mutterings I reported last week about problems with a non-security update for Outlook 2013 that caused the folder pane to disappear.

Microsoft described the problem as being caused by “a version incompatibility between outlook.exe and mso.dll”.

Outlook bug

If both versions are earlier (lower) than 4535.1000, or both versions are later (higher) than 4535.1000, the problem does not manifest. If one file is updated but the other is not, the problem is evident. The incompatible state is created by installing either the September Public Update OR the August Cumulative update, but not both. Users of MSI-based products that have automatic updates enabled are those that are most likely to have encountered the issue.

Microsoft has pulled the offending Outlook 2013 update, while it works on creating a version that works properly.

Following so soon after last month’s buggy security update, one has to wonder what’s going wrong at Microsoft Quality Control.

The company can’t afford to keep messing up like this. The risk is that millions of users around the world will begin to question Microsoft’s ability to properly patch security vulnerabilities, and lose trust in the firm.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

5 comments on “Microsoft goofs up Patch Tuesday, forced to re-release security patches”

  1. Spryte

    Yes even my Friday update was flaky…

    I thought it would just need a reboot (as it said), but guess what?
    After installing the necessary updates and letting the old Vista laptop reboot,,, No WiFi !?!?
    So I thought perhaps it needs a full shutdown.
    Shut it down for a couple of minutes and after powering back on my WiFi worked?!?

    But then again, it was Friday the 13th.

  2. "The company can’t afford to keep messing up like this. The risk is that millions of users around the world will begin to question Microsoft’s ability to properly patch security vulnerabilities, and lose trust in the firm."

    Of course it can. As Bruce Schneier pointed out in "Secrets and Lies": "Real security improvement will only come through liability: holding software manufacturers accountable for the security and, more generally, the quality of their products." Microsoft is the most egregious example of a corporation holding a virtual monopoly over a product for which it disclaims all responsibility. You can't sue Microsoft for security inadequacies, and millions of people all over the world are tied in to Microsoft products for which they have no practical alternative, so a few botched patches are neither here nor there as far as Microsoft is concerned. Their attitude to their "customers" – the non-corporate ones at any rate – is simply to offer them a few online forums to sound off in, monitored by supposed MS support experts whose invariable response to any problem that they don't understand is to recommend booting into safe mode and disabling drivers.

    Get real, Mr Cluley. Many users around the world questioned Microsoft's security capabilities and lost trust in Microsoft years ago, but have to use their software and work around the problems. Microsoft isn't going to lose its customer base and go bust any time soon.

  3. Jay

    MS not the only ones to goof – the table above makes no sense.

    Mso.dll 4535.1000 falls in both columns.

    1. Graham CluleyGraham Cluley · in reply to Jay

      Well, it's Microsoft's table…

      I grabbed it from here: http://blogs.technet.com/b/office_sustained_engineering/archive/2013/09/11/outlook-folder-pane-disappears-after-installing-september-2013-public-update.aspx

      But yeah, it does seem kinda confusing!

      1. Mark · in reply to Graham Cluley

        I reckon it's correct – between wouldn't include the top and bottom.

Leave a Reply to Spryte Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.