Microsoft reissues Patch Tuesday fixes to address install glitches

Share this article:
The software giant had to re-release several patches yet again.
The software giant had to re-release several patches yet again.

Microsoft was forced to, again, address bugs in its monthly Patch Tuesday security update – this time, reissuing four security bulletins for customers.

The software giant announced that the new patches were available last Thursday on its blog, just two days after it released its scheduled Patch Tuesday update for buggy products.

New patches were made available for four security bulletins: MS13-067, MS13-072, MS13-073 and MS13-074, which addressed bugs in a host of Microsoft Office products, including Excel and SharePoint Server. Non-security updates were also re-released for Microsoft PowerPoint 2010, KB2553145 and PowerPoint Viewer 2010, KB2553351.

According to the company, customers complained about updates attempting to reinstall numerous times on their machines. In other instances, patches weren't made available to customers.

“Since the shipment of the September 2013 security bulletin release, we have received reports of updates being offered for installation multiple times, or certain cases where updates were not offered via Windows Server Update Services (WSUS) or System Center Configuration Manager (SCCM),” the blog post said. “We have investigated the issue, established the cause, and we have released new updates that will cease the unnecessary re-targeting of the updates or the correct offering of these updates.”

In a Monday blog post, security researcher Graham Cluley wrote that the reoccurring issues with Patch Tuesday releases was highly concerning given the number of users that rely on the fixes.

Just last month, Microsoft pulled a patch that addresses three vulnerabilities in Exchange Server. In that incident, the Patch Tuesday fix was scrapped after Microsoft became aware that installing it caused problems.

“Following so soon after last month's buggy security update, one has to wonder what's going wrong at Microsoft Quality Control,” Cluley wrote. “The company can't afford to keep messing up like this. The risk is that millions of users around the world will begin to question Microsoft's ability to properly patch security vulnerabilities, and lose trust in the firm.”

Microsoft did catch one bug in its Patch Tuesday update before dispatching the release. The company had originally planned to release 14 fixes, but only shipped 13 last week, leaving out one patch that would have addressed an issue in its .NET software framework, which could allow denial-of-service.

SCMagazine.com reached out to Microsoft about the reissued updates, but did not immediately hear from the company.

UPDATE: In an email to SCMagazine.com on Monday evening, a Microsoft spokesperson commented on another non-security update that was pulled from its Patch Tuesday release last week. The fix for Outlook 2013 was removed after the company "investigated reports of some difficulties" with the update.

In the email, Dustin Childs, group manager of Microsoft Trustworthy Computing, also said that Microsoft was "actively looking at where improvements can be made with the goal of reducing implantation issues" for customers.

“The quality of security updates is critical to our customers, and it is a high priority for us too," Childs wrote, later adding that Microsoft will "remain transparent with our customers about security threats, protections and update issue resolution."

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Reported breaches involving zero-day bug at JPMorgan Chase, other banks

Reported breaches involving zero-day bug at JPMorgan Chase, ...

Hackers exploited a zero-day vulnerability and gained access to sensitive information from JPMorgan Chase and at least four other financial institutions, reports indicate.

Data on 97K Bugzilla users posted online for about three months

During a migration of the testing server for test builds of Bugzilla software, data on about 97,000 Bugzilla users was inadvertently posted publicly online.

Chinese national had access to data on 5M Arizona drivers, possible breach ...

Although Lizhong Fan left the U.S. in 2007, the agencies responsible for giving him access to Americans' personal information have yet to disclose the details of the case to the public.