MS fixes 'external database' bug with patches that have even more bugs

Credit to Author: Woody Leonhard| Date: Fri, 03 Nov 2017 05:58:00 -0700

Yesterday, Thursday, a date which will live in infamy, Microsoft unleashed patches for five versions of Windows. They were supposed to fix the widely reported bug in all of the mainstream October Windows security patches that gave rise to a bogus “Unexpected error from external database driver” message.

It’s too early to assess all of the damage, but reports from many corners say installing these new patches brings back old, unpatched versions of many files. If you installed one of the patches from yesterday, best to uninstall it. Now.

Patch Thursday, Nov. 2, brought five Windows updates (thx, @MrBrian):

That’s an odd list for two reasons.

First, it includes Windows 10 Fall Update, version 1511, which was ceremoniously declared end-of-life last month. As the official announcement says: “After October 10, 2017, Windows 10 devices running version 1511 will no longer receive security and quality updates.” Except, well, here it is November 2, and there’s a bonafide quality update — Microsoft-speak for a bug fix. So much for Windows 10 end-of-life announcements.

Second, it doesn’t include Windows 10 Creators Update, version 1703, the most-used version of Windows 10. I have no idea why Microsoft skipped it, but I’d be willing to speculate that Microsoft wanted to test the waters before unleashing this giant crock on the Win10 masses.

Ends up, that was a smart move.

All of these patches are available only if you download them from the Catalog and manually install them. They are not part of Windows Update, they weren’t rolled out the Automatic Update chute.

All of these patches are explicitly directed at fixing the bug introduced by Microsoft as part of its Patch Tuesday rollout on Oct. 10. I warned you about it on Oct. 12 and gave full details on Oct. 17. (Yet another reason to avoid auto updates, yes?)

In short, programs that import and export .xls files — programs that have worked for many years — suddenly turned belly-up with a nonsensical “Unexpected error from external database driver” error message after receiving the October security update.

Each of yesterday’s patches has this explanation:

Improvements and fixes

This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:

If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.

Again, “quality improvements” in Microsoft-speak means “bug fixes.”

Just one little problem. Installing any of those five new updates can re-enable older Windows security patches, which may have problems of their own. As @abbodi86 says on AskWoody.com:

They made the same mistake like in Windows 7 OOB update KB4039884. They made 4052234 (Win 7) & 4052233 (Win 8.1) part of the monthly rollup series, but both are small partial rollups. Installing them will cause a lot of old components (files) to be active instead the latest components in full rollups (security or preview).

To refresh your memory, KB 4039884 is the botched Aug. 28 hotfix that was supposed to fix the problems introduced by Microsoft’s buggy August Windows 7 security rollup. It, too, brought back old files from the grave. Microsoft yanked the patch a day later. It looks like now, two months after the Walking Dead episode for Windows 7, we’re being treated to the same, uh, experience — except now it’s for all Windows versions (other than 1703 and 1709).

Abbodi86 goes on to say:

BTW, only one component seems to be new (msexcl40.dll). Could they not just release it in a normal small update instead of this fiasco?

Lounger ch100 gives a specific example:

I did an Office 2016 64-bit test installation and found that after installing Skype for Business Security Update KB4011159 released in October 2017, the old Security Update for Skype for Business from August 2016 KB3115408 was reactivated. KB4011159 is supposed to include and supersede KB3115408. This is only for the 64-bit version, but it seems not to be the case for the 32-bit version.

The conclusion is clear: If you got suckered into installing one of these five patches, uninstall it now. Wait for Microsoft to get its act together. Don’t be too surprised if all of the patches get yanked from the Catalog soon, just as MS did with KB 4039884 back in August.

On a meta level, I’m getting fed up with all of these botched patches. I bet you are, too. Perhaps Windows has become too old and unwieldy — a Decrepit Operating System. Every month I think, more and more, that Windows should simply be put out to pasture.

Is it time for an Old Yeller ending?

The discussion continues on AskWoody.com

Thx to @MrBrian, @abbodi86, @ch100, @PKCano, @Kirsty, Yuhong Bao, Günter Born, Martin Brinkmann, and many other sharp-eyed readers.

http://www.computerworld.com/category/security/index.rss