Where are the fixes to the botched Outlook security patches?
Credit to Author: Woody Leonhard| Date: Fri, 21 Jul 2017 05:39:00 -0700
On June 13—five and a half weeks ago—Microsoft released a series of buggy patches for Outlook. We know they’re buggy because Microsoft acknowledged seven bugs (including one primarily caused by bugs in Windows patches) in those four original June 13 security patches. As of this morning, we still don’t have fixes for those seven bugs.
Here are the known buggy original security patches:
If you have Automatic Update turned on, you were treated not only to those patches, but to all of these three later, interim fixes for the bugs in the security patches. Don’t get too excited about them. In fact, they didn’t fix the bugs:
Those KB numbers don’t line up with the originally buggy security patch numbers because Microsoft didn’t re-release the bad patches. These new interim patches aren’t cumulative. In other words, in order to get Outlook 2016 patched, for example, you had to install the June 13 patch, then install the June 30 patch. Except, well, the June 30 patch didn’t fix the problems created by the June 13 patch.
Got that?
Lots of Outlook users and admins have been waiting for new fixes ever since Microsoft pulled the three interim patches on July 15. (Outlook 2007 never received an interim patch.) If Microsoft’s told anyone why they pulled those interim patches, I haven’t heard about it. I haven’t seen any instructions about removing the interim patches. We’re all left sitting in limbo.
On Monday, Microsoft sent its largest customers a secret email saying they would release new patches on Tuesday.
The new security updates scheduled for release are intended to address currently unresolved functional issues affecting Outlook.
But Tuesday came and went, and there weren’t any new patches—re-issues, interim, cumulative or otherwise.
One of the “fixes” to the Outlook bugs proposed by Microsoft relies on patches to Windows itself, and those patches are going through a mind-numbing series of flip-slops. Anybody who used Automatic Update this past month has seen their systems flop around like a beached bluegill.
Ball’s in your court, again, Microsoft.
Discussion continues on the AskWoody Lounge.
http://www.computerworld.com/category/security/index.rss