Microsoft yanks two buggy Office patches but keeps pushing one that crashes

Credit to Author: Woody Leonhard| Date: Mon, 19 Nov 2018 08:15:00 -0800

Two related Office 2010 non-security patches issued on Nov. 6 were pulled on Nov. 17. KB 4461522 and KB 2863821 are both related to changes coming in the Japanese calendar next month attributed to the abdication of Emperor Akihito in favor of his son, Naruhito. The event has been compared to the Y2K problem in the west. It’s not clear why two patches were released on Nov. 6 to accommodate that calendar change, but both KB articles now sport the admonition:

After you install this update, you may experience crashes in Microsoft Access or other applications. To resolve this issue, uninstall the update by following the instructions in the “More information” section.

This update is no longer available.

Windows observers WZorNET claim that the problem is more widespread:

Please note that this update KB 4461522 causes an error (Entry Point Not Found: The procedure entry point GetDateFormatEx could not be located in the dynamic link library KERNEL32.dll) when you run Office 2010 – 32-Bit, Word, Excel, and others when working with Windows XP.

Accordingly, those patches have been pulled from the Microsoft Update Catalog. There’s no indication when they’ll be back.

Also on Friday, Microsoft officially confirmed that the November Outlook 2010 security patch, KB 4461529, causes the 64-bit version of Outlook 2010 to crash or freeze on startup. It’s a problem we’ve known about since Wednesday, the day after the patch was released. The KB article has been modified to say:

After  you install the 64-bit version of this security update, Outlook may crash on start-up.

A separate advisory states:

After updating Outlook 2010 to the November 2018 Public Update KB 4461529 Outlook crashes or closes suddenly on start up. The issue only affects 64-bit installations of Outlook 2010.

More Information

In the Application Event Viewer the following event details are observed:

Faulting application name: OUTLOOK.EXE, version: 14.0.7224.5000, time stamp: 0x5bcb80d1

Faulting module name: olmapi32.dll, version: 14.0.7224.5000, time stamp: 0x5bcb809a

Exception code: 0xc0000005

Fault offset: 0x000000000001e4b9

Faulting process id: 0x3998

Faulting application start time: 0x01d47d3befb78cd8

Faulting application path: C:Program FilesMicrosoft OfficeOffice14OUTLOOK.EXE

Faulting module path: C:Program FilesMicrosoft OfficeOffice14olmapi32.dll

Microsoft is investigating the issue and we will update this page when further details become available. As a workaround, you could try using Outlook Web Access.

Caution: We do not recommend removing security update KB 4461529.

Which is a bizarre turn of events. The patch covers four separate security holes in Outlook 2010, identified as CVE-2018-8522, -8524, -8576 and -8582. All four of those security weaknesses are rated “Important” (which means they aren’t) and have no known exploits or public disclosures.

While Microsoft figures out a way to fix the fix, you’re instructed to use a product that doesn’t look or act one whole heckuvalot like Outlook 2010. Adding injury to insult, at the moment Office 365 OWA using Multi-Factor Authorization is down.

Join us to get your Office questions answered on the AskWoody Lounge.

http://www.computerworld.com/category/security/index.rss