Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Buggy MS Patch Reports

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Open Discussions

This thread has been marked as locked.
mogs Buggy MS Patch Reports
Expert Contributor 11th Sep, 2013 17:01
Ranking: 2265
Posts: 6,266
User Since: 22nd Apr, 2009
System Score: 100%
Location: UK
September 11th, 2013, 12:38 GMT · By Bogdan Popa
Botched KB2670838 Windows 7 Update Workaround Found

As I’ve reported this morning, some of the updates released by Microsoft on Patch Tuesday are causing problems on a number of Windows computers, including those running XP, Vista, 7, and 8.

It turns out that one of the botched updates, namely KB2670838, is incompatible with some video drivers, so Microsoft’s community moderators are now recommending users on the company’s support forums to get the latest drivers for graphic cards.

“A resolution for KB2670838 has been found - you need to ensure that you have up to date video drivers on your system. Are you still seeing issues after getting the latest video card driver on your system?” Susan Bradley has briefly posted in a Microsoft Community thread.

At this point, there’s no official fix on this, so everybody’s still waiting for Microsoft to step in and at least provide some helpful information on how to deal with the issues.
http://news.softpedia.com/news/Botched-KB2670838-W...

Buggy Microsoft update hamstrings Outlook 2013
Folder pane goes blank after stability and performance update Tuesday; Microsoft pulls update from Windows Update and WSUS

By Gregg Keizer
September 11, 2013 06:50 AM ET

Computerworld - An Office 2013 non-security update, part of yesterday's massive Patch Tuesday, blanks the folder pane in Outlook 2013, the suite's email client, drawing complaints from customers on Microsoft's support forum.

The update, identified as KB2817630, was meant to quash a several stability and performance bugs in a number of the suite's components, including Excel, SharePoint Server and Lync; fix a problem that caused Office to freeze when a document was opened in the "Protected Mode" sandbox; and more.

Instead, it emptied Outlook 2013's folder pane.

More to read here :-
http://www.computerworld.com/s/article/9242322/Bug...

Update for Outlook 2013 breaks folder pane
Summary: A non-security update served by Windows Update today for Office 2013 users causes problems with Outlook. This is just one in a recent series of quality control problems for Microsoft updates.

Larry Seltzer
By Larry Seltzer for Zero Day | September 10, 2013 -- 21:29 GMT (22:29 BST)

[Update: This story has been edited to fix an incorrect link to the update description.]

One of the many updates served today to users by Microsoft through Windows Update is causing problems for users running Office 2013.

The update, labeled "Update for Microsoft Office 2013 (KB2817630) 32-bit Edition" or "Update for Microsoft Office 2013 (KB2817630) 64-bit Edition", contains bug fixes, and stability and performance improvements. After applying it, many users are reporting on TechNet that the Outlook folder pane is left empty. Many are also reporting that uninstalling the KB2817630 update fixes the problem.

Read the full story here :-
http://www.zdnet.com/update-for-outlook-2013-break...

--

mogs RE: Buggy MS Patch Reports
Expert Contributor 12th Sep, 2013 12:51
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
September 12th, 2013, 09:35 GMT · By Bogdan Popa
Microsoft Updates KB2760411, KB2760588, and KB2760583 Patch Pages

Users are still experiencing problems with some of the updates released yesterday as part of the Patch Tuesday cycle, but Microsoft continues to say little about these problems.

The company has, however, updated the official pages of the patches with the known issues, explaining that some users might get stuck into an installation look for three different fixes.

KB2760411, KB2760588, and KB2760583 are all causing the same problems on a number of computers, the company briefly said without providing any other specifics.

“You may be repeatedly offered this update even though it is already installed. Microsoft is researching this problem and will post more information in this article when the information becomes available,” the notification published earlier today reads.

In the meantime, users experiencing problems are recommended to remove and hide the patches from Windows Update until Microsoft rolls out an official fix.
http://news.softpedia.com/news/Microsoft-Updates-K...

September 12th, 2013, 07:36 GMT · By Bogdan Popa
Microsoft Pulls KB2817630 Patch from Windows Update Servers

Microsoft has confirmed in a post on the TechNet blogs that the KB2817630 update released on Patch Tuesday is indeed causing problems to a number of users due to what seems to be a compatibility issue with Outlook 2013.

While the company said that it’s still working on a fix right now, it also advised users to uninstall and hide the patch from the Windows Update screen.

“Due to a version incompatibility between outlook.exe and mso.dll, a mismatched reference to a data structure causes the ‘Minimize’ button in the navigation pane to render incorrectly, typically extremely large to the point that the navigation pane is ‘invisible’ to the user. The issue only manifests when incompatible versions of outlook.exe and mso.dll exist on the system,” the company said.

“If both versions are earlier (lower) than 4535.1000, or both versions are later (higher) than 4535.1000, the problem does not manifest. If one file is updated but the other is not, the problem is evident. The incompatible state is created by installing either the September Public Update OR the August Cumulative update, but not both. Users of MSI-based products that have automatic updates enabled are those that are most likely to have encountered the issue.”

Microsoft says that both Office 2013 Standard and Office 2013 Professional Plus are affected by this buggy update, while all the other versions are on the safe side. Office 2013 Home & Student and Office 365, for example, should work flawlessly after the latest update.

In addition, the company has promised to re-release the botched update sometime in the near future, with the correct patch to be delivered via the same Windows Update feature that’s available in the operating system.

Until then, make sure you uninstall and hide the patch from the Update screen, just to make sure it doesn’t break down your Office 2013 installation.
http://news.softpedia.com/news/Microsoft-Pulls-KB2...

--
Was this reply relevant?
+0
-0
mogs RE: Buggy MS Patch Reports
Expert Contributor 13th Sep, 2013 11:18
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
September 13th, 2013, 07:57 GMT · By Bogdan Popa
KB2589275 Update Breaking Down File Associations on Windows 7

This month’s Patch Tuesday is slowly becoming Botched Tuesday, as reports keep coming on updates released by Microsoft that are doing more harm than good.

This time, users are claiming that KB2589275 is messing up Office file associations on Windows 7, with no official fix available for the time being.

Here’s what one user said in a post on Microsoft Community:

“I have Windows 7 Home Edition and use the included MS Word and Excel 2010 Starter editions. My computer downloaded and installed Windows updates last night, and this morning when I turned it on, I notice immediately that icons have changed for my Word and Excel files.

“This quickly leads to the discovery that apparently the file associations are broken, because it asks if I want to us ‘MS OFFICE’ to open either kind of file, and I can't seem to locate the .exe files for Word or Excel to associate these file types with (probably my malfunction).”

At this point, it appears that running MS Word with the /r parameter is the only way to fix the problem, as update removal isn’t yet recommended. To do this, click on Start, hit Run and type “winword.exe /r” to launch the application and temporarily fix file associations.

According to Microsoft, the KB2589275 update was supposed to fix flaws in Microsoft Office 2010, including problems concerning custom filters and the built-in view modes.

The patch was aimed at basically all Office 2010 version, as it follows: Microsoft Office Home and Business 2010, Microsoft Office Home and Student 2010, Microsoft Office Professional 2010, Microsoft Office Professional Academic 2010, Microsoft Office Professional Plus 2010, Microsoft Office Standard 2010, and Microsoft Office Starter 2010.

We’re still waiting for an official comment from Microsoft on this, as the company is most likely investigating the problem as we speak.
http://news.softpedia.com/news/KB2589275-Update-Br...

--
Was this reply relevant?
+3
-1
taffy078 RE: Buggy MS Patch Reports
Contributor 13th Sep, 2013 17:54
Score: 408
Posts: 1,335
User Since: 26th Feb 2009
System Score: 100%
Location: UK
How are you, young man? Well, I hope.

Good to see you're still very much on the ball - this affected me so I've posted in the PSI section.

I've also posted a link to here on the Norton forum

http://community.norton.com/t5/Forum-Feedback/Mr-T...

as there's not much evidence yet that ordinary users are aware of these Microsoft update issues.

Keep up the good work, Mogs. Will get in touch when my crown green bowling season ends in a few weeks!

--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003
Was this reply relevant?
+0
-0
taffy078 RE: Buggy MS Patch Reports
Contributor 13th Sep, 2013 17:56
Score: 408
Posts: 1,335
User Since: 26th Feb 2009
System Score: 100%
Location: UK
PS I've also emailed a link to here to all of my family and friends - both of them (!).

One funny smartypants has replied "get a MAC - you won't have any problems!". Is that true?

--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003
Was this reply relevant?
+0
-0
mogs RE: Buggy MS Patch Reports
Expert Contributor 13th Sep, 2013 18:15
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
@taffy

I'm touchy today about mention of being on the ball !! The wife just got me a heavymetal wizard paperweight with a philosopher's stone firmly esconced between his legs !!

--
Was this reply relevant?
+0
-0
mogs RE: Buggy MS Patch Reports
Expert Contributor 14th Sep, 2013 06:51
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
@taffy

One funny smartypants has replied "get a MAC - you won't have any problems!". Is that true?

Mac users: You have to patch too
Summary: OS X and Mac applications have security vulnerabilities too; some people still don't believe it, but it's true. Here are the latest ones and why you need to take them seriously.

By Larry Seltzer for Zero Day | September 13, 2013 -- 15:35 GMT (16:35 BST)

The release yesterday of OS X 10.8.5 caps a a fairly busy security update season for Mac users. Yes, you thought Windows users were getting all the grief? In fact, Mac users have a lot of work to do too to keep their systems safe. And it's not just updates from Apple you need.

Along with 10.8.5, Apple released Security Update 2013-0004 for OS X 10.7 (Snow Leopard) and for 10.8 (Lion) and a separate security update for Safari for Mac on Lion (10.6), bringing it to version 5.1.10.

The security updates in 10.8.5 and 2013-004 address 31 separate vulnerabilities, the oldest of which was confirmed and fixed 18 months ago. Taking forever to patch vulnerabilities is common for Apple. A total of 9 vulnerabilities patched in these latest updates date from 2012, although these all seem to be in server processes such as Apache and OpenSSL.

But many are the type to affect most Mac users: Two vulnerabilities in the handling of graphic data in PDF files, both reported to Apple by Google, could result in malicious code execution simply by opening a PDF.

Lots more to read here :-
http://www.zdnet.com/mac-users-you-have-to-patch-t...


Why all the errors in Microsoft updates lately?
Summary: September makes 3 months in a row that Microsoft has issued buggy patches, 3 of which had to be pulled from distribution. Perhaps Microsoft has too many products to have one patch cycle.

Larry Seltzer
By Larry Seltzer for Zero Day | September 13, 2013 -- 12:30 GMT (13:30 BST)

Read the article here :-
http://www.zdnet.com/why-all-the-errors-in-microso...

--
Was this reply relevant?
+0
-0
mogs RE: Buggy MS Patch Reports
Expert Contributor 14th Sep, 2013 20:41
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft fixes bad patch detection
Summary: Several of the security updates released by Microsoft this past Tuesday repeatedly offered themselves even after installation. This has been fixed. If you have hidden the update, unhide it and install.

Larry Seltzer
By Larry Seltzer for Zero Day | September 14, 2013 -- 13:28 GMT (14:28 BST)

One of the many problems Microsoft has had lately with their software updates is that several of the updates in the last group, released on Tuesday September 10, had a detection error: For many users, even after apparently accepting and installing the update, several would keep offering for install in Windows Update, Windows Server Update Services (WSUS) or System Center Configuration Manager (SCCM).

The company has reissued the following patches to address the problem:

MS13-067 (Critical) — Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2834052)
MS13-072 (Important) — Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2845537)
MS13-073 (Important) — Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2858300)
MS13-074 (Important) — Vulnerabilities in Microsoft Access Could Allow Remote Code Execution (2848637)
Microsoft says that there are no changes in the actual updates, just in the detection of the update on the system. Customers who have already successfully installed the update need not take any action.

Many users hid the update in order to avoid the notifications. These users should unhide the update and install.

http://www.zdnet.com/microsoft-fixes-bad-patch-det...

--
Was this reply relevant?
+0
-0
mogs RE: Buggy MS Patch Reports
Expert Contributor 17th Sep, 2013 11:17
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Patch expert wants Ballmer to get to the bottom of buggy Windows, Office updates
Susan Bradley calls string of flawed patches 'unacceptable;' Microsoft manager argues Office updates are 'very high' quality

By Gregg Keizer
September 16, 2013 02:55 PM ET

Computerworld - A Microsoft MVP -- Most Valued Professional -- and Windows expert has sent company CEO Steve Ballmer a letter asking him to look into the worrisome trend of sub-standard patches that crippled computers, forced IT personnel to scramble to undo snafus and damaged Microsoft's hard-earned reputation.

Susan Bradley, one of the moderators of the Patchmanagement.org email list -- called a "listserv" -- who also frequently offers free advice on Microsoft's support forums and writes a weekly column on patching for the "Windows Secrets" newsletter, posted her Ballmer letter to the list last Wednesday.

"On behalf of everyone in this community, may I respectfully request that you assign someone in a management position to investigate what is going on with quality control with patch testing lately?" Bradley asked Ballmer.

"This month in particular leaves me deeply disturbed that issues that should have been found before these updates were released are being found by us -- your customers -- after they are released and we are having to deal with the aftermath," Bradley continued. "Bottom line, sir, this is unacceptable to all of us in the patching community, and quite frankly, it should be just as unacceptable to you."

Bradley cited issues with many of the Sept. 10 updates, including one that emptied the Outlook 2013 folder pane and four others that repeatedly demanded customers install them even after they had been deployed.

More to read at :-
http://www.computerworld.com/s/article/9242423/Pat...

--
Was this reply relevant?
+0
-0
mogs RE: Buggy MS Patch Reports
Expert Contributor 19th Sep, 2013 19:38
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Another flawed Office update tells users to buy the suite
Breaks file associations in Office 2010 Starter Edition; some customers smell conspiracy

By Gregg Keizer
September 19, 2013 09:49 AM ET

Computerworld - Microsoft yesterday acknowledged yet another problem with its Sept. 10 updates, confirming that one of those fixes broke Office 2010 Starter Edition by changing the file associations of already-created documents.

"After installing this update, some users have reported they are unable to open files by double-clicking them, that the file type icons have changed, and that they must go to the application to open files," Microsoft's Office team said in a company blog post Wednesday.

Some customers, said Microsoft, were even told that they needed to buy a copy of the full-scale Office, which starts at $140 for Office Home & Student 2013.

Lots more to read at :-
http://www.computerworld.com/s/article/9242514/Ano...

--
Was this reply relevant?
+0
-0
mogs RE: Buggy MS Patch Reports
Expert Contributor 20th Sep, 2013 14:23
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
September 20th, 2013, 09:35 GMT · By Bogdan Popa
Microsoft Acknowledges Botched KB2589275 Update, Releases Workaround

I’ve already reported to you that one of the updates released by Microsoft on Patch Tuesday breaks down file associations on a number of Windows 7 computers, but the company has only now acknowledged the issues.

The Office team wrote in a blog post that the KB2589275 patch indeed messes up file associations for the productivity suite and confirmed that a fix is in the works as we speak.

At the same time, Microsoft released two simple workarounds for those who need work with Office until a patch comes out, as it could take a few more days until this happens.

Basically, users are recommended to right-click any Office document they might want to open and use the “Open with” option in the context menu to easily launch Word, Excel, PowerPoint or any other tool included in productivity suite.

In addition, they can manually launch the “Programs and Features” screen in Control Panel and hit the repair option next to the Microsoft Office entry to quickly fix all issues.

http://news.softpedia.com/news/Microsoft-Acknowled...

--
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer