Microsoft endures Patch Horror Day on Friday 13th - issues updates to 8 of 13 updates

Filed Under: Featured, Microsoft, Vulnerability

Have you ever watched a cricket match on TV? (North American readers: imagine a game of baseball with more swashbuckle and proper trousers.)

If so, you'll know there's always a bit where one of the commentators says something like, "Swaandijve has been by far the most reliable outfielder in the Dutch team [*] over the last two seasons."

You know instinctively what's about to happen.

As soon as the words are out of the expert's mouth, the hapless Mr Swaandijve drops a catch that even you or I could have taken with our eyes closed.

Well, I've just taken my own Swaandijve.

Last weekend, I made a joke about Friday the Thirteenth no longer implying anything in computer security circles except that it was a week with a Patch Tuesday in it.

And what happened?

Friday the Thirteenth turned into Patch Horror Day for Microsoft, as Redmond release engineers waited, no doubt with bated breath, to see if they had solved the problems that required eight out of 13 security patches to be reissued.

Last month, of course, Microsoft turned out a couple of patches that didn't work properly; this month, patching worked far too keenly for some users.

Soon after we'd written up our Tuesday recommendations, concluding with our usual imprecation to "patch early, patch often" (this time, in fact, we said, "Best get patching right away, then!"), we began to see worried comments appearing on Naked Security.

The updates started OK, but then wouldn't stop, coming "over and over," or even "over and over and over," as one reader put it.

We're assuming that that Microsoft has sorted it all out now, with the updates to the updates correctly breaking out of the continuous update cycle.

(We haven't heard of any complaints about the patches to the patches; please tell us your experiences in the comments.)

The reissued security updates are:

Two non-security updates for PowerPoint were affected, too, listed as KB2553145 (PowerPoint 2010), and KB2553351 (PowerPoint Viewer 2010).

→ For some corporate customers, the problem apparently also showed up in inverse form, with updates failing to appear on their update servers at all. The "missing patches" issue was fixed at the same time as the "far too many patches", though it may have been a blessing in disguise. If the faulty patches had turned up, they might well have clogged up the network with updates happening over and over again.

In Microsoft's own words:

We have investigated the issue, established the cause, and we have released new updates that will cease the unnecessary re-targeting of the updates or the correct offering of these updates.

That's a textbook example of both orotundity and anacoluthon, but I think I have wrestled it into English:

Microsoft now knows what went wrong. It has issued new patches that will show up correctly on your update servers, and will install just once to each computer.

Best get patching right away, then!

[*] Yes, the Dutch play cricket seriously, to a high standard.

Image of Horroresque face on old-school TV courtesy of Shutterstock.

, , ,

You might like

14 Responses to Microsoft endures Patch Horror Day on Friday 13th - issues updates to 8 of 13 updates

  1. YES gave me horrors started on Thurs. Even tweeted M/soft Help 4 no help figured out myself how 2 stop/fix Thought it was Microsoft Tues.

    Took my stupid hat off: went into Programs > clicked on M/Office > clicked on Repair > did a restart > problem solved. I tweeted what I did back to Microsoft Help they were happy

    I knew it got stuck in a groove but that stuck 45 updates on the same thing M/Office 2007

    Microsoft Help sent me a survey to complete on how good they did HUH

  2. randygmuller · 313 days ago

    I installed the patches on Tuesday. Immediately after that, Windows update wanted to install two more for Office 2007 (which I do not use), so I went ahead without thinking anything of it. Again, it wanted to install the same two over again. That got my attention, so I paid more attention and went and ahead and did it again, carefully making sure I was not doing something to cause it repeat.

    It then wanted to do the same two a fourth time, so I checked to see if any of the times I did it were "successfully" installed. They were, and they all had the same KB number, so I decided not to repeat it endlessly. I went to bed with the little Windows Update icon still actively urging me to update the two "important" updates.

    Sometime between 7:00 UT 14 September and 21:30 UT 14 September, Windows update no longer wished to update anymore.

    I don't think they were updates to the updates. I think they were just updates that failed to register somewhere as completed.

    • Paul Ducklin · 313 days ago

      Microsoft's Sustained Engineering team (see quote and links above) used the words "we have released new updates."

      This certainly gives the impression that an update to the update is needed to make the update notification go away (did that make sense?)...in other words that a tweak on the server side was not enough on its own.

      • Well I did not install any new updates but the repeatedly offered ones disappeared on its own. They are no longer offered to be updated.

  3. Guest · 313 days ago

    they should keep trying. around 3 hours ago the problem was not solved.
    seems like they're spending too much resources on pleasing the NSA instead of their customers :-(

  4. Fred · 313 days ago

    Thanks Paul

  5. Jack Benton · 313 days ago

    I didn't have a problem with the original updates here in Chicago.........Just checked and nothing here. I didn't have the asking to install over and over.

  6. so you mean that office 2010 are not affected by this bug?

    • Paul Ducklin · 313 days ago

      The "two non-security updates" I mentioned in the article without enumerating are listed as:

      * Update for Microsoft PowerPoint 2010 (KB2553145)
      * Update for Microsoft PowerPoint Viewer 2010 (KB2553351)

      I guess that means that one part of Office 2010 is affected, but that the updates weren't security related to start with (i.e. if you had automated only security patches, you should be OK).

      Thanks for the question...I think I'll add those two product names to the article itself for the sake of clarity. [Update done at 2013-09-15T07:39Z.]

  7. andrewloughran · 313 days ago

    According to my "update history" :-
    Security Update for Microsoft Office 2007 suites (KB2760588) was installed on five separate occasions over the course of 2 days.

  8. Steve · 312 days ago

    Browsing forums elsewhere I have found other people experiencing the same issue as I, but that is not listed here. Namely that KB2817630 for Office 2013 seems to result in the folder list pane of Outlook 2013 displaying blank. When you click on it, the pane will minimize to the right with just shortcut buttons for inbox / calendar that will work. Clicking on the arrows at the top to reveal the pane again will give you a momentary glimpse of your folder list, but result in a blank pane again in the end. The only solution I have found is to remove, not one, but three updates that show up under installed updates when searching for KB2817630. However, I don't see this kb addresses in your list of reissued updates above. Luckily, I had only rolled it out to a handful of people in a test group.

    • Sootie · 311 days ago

      Yep I found exactly the same thing, again luckily I also use a test group before rolling it out to the masses or it could have been very messy

  9. TheGift73 · 311 days ago

    Yeh, had the same issue. These were the 3 KB's that would constantly fail to register correctly:

    KB2760411
    KB2760588
    KB2760583

    All fine now though.

  10. Nigel · 311 days ago

    "[Update done at 2013-09-15T07:39Z.]"

    Thanks for using a rational date standard (ISO 8601).

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog