Have you ever watched a cricket match on TV? (North American readers: imagine a game of baseball with more swashbuckle and proper trousers.)
If so, you’ll know there’s always a bit where one of the commentators says something like, “Swaandijve has been by far the most reliable outfielder in the Dutch team [*] over the last two seasons.”
You know instinctively what’s about to happen.
As soon as the words are out of the expert’s mouth, the hapless Mr Swaandijve drops a catch that even you or I could have taken with our eyes closed.
Well, I’ve just taken my own Swaandijve.
Last weekend, I made a joke about Friday the Thirteenth no longer implying anything in computer security circles except that it was a week with a Patch Tuesday in it.
And what happened?
Friday the Thirteenth turned into Patch Horror Day for Microsoft, as Redmond release engineers waited, no doubt with bated breath, to see if they had solved the problems that required eight out of 13 security patches to be reissued.
Last month, of course, Microsoft turned out a couple of patches that didn’t work properly; this month, patching worked far too keenly for some users.
Soon after we’d written up our Tuesday recommendations, concluding with our usual imprecation to “patch early, patch often” (this time, in fact, we said, “Best get patching right away, then!”), we began to see worried comments appearing on Naked Security.
The updates started OK, but then wouldn’t stop, coming “over and over,” or even “over and over and over,” as one reader put it.
We’re assuming that that Microsoft has sorted it all out now, with the updates to the updates correctly breaking out of the continuous update cycle.
(We haven’t heard of any complaints about the patches to the patches; please tell us your experiences in the comments.)
The reissued security updates are:
Two non-security updates for PowerPoint were affected, too, listed as KB2553145 (PowerPoint 2010), and KB2553351 (PowerPoint Viewer 2010).
→ For some corporate customers, the problem apparently also showed up in inverse form, with updates failing to appear on their update servers at all. The “missing patches” issue was fixed at the same time as the “far too many patches”, though it may have been a blessing in disguise. If the faulty patches had turned up, they might well have clogged up the network with updates happening over and over again.
In Microsoft’s own words:
We have investigated the issue, established the cause, and we have released new updates that will cease the unnecessary re-targeting of the updates or the correct offering of these updates.
That’s a textbook example of both orotundity and anacoluthon, but I think I have wrestled it into English:
Microsoft now knows what went wrong. It has issued new patches that will show up correctly on your update servers, and will install just once to each computer.
Best get patching right away, then!
[*] Yes, the Dutch play cricket seriously, to a high standard.