Last week’s flawed Microsoft Corp. security patches for Windows and Office have caused some concern among security experts on the quality of security updates from the software company.
Microsoft acknowledged last Friday that it had rewritten four of its security updates issued just three days earlier after some customers reported receiving “never-ending” demands that the updates be installed even if they have already been uploaded.
This episode closely followed Microsoft’s yanking of a non-security update last week and the issuing of flawed patches in August and April which blocked access to server-based mailboxes and slowed down Windows 7 PCs.
At least one Windows expert has written an open letter to Microsoft CEO Steve Ballmer, calling on the outgoing executive to investigate the troubling trend of sub-standard patches.
“One behalf of everyone in this community, may I respectfully request that you assign someone in a management position to investigate what is going on with quality control with patch testing lately?” wrote Susan Bradley, a security and small business server Microsoft Most Value Professional (MVP).
She is one of the moderators of the Patchmanagement.org email list. Bradley frequently offers free advice on Microsoft support forums and writes a weekly column for the Windows Secrets newsletter.
She said the release this month left her “deeply disturbed” because the issues should have been found out before the patches were released.
Andrew Storms, director at cloud-based security firm CloudPassage said the flawed patches were “worrisome” and wondered of Microsoft was going back to the days when it was called PITA (pain the ass).
Microsoft said four of last Tuesday’s 13 security updates as flawed, including one for SharePoint Server, one that affected Office 2007 and Office 2010, another that impacted Office 2013, and a fourth that patched Excel 2003 and Excel 2007.
Microsoft said it had fixed the four updates that were causing customers grief and that it is investigating the issue.