Microsoft admits stealthy re-release of patch KB 3038314

We’re now hearing that the notorious, flawed IE rollup was re-released without notification on April 22

Microsoft admits stealthy re-release of patch KB 3038314

April's Black Tuesday included an IE patch rollup MS15-032/KB 3038314 that had two known problems.

First, on some machines, the installer failed with error 80092004. Second, if you got the patch installed, it prevented you from installing alternate search providers in IE. If you started out with Bing as your only search provider (the default), there's no way to add, say, Google, much less make it the default search engine.

Microsoft updated the TechNet listing for MS15-032 with this little notice:

 V2.0 (April 30, 2015): Updated bulletin to inform customers running Internet Explorer on Windows Server 2003 Service Pack 2 that the 3038314 update on the Microsoft Download Center was updated on April 22, 2015. Microsoft recommends that customers who installed the 3038314 update prior to April 22 should reinstall the update to be fully protected from the vulnerabilities discussed in this bulletin.

That came as news to me. I can't find any notification anywhere that the patch was updated more than a week ago. There's certainly no notification on the official Windows Update list KB 894199.

We have yet another stealthy update -- one that went out the automatic update chute without any warning or notification, before or after the event.

But wait. It gets worse.

The KB article, KB 3038314, is now up to version 5. It was last updated on April 29. I can't find any information in the KB article about a reissue of the patch on April 22. More than that, it still doesn't confirm the problem with blocked search providers, and it has the same old admonition about the installer failing:

After you perform a clean installation of Windows 7 or Windows Server 2008 R2, and then you upgrade from Internet Explorer 8 to Internet Explorer 11, you may receive an error message that resembles the following:

Windows Update encountered an unknown error
error code 80092004

After the clean installation, Windows Update continues to offer KB3038314 even though the security update may already be correctly installed.

If you receive this error message, click About Internet Explorer on the Help menu to determine whether the security update was installed. If the Update Versions line shows KB3038314, this indicates that the security update is correctly installed and that the system is not in an unprotected state.

Microsoft is researching this problem and will post more information in this article when the information becomes available.

I don't see any more information about the problem in the KB article.

Now we have an even more complicated situation. If you installed KB 3038314 before April 22 and are running Server 2003 SP2, it looks like you need to reinstall the patch sometime after April 22. But what if you couldn't install KB 3038314? Does the new version of the patch also fix the installation issue? What about the blocked search engine problem? And is the fix only applicable to Server 2003 SP2?

Curiouser and curiouser.

Computerworld's IT Salary Survey 2017 results
Shop Tech Products at Amazon