Microsoft updates display 'worrisome' decline in quality
Never-ending demands to install quartet of Office security updates is the latest in a series of missteps
Computerworld - Microsoft on Friday acknowledged it had rewritten four of its security updates issued just three days earlier after customers reported never-ending demands that they be installed, even though they had been.
The flawed updates were just the latest in a disturbing trend of quality problems in Microsoft's security and stability updates. The repeated installation requests followed Microsoft's yanking of a non-security update last week, as well as buggy fixes shipped in August and April that blocked access to server-based email mailboxes and crippled Windows 7 PCs.
"Worrisome," is how Andrew Storms, director of DevOps at San Francisco-based cloud-oriented security vendor CloudPassage, put it when asked about the trend in an interview conducted via instant messaging Friday. "Are we starting to see a shift back to when people called Microsoft the necessary PITA [pain in the ass]?"
According to Microsoft, it's already fixed the four updates that were dunning customers with installment demands. "We have received reports of updates being offered for installation multiple times, or certain cases where updates were not offered via Windows Server Update Services (WSUS) or System Center Configuration Manager (SCCM)," the company said on an Office engineering blog. "We have investigated the issue, established the cause, and we have released new updates that will cease the unnecessary re-targeting of the updates or the correct offering of these updates."
Microsoft identified four of last Tuesday's 13 security updates as flawed, including one for SharePoint Server, one that affected Office 2007 and Office 2010, another that impacted Office 2013, and a fourth that patched Excel 2003 and Excel 2007.
A non-security update for PowerPoint 2010 also exhibited the same behavior.
Almost immediately after Microsoft issued September's slate of security updates, customers reported the recurring install snafu on the company's support forums.
Some were caustic about their experiences dealing with the endless loop, and their time on the telephone with Microsoft support representatives. "I've spent more than 3 hours chatting with MS Answer desk with people who were unable to comprehend this simple issue," wrote "choisington" on Sept. 10, the day Microsoft delivered the updates.
"I am so fed up with Microsoft, their ability to totally take over a machine's ability to function," ranted "Ffaith" on Thursday.
The frustration was understandable: Also last week, an Office 2013 stability and performance update blanked the folder pane in Outlook 2013, the suite's email client. After fielding scores of complaints from customers, Microsoft acknowledged the update was flawed, yanked the original, began working on a corrected re-release, and urged users to uninstall the update.
September's update blunders were the latest in a series of embarrassments for Microsoft. In August, the Redmond, Wash. company yanked an Exchange security update, admitting it had not properly tested the patches. In April, Microsoft urged Windows 7 users to uninstall an update that crippled PCs with the infamous "Blue Screen of Death"; it re-released the update two weeks later.
Other security professionals weighed in on Microsoft's inability to produce top-quality updates. Paul Ducklin, the head of technology for Sophos' Asia-Pacific region, dubbed Sept. 13 "Patch Horror Day" in a post to his company's blog.
"Microsoft is killing their record," said CloudPassage's Storms, referring to the company's hard-won reputation for issuing flawless updates. "Their record had been so good that people were starting to relax on their own internal testing."
Storms, joined by some of those who reported the over-and-over installation demands by the four Office updates, wondered whether Microsoft's focus on the cloud, and the subscription model for Office 365, was to blame for the lack of attention to detail on the traditional "perpetual" license versions of the suite.
"I think they recognize that's where the market demand is moving," said Storms of Office 365 and its continuous, behind-the-scenes updating. "But at what cost?"
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is firstname.lastname@example.org.
Read more about Malware and Vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The Threat Landscape Hardly a day goes by without the discovery of a new cyberthreat somewhere in the world! But how do you keep up with...
- Security for Virtualization In the rush to implement virtualization, security has become second. So while the business benefits are clear, the risks are less well documented...
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Malware and Vulnerabilities White Papers | Webcasts