Patch expert wants Ballmer to get to the bottom of buggy Windows, Office updates
Susan Bradley calls string of flawed patches 'unacceptable;' Microsoft manager argues Office updates are 'very high' quality
Computerworld - A Microsoft MVP -- Most Valued Professional -- and Windows expert has sent company CEO Steve Ballmer a letter asking him to look into the worrisome trend of sub-standard patches that crippled computers, forced IT personnel to scramble to undo snafus and damaged Microsoft's hard-earned reputation.
Susan Bradley, one of the moderators of the Patchmanagement.org email list -- called a "listserv" -- who also frequently offers free advice on Microsoft's support forums and writes a weekly column on patching for the "Windows Secrets" newsletter, posted her Ballmer letter to the list last Wednesday.
"On behalf of everyone in this community, may I respectfully request that you assign someone in a management position to investigate what is going on with quality control with patch testing lately?" Bradley asked Ballmer.
"This month in particular leaves me deeply disturbed that issues that should have been found before these updates were released are being found by us -- your customers -- after they are released and we are having to deal with the aftermath," Bradley continued. "Bottom line, sir, this is unacceptable to all of us in the patching community, and quite frankly, it should be just as unacceptable to you."
Bradley cited issues with many of the Sept. 10 updates, including one that emptied the Outlook 2013 folder pane and four others that repeatedly demanded customers install them even after they had been deployed.
Microsoft's patch problem goes further back: In August, the Redmond, Wash. company yanked an Exchange security update, admitting it had not properly tested the patches. And in April, Microsoft urged Windows 7 users to uninstall an update that crippled PCs with the infamous "Blue Screen of Death;" it re-released the update two weeks later.
While Bradley hasn't received a reply from Ballmer, she gave a tip of the hat to one of the two Microsoft managers who weighed in on the mailing list.
"The fact that Gray Knowlton from the Office team joined the Patchmanagement.org listserv is a huge start in the right direction towards better communications," Bradley said in an email reply to questions today. "Kudos to Gray for that."
Knowlton, a principal group program manager for Office, gave Microsoft's most detailed account yet for the September screw-ups in a Friday message to the listserv.
"Both of these errors are anomalies in our release operation," said Knowlton. "The XML config[uration] entries had to be hand-authored due to some product code changes. We rarely do this; they are typically machine-generated. In [the blank folder pane in Outlook 2013], a late change to the list of things we intended to ship resulted in a specific configuration not executing as expected."
- Fight Malware, Malfeasance and Malingering Every year brings more extreme sets of threats than the last. The good news is that there are a range of mitigation options....
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Advanced Threat Defense: A Comprehensive Approach In this interview, Peter George, president, General Dynamics Fidelis Cybersecurity Solutions, explains why we need more than anti-malware, and what constitutes a comprehensive...
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope... All Malware and Vulnerabilities White Papers | Webcasts