Patch expert wants Ballmer to get to the bottom of buggy Windows, Office updates
Knowlton argued that the quality level for Office updates is "very high" considering the volume of updates issued and the number of customers who apply them. He also promised that the quality of patches would improve -- a message Microsoft has used before -- saying, "We are as concerned as any of our customers about these issues and we will come back in October better than we were before September."
Another Microsoft manager, however, sounded peeved that Bradley had emailed the CEO.
"We are following up with the people who published those updates. And no, it's not because Mr. Ballmer intervened," wrote Ben Herila, who identified himself as the program manager for WSUS (Windows Server Update Services), the widely used enterprise patch management service Microsoft runs. "Rather, it's because Susan so kindly let us (the WSUS product team) know about her problem."
Dustin Childs, a group manager of Microsoft's Trustworthy Computing group, also alluded to doing something -- he did not specify what -- to put a stop to the mistakes. "The quality of security updates is critical to our customers, and it is a high priority for us, too," Childs said. "We are actively looking at where improvements can be made with the goal of reducing implementation issues, and we will remain transparent with our customers about security threats, protections and update issue resolution."
It may take a lot more than words to calm the roiled waters.
"Not only are the end users suffering by these bad patches, the IT administrators are suffering even more because they have to hear all of the complaints from the end users and they have to spend time troubleshooting the issues and get things fixed," wrote John Hallis on the same mailing list thread. "You would think a company that has received billions of dollars from us would actually listen to what we are telling them about patching issues and get right on it."
And Bradley saw the problem as endemic at Microsoft.
"I think that releasing 80 non-security updates on an already busy patch month is releasing way too much code at one time," she said via in an email to Computerworld today. "You are going to get stuff missed."
Like other patch and security professionals, she cited the advantage baked into the cloud when compared to on-premise software. "Cloud gets a build to build deployment and thus when Exchange 2013 got its first security update, their cloud servers were fine, [but] on-premise servers barfed," she said, referring to the August update gaffe involving Exchange.
But she also blamed overstretch for the slide in quality.
"My rant wasn't just about the quality of security updates -- but the quality of patching as a whole," Bradley said. "Documentation is lacking, quality of updates -- especially in certain categories of updates -- is clearly lacking.
"I'm not paranoid enough to believe that this is Microsoft's way to showcase how it will be better in the cloud where they patch and deal with these issues. I'm not naive enough to believe that even once we all are in the cloud that we will suffer no patching issues.
"I feel that they are just managing a lot of different kinds of problems and patching [and] along with the faster cadence, there are just a lot more moving parts to keep track of these days ... and things are slipping through the cracks."
Microsoft's next regularly-scheduled security updates are to ship Oct. 8.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is email@example.com.
Read more about Malware and Vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The Threat Landscape Hardly a day goes by without the discovery of a new cyberthreat somewhere in the world! But how do you keep up with...
- Security for Virtualization In the rush to implement virtualization, security has become second. So while the business benefits are clear, the risks are less well documented...
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Malware and Vulnerabilities White Papers | Webcasts