Microsoft today re-released a security update that was pulled two weeks ago after users packed the company's support discussion forum with reports of crippled computers.
The update, MS14-045, was originally issued on "Patch Tuesday" -- Microsoft prefers the blander "Update Tuesday" -- on Aug. 12. Within 24 hours, customers started posting messages on an eventually-lengthy thread saying that their systems, mostly PCs running the 64-bit version of Windows 7, had been bricked with an error message and ensuing "Blue Screen of Death."
While some of the affected customers were able to regain control of their computers, others could not, stymied even when they tried to boot their machines in Safe Mode.
Three days later, on Aug. 15, Microsoft quietly told customers to uninstall one of two components that made up MS14-045. The company made the recommendation only in an updated version of the MS14-045 advisory; it did not blog or tweet the news for wider distribution.
Over the weekend of Aug. 16-17, Microsoft pulled the buggy patch from its Windows Update service.
In a blog post today by the Microsoft Security Response Center (MSRC), the company recapped the sequence, but did not explain what had gone wrong.
"A small number of customers experienced problems with a few of the updates," the MSRC wrote, referring not only to the MS14-045 issue, but three others, including one that added support for the Russian ruble symbol. "As soon as we became aware of some problems, we began a review and then immediately pulled the problematic updates, making these unavailable to download. We then began working on a plan to rerelease the affected updates."
Last week, someone claiming to be a Microsoft engineer provided more information about the flawed update than has the company in an official capacity. Kurt Phillips acknowledged that the patch had not been tested thoroughly. "We made a fairly invasive change in font handling as part of a security patch and thought we had it tested properly, but there are definitely problems in our test coverage and design process that we need to address," Phillips wrote on the support discussion thread, which as of today contained more than 540 messages and has been viewed nearly 11,000 times.
In the revised MS14-045 bulletin, Microsoft told users to uninstall the original patch if they had not done so already and before installing the fixed version. Microsoft also said that the revamped update would end their boot problems.
"Customers who experienced difficulties restarting their systems after installating (sic) security update 2982791 should no longer experience this problem after installing the replacement update (2993651)," Microsoft said.
To install the repaired update, of course, affected customers must be able to boot their Windows computers, which some cannot.
In an after-the-update-was-reissued twist, one user reported that Windows Update had returned, "An error occurred while checking for new updates for your computer" after trying to fetch the fixed patch.
"Someone on the Microsoft bridge needs to go personally into the engine room and find out what is going on," wrote pacman10 on the discussion thread today. "Or have the engine room staff left? Maybe the engine room broke off the back of the ship last week and has sunk. I don't know."
Susan Bradley, a Microsoft MVP (Most Valued Professional), a volunteer moderator on the Windows Update subsection of Microsoft's support forum, and a noted patch expert who writes for Windows Secrets, said she had seen additional reports about the Windows Update error. "Hang loose," she suggested.