Skip to content
Naked Security Naked Security

Microsoft patches Patch Tuesday’s Outlook 2010 problem patch

Just weeks after issuing a Windows 10 patch of doom that started deleting users’ precious files, Microsoft ‘fixed’ Outlook 2010 with a November Patch Tuesday update that promptly borked it.

Just what is going on over in Redmond? Just weeks after issuing a Windows 10 patch of doom that started deleting users’ precious files, Microsoft ‘fixed’ Outlook 2010 with a November Patch Tuesday update that promptly borked it.
On 13 November, Microsoft released a security update, KB4461529, which fixed four security vulnerabilities. These flaws could allow remote code execution if a user opened a specially crafted Office file, it said. KB4461529 solved this problem for the .msi 64-bit version of Outlook 2010 in the worst way by simply having the program not run at all. It crashed Outlook at startup.
Microsoft advised users not to uninstall the patch. Instead, it suggested they use Outlook Web Access until the problem was resolved. In the meantime, it wrote a second patch which it sent scurrying after the first on 21 November. KB4461585 will fix the crashing problem, it said.
This wasn’t the first Outlook 2010 patch problem for Microsoft users this month. On 6 November it released updates KB2863821 and KB4461522, which fixed the program’s Japanese calendar to support new ‘eras’. These patches also caused Access to crash on startup in some cases, it warned. It removed them.
The Japanese calendar inherited the idea of eras from China in the eighth century. Eras punctuate an emperor’s reign or some other major event. You only get a new one every few years, which is how many Windows users probably wish Microsoft would schedule its software patches right about now.
Microsoft has bungled Office-related patches before. One patch last year caused text to disappear from tables in Word causing users to panic and hassle admins. It followed another patch the previous month that caused a similar problem. Microsoft eventually fixed it in October with yet another patch.
These problems follow a worrying October for Microsoft users, some of whom watched files and settings disappear before their eyes after installing Windows 10 update 1809. Microsoft was forced to pause the update while it fixed things.


Concerns over the quality of Microsoft’s patches surfaced earlier this year when Microsoft Most Valuable Professional Susan Bradley wrote an open letter to the company about the problem.
While Microsoft may seem a bit quick off the mark when issuing some patches, it’s been reluctant to ship others. In May we wrote that it refused to patch a Windows-crashing bug after a security researcher reported it, on the grounds that the exploit needed a USB key and so didn’t meet its standards.
Perhaps the biggest problem here is one of trust. Microsoft wants people to install patches promptly – especially security ones – because it helps to prevent malware infections. Bitter experience with the likes of Conficker and WannaCry has taught Redmond that simply making patches available isn’t enough though, so it likes to install Windows 10 updates by default where it can. But the more patches that it messes up, the more likely users are to push back.
Enterprise users can stop patches by changing settings in the Windows Update Server. Windows 10 Pro and Enterprise users can pause patches. Windows 10 Home users don’t have any choice at all when it comes to installing Windows updates, the company says.
The company doesn’t force Office patches, instead giving users the option to turn on automatic updates. However, the more Microsoft fumbles the ball, the more users may start turning patches off where they can. That would be bad for the security ecosystem in general.
It’s a puzzling issue for a company that is supposed to excel at producing quality software. DevOps and continuous integration practices like automated testing and gating were meant to make software quality problems like these go away. So why are they still happening with such apparent regularity in Redmond?

13 Comments

Is Microsoft only testing these patches on VM’s or something similar? Are there to many variables to test this day and age? I am genuinely curious and not at all hating on Microsoft.

I think wichardhartes nailed this answer. MS fired way too many QA people and pushed the work out to us. Thanks MS.

It’s not puzzling since they fired most of the testers and get the public to test their software instead., We are all the testers for Microsoft software now.

yeah. funny… I don’t recall forgetting to set up my direct deposit, but it’s been awhile since I’ve seen a paycheck.

We used to say “Ready, Fire, Aim.” Now it’s “Ready, Ship, Test.” :-(

This is true, not sure what the difference is between targeted release or Standard if they don’t fix the updates between the 2

In the motor trade it’s called doing your quality control on the customers’ driveway. I’m a home user with 4 machines used for different purposes, three of which Microsoft has caused me to spend many hours and expletives recovering. I’d hate to be a sysadmin because the punters would think it was all my fault.

Interesting. I am now battling with Win10 blocking graphic drivers software AFTER Office and Windows updates Saturday after Thanksgiving.

This isn’t news, but I’m glad it’s spreading awareness. This has been the state of Enterprise Windows and Office patching for almost 2 years now. It’s the norm. I discovered the gem [‘Ask Woody’ URL removed] because I couldn’t keep up with the shitty patches I was having to delay, decline, or skip.

“Microsoft advised users not to uninstall the patch. Instead, it suggested they use Outlook Web Access until the problem was resolved.”
Microsoft, along with the other biggies, wants users to stop using local storage and move everything to their cloud. Maybe this is one way they are conditioning people to move to subscription based services that require users giving hosting companies unlimited access to all their data and files.

Why? You’ve forgotten that MS gutted its QA headcount and said that the “users will do QA”?

Are you kidding me? This tech industry has been using the consumer for QC since the beginning. If the product was an appliance or vehicle there would be recalls on every POS app that has been sold.

Comments are closed.

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?