It was one more time for Microsoft as the software giant needed to reissue four security bulletins after its Patch Tuesday performance.
Microsoft said the new patches were available last Thursday on its blog, just two days after it released its scheduled Patch Tuesday update for products containing bugs.
New patches were available for four security bulletins: MS13-067, MS13-072, MS13-073 and MS13-074, which addressed bugs in series of Microsoft Office products, including Excel and SharePoint Server. Non-security updates also ended up re-released for Microsoft PowerPoint 2010, KB2553145 and PowerPoint Viewer 2010, KB2553351.
Customers complained about updates attempting to reinstall numerous times on their machines, the company said. In other instances, patches weren’t available to customers.
“Since the shipment of the September 2013 security bulletin release, we have received reports of updates being offered for installation multiple times, or certain cases where updates were not offered via Windows Server Update Services (WSUS) or System Center Configuration Manager (SCCM),” the blog post said. “We have investigated the issue, established the cause, and we have released new updates that will cease the unnecessary re-targeting of the updates or the correct offering of these updates.”
In a blog posted on Monday, security researcher Graham Cluley wrote the reoccurring problems with Patch Tuesday releases was highly concerning given the number of users that rely on the fixes.
In last month’s patch release, Microsoft pulled a patch that addresses three vulnerabilities in Exchange Server. In that incident, the Patch Tuesday fix ended up scrapped after Microsoft became aware that installing it caused problems.
“Following so soon after last month’s buggy security update, one has to wonder what’s going wrong at Microsoft Quality Control,” Cluley said. “The company can’t afford to keep messing up like this. The risk is that millions of users around the world will begin to question Microsoft’s ability to properly patch security vulnerabilities, and lose trust in the firm.”
Microsoft did catch one bug in its Patch Tuesday update before dispatching the release. The company had originally planned to release 14 fixes, but only shipped 13 last week, leaving out one patch that would have addressed an issue in its .Net software framework, which could allow denial-of-service.