Microsoft is once again facing user backlash over a failed patch update cycle.
The first Tuesday of every month is known as Patch Tuesday at Microsoft, and this past Tuesday (Sept. 10), Microsoft issued 13 security bulletins fixing 47 different security issues. One of those security bulletins (MS13-068) included a fix for Microsoft Outlook, but that’s not where users have been having trouble.
In addition to the security bulletins, Microsoft included a non-security update for Outlook 2013, known as KB2817630, that provides a number of bug and stability fixes. That update led to multiple reports on Microsoft forums that the Folder pane, which enables users to see different email folders, was showing up as empty.
“We have investigated reports of some difficulties with a recent Outlook 2013 update and we have helped resolve the issue by removing a non-security update that was recently shipped via Microsoft Update,” Microsoft said in a statement sent to eWEEK. “We continue to encourage all customers to test and deploy the security updates released in the September Security Bulletin Release.”
In a blog post on the Microsoft technet site, Microsoft notes that it removed the KB2817630 patch within three hours of it being released.
“If you haven’t already downloaded or installed the patch, you will not have these problems or be offered the problematic patch,” Microsoft stated.
If you have in fact already downloaded the update, Microsoft’s technet blog post provides details on how to reverse the patch.
This isn’t the first time that a Microsoft Patch Tuesday update has left users in the lurch. In fact, just last month for the August Patch update, Microsoft had to pull an Exchange patch because it was causing errors for users. In July, Microsoft users also had to deal with issues related to a Patch Tuesday update.
All of this should give users and enterprise administrators significant pause for concern. It’s generally speaking a good idea to update quickly with new security patches as a way to minimize the risk window and the amount of time machines are potentially vulnerable.
That said, given Microsoft’s recent track record, there is also clearly a risk to being among the first to deploy a patch. I know Microsoft does its best to make sure patches are solid, but the facts are what they are. Given that Microsoft was able to adjust and remove the September Patch Tuesday issue inside of three hours, should that now be the yardstick and amount of time we should set our update cycles against? That is, should enterprise administrators aim to patch systems three hours after an official Microsoft patch update?
I’m not sure, but I do know that it’s a policy that a whole lot of unhappy Outlook admins are going to be asking after this week’s troubles.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.