The case of the missing Microsoft security update

Graham Cluley

Missing patchAs pre-announced last week in Microsoft’s advance notification, there were supposed to be 14 security bulletins released in this month’s swathe of “Patch Tuesday” updates.

However, it seems only 13 made the grade, leaving many system administrators scratching their head as to whether they’re missing something.

MS13-067 through to MS13-079 were released, combatting a range of vulnerabilities ranked variously as “Critical”, “Important”, “High”, Medium” and “Low”, and dealing with software as diverse as Sharepoint, Outlook, Internet Explorer, Windows, Office, and FrontPage amongst others.

It seems that the missing bulletin failed to adequately pass testing, and has held back until it’s ready for future release.

That seems to me like a sensible move by Microsoft. After all, it were to issue buggy security updates (such as those that happened last month) they might cause more trouble for users than the problem they are trying to fix.

And, after all, Microsoft claims that the vulnerabilities dealt with by the missing security update are not being exploited by hackers at this time:

We are committed to delivering high-quality security updates for our customers and extensively test each bulletin prior to release. During some additional testing after advance notification, we determined one of the updates was not quite ready. We have not detected any attacks against this issue, or any of the others addressed today, and we’ll continue to work on the bulletin and release it once it is ready, through our regular bulletin release process.

My advice? Go and grab yourself Microsoft’s latest Patch Tuesday updates, and cross your fingers that they are able to iron out the remaining problems in the missing update as soon as possible.

Oh, and while you’re at it, make sure that you are also aware of the critical patches that Adobe released on Tuesday – protecting against flaws in Adobe Reader and Flash.

PS. Meanwhile I read that a non-security update for Outlook 2013 is causing problems for some users today.

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

One Reply to “The case of the missing Microsoft security update”

  1. Microsoft needs to test windows patch intensively. Office 2007 patches trapped in installation loop ( http://answers.microsoft.com/en-us/windows/forum/windows_7-windows_update/updates-trying-to-install-over-and-over-again/2a624908-f4b1-46d8-87ed-caa09674ff4f )

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Never miss a thing. Sign up for the free GCHQ newsletter from Graham Cluley.
GET UPDATES