Pause Patch Tuesday downloads, buggy code can kill Outlook MS15-115 is one to miss The El Reg inbox has been flooded with reports of a serious cock-up by Microsoft's patching squad, with one of Tuesday's fixes causing killer problems for Outlook. "We are looking into reports from some customers who are experiencing difficulties with Outlook after installing Windows KB 3097877. An immediate review is under way," a Microsoft spokesperson told us. The problem is with software in one of the four critical patches issued in yesterday's Patch Tuesday bundle – MS15-115. This was supposed to fix a flaw in the way Windows handles fonts, but has had some unexpected side effects for some Outlook users. "Today I've deployed latest Outlook patch to all of my clients, and now Outlook is crashing every 10 minutes and then restarting itself. I tried on fresh Win10, no AV with latest patches applied and here we go, Outlook crashing there too," complained one TechNet user. "Come on guys, do you EVER do proper QA before releasing anything Office 2013 related? This is the worst version of Outlook ever. Sorry for negative attitude but this is how things are." The break point appears to come not when an email that contains certain fonts is opened, but when it's scrolled through. Outlook 2010 and 2007 seem affected, but the issue is reportedly fixed when the patch is uninstalled. The SysAdmin sector of Reddit is awash with reports of problems with the patch, and it appears to be a cross-OS problem. The general consensus is to disable the patch on Windows Server Update Services and wait for a reissue. But millions of consumer users could be in for a nasty shock when Windows prompts them to download yesterday's patches. Anyone relying on Outlook for their email is in for a nasty surprise. http://www.theregister.co.uk/2015/11/11/patch_tuesday_downloads_buggy_ms_patch/
Microsoft lays down another massive patch Tuesday load MICROSOFT HAS ISSUED ITS latest patch package, offering its users a massive thwack of fixes for a range of issues. Patch Tuesday is a monthly headache for administrators, and a regular effort for the Redmond company. While last month's was huge, this one is slightly smaller but still pretty darn hefty. The recommendation from the security industry is patch now, because some of these things are critical. "Microsoft issued 12 security updates addressing a total of 53 vulnerabilities. Four of them are rated critical and the remaining eight are important, with the impacted software list being long," said Russ Ernst, director product management at HEAT Software. "While last month's patch load made 2015 the biggest patch year in recent memory, this month proves there is no slowing down. 123 total updates, with December yet to go." Ernst picked over some of the more prominent fixes, urging even those companies that run long-in-the-tooth software to get with the game. "Users running old code, specifically Vista, Server 2008 or Win 7, will want to patch MS15-114, the last of the criticals from Microsoft. This is a memory corruption vulnerability in the Windows Journal scripting engine. The best course of pro-action here is to (again and again) remind your users not to open attachments from unknown senders," he said. "The remaining bulletins from Microsoft are all rated important and should be wrapped into your normal patching cycle." Of course, security is not just about Microsoft these days, and Adobe also has some tasks lined up for you people. A Flash Player update from Adobe, APSB15-28, is a critical one and the third in just a month from Adobe. Chris Goettl, product manager with Shavlik, is also ready with advice, and he doesn't recommend that anyone sit on their hands either. He reckons that even those issues that don't look bad now could mature into real problems. "The updates are mostly OS related, but there is an Office update and two other updates that affect Skype for Business. Four of the bulletins are resolving a vulnerability that has been publicly disclosed," he explained. "This means that these four bulletins are a higher risk of exploit. For these, expect that in as few as two to four weeks there could be working code exploits taking advantage of these vulnerabilities." µ http://www.theinquirer.net/inquirer...-lays-down-another-massive-patch-tuesday-load
