X

Microsoft struggles with patch

Company faces distribution glitches in issuing "critical" fixes for Windows, Office, among other updates.

Ina Fried Former Staff writer, CNET News
During her years at CNET News, Ina Fried changed beats several times, changed genders once, and covered both of the Pirates of Silicon Valley.
See full bio
Ina Fried
2 min read
Microsoft on Tuesday released a slew of patches for Windows and Office, but a glitch prevented the company from pushing the updates out automatically.

The patches, which include critical fixes for both Office and Windows, can be manually downloaded from Microsoft's Web site. Early on Tuesday, the fixes were not available via Microsoft's more automated tools, and Microsoft said its technical teams were "working around the clock" to solve the updating problems.

"Due to technical difficulties experienced on the Microsoft Update platform, security updates released today are not currently available via Microsoft Update, Automatic Updates, Windows Server Update Services or Windows Update v6," the software maker said.

The issue was resolved by late afternoon Tuesday and the patches were sent out via the automatic updating service, Microsoft said.

The company had said last week to expect 11 patches. However, a representative for the software maker said on Tuesday that a planned critical Windows patch "did not meet the quality bar" and so was not issued.

Tuesday's 10 security bulletins, which include six critical fixes for both Office and Windows, are designed to fix more than two dozen flaws in Microsoft's software--the largest bunch so far this year, said one security company.

"Although there are only 10 patches, they address 26 vulnerabilities, and it's the largest release for Microsoft this year," said Jonathan Bitle, manager of technical accounts at Qualys. "This could be overwhelming for IT managers because they'll have to navigate what to patch and which to patch first."

The second-largest release was in August, when Microsoft's 12 patches put right 23 flaws. A CNET Reviews rundown of the October bulletins can be found here.

Antivirus company Symantec said the updates include patches for Office flaws for which exploit code already exists, including an Excel vulnerability that surfaced in July and a Word exploit that emerged last month.

"The quantity of Microsoft Office vulnerabilities this month illustrates this emerging attacker focus, and users should consider the installation of these patches to be a critical component of a smart security strategy," Symantec Security Response director Oliver Friedrichs said in a statement.

IT administrators may want to work particularly quickly in deploying three of the patches--MS06-057, MS06-058 and MS06-060-Qualys' Bitle said.

Microsoft also noted that it expects to release Windows Internet Explorer 7 later this month, with the browser update scheduled to be delivered shortly thereafter via Windows Update and Automatic Update. The company said it is providing a blocker tool that will allow businesses to prevent their computers from receiving the new browser. Businesses that don't want IE7 should have the blocking tool in place by November 1, Microsoft said.