J003-Content-PatchIssues_SQOops – they did it again: Some of the updates that were issued earlier this week in Microsoft’s Patch Tuesday batch are causing problems for some users. The troubles are coming primarily not from the 11 security updates that came out this month, but from some of the non-security patches that were released at the same time.

The biggest problems seem to be occurring in relation to patches for Microsoft Office, and that’s not a surprise. A disproportionate percentage of the patches in the past year that have caused grief (and in some cases, had to be rolled back) were updates for Office or one of its components. There were 42 non-security patches released for Office this time, along with the fixes for 13 security vulnerabilities in Office programs that are contained in MS15-033 and MS15-036.

This time we’re hearing multiple reports of various undesirable behaviors that follow the installation of two April 14 non-security patches, one for Outlook 2010 and one for Outlook 2013.  The patches in question are KB2965295 and KB2965270.  These were designed to correct some functional problems and improve administrative effectiveness. The problems are happening with Outlook installed on both Windows 7 and Windows 8.1. After the installation, the calendar fails to sync or shows only free/busy information. KB2965295 has also been reported to cause Outlook to stop responding during synchronization with Office 365 Exchange.

One of the updates that is creating difficulties is a re-release of a previously released patch. Microsoft had a couple of those “rerun” patches this time.  The first of these, KB3013769, originally came out last December. It’s an update rollup for Windows 8.1, RT 8.1 and Server 2012 R2 that was intended to increase reliability and performance and fix a whole slew of issues ranging from problems toggling the CAPS LOCK key to service crashes. It’s available again as an optional update, but some of those who are installing the current version are wishing they hadn’t after they get the dreaded blue screen.  This reportedly is happening to systems that are running Kaspersky Antivirus.

Apparently even if you already installed this patch on the first go-round, it may still try to install again through Windows Update. The workaround that’s given by Microsoft for this involves uninstalling Kaspersky before you install the patch.

The second “new old” update is KB2990214, which has been released not just once but several times in the past. This one installs code that will allow you to upgrade from Windows 7 Service Pack 1 to Windows 8/8.1.  I’m not hearing about specific problems with this one, but you might want to hold off on letting it install on Windows Server 2008 R2. According to the KB article, it is offered for the server OS but doesn’t support upgrading to a later version when installed on it, so what’s the point? I would probably err on the side of caution and not install something that either doesn’t do what it’s designed to do or enables something that’s not supported.

Other problems that we’re hearing about include one whereby the April updates won’t sync on a WSUS server.  More than one IT pro running WSUS on Server 2012 R2 tried multiple times to synchronize and the WSUS server didn’t pick up any of the updates. This isn’t happening to everybody, though. Some others are running WSUS on Server 2012 R2 and were able to get the April updates without any problems. The solution appears to be the following set of steps:

  1. Disable syncing security updates.
  2. Sync the WSUS or SCCM environment.
  3. Enable syncing security updates.
  4. Sync the WSUS or SCCM environment again.

Most of these problems surfaced within the first couple of days after this month’s patch releases. It’s early yet; many organizations don’t apply patches immediately (precisely because of so many issues such as these) so we might be facing more problems with these patches in the days ahead.  Stay tuned and we’ll keep you updated.

Get your free 30-day GFI LanGuard trial

Get immediate results. Identify where you’re vulnerable with your first scan on your first day of a 30-day trial. Take the necessary steps to fix all issues.