The new, fixed patch has the same KB number as the old, bad patch that crashed Outlook and busted network logon
As best I can tell, around 1:30 a.m. Redmond time on Thursday, Nov. 12, Microsoft re-released KB 3097877 — the horribly messed-up security patch I talked about yesterday that freezes Outlook, blocks network logons, crashes the Asus DX Xonar driver, and kills Win7 sidebar gadgets and SolidWorks, among others.
The patch is part of security bulletin MS15-115, a “critical update,” in Microsoft’s lexicon, designed to prevent remote code execution triggered by malicious fonts. Yes, fonts.
[ Everything you need to know about Windows 10, in a handy PDF. Download it today! | For the latest changes and updates, see “Where Windows 10 stands right now.” | Stay up on key Microsoft technologies with the Windows newsletter. ]
The KB article was updated at 1:42 a.m. Redmond time to say:
This security update was rereleased on November 11, 2015 for Windows 7 and Windows Server 2008 R2 to resolve an issue where crashes occurred in all supported versions of Microsoft Outlook when users were reading certain emails.
I’ve seen no other official description of the problem or its solution. The master list of Windows updates doesn’t list a re-release. Several TechNet threads mention a second version of KB 3097877, but I haven’t seen any official confirmation or description. It’s mushroom patch management time.
It looks like the patch was only re-released for Windows 7, not for any of the other Windows versions. I had anecdotal evidence on AskWoody.com that the patch had been pulled for Windows 7 on the night of Nov. 11, at least for a short time.
That means it took Microsoft 30 hours or more to pull the bad KB 3097877 and 36 hours to get a new version posted. That’s the kind of timescale we were accustomed to earlier this year. Considering that the failure seems to affect all versions of Windows 7 running all versions of Outlook, it’s hard to understand why the problem wasn’t caught in testing — and why it took so long to make it right.
It’s also not clear why Microsoft re-released the patch with the same KB number as the bad patch. That’s going to make life difficult for some admins. For those who hang their tails out in the breeze and turn on Windows Automatic Update, though, it means that a run through Windows Update will solve the old problems, and you’re not likely to notice that anything’s been updated.
If you can get to Windows Update.
If the new version really solves all the problems.