Microsoft today announced the recall of a security patch for Exchange Server published on Tuesday that was originally slated for release in the November edition of its monthly Patch Tuesday releases.
This is the second straight month that Microsoft has had to pull a security bulletin after publication on patch Tuesday. It’s impossible to say whether or not broken patch releases have anything to do with the break-up of the Trustworthy Computing Group in September, but two of three patch releases have been subject to recall since. To be fair, Microsoft botched a patch Tuesday fix in August, a month before announcing the breakup of TWC. The October and September patches went off without a hitch.
Adding to this comedy of errors is the reality that this particular Exchange fix was originally slated for release in November, but had to be pushed back to the December release for reasons that were never officially explained. The fix was announced in the November advanced notification and then never showed up with the official bulletins.
It’s just one part of a broader Exchange bulletin that Microsoft is recalling: the Exchange Server 2010 SP3 Update Rollup 8, which was rated important and fixed a privilege escalation problem. Similar fixes for Microsoft Exchange Server 2007 service pack 3, 2013 service pack 1 and 2013 cumulative update 6 remain accessible.
“The update has been recalled and is no longer available on the download center pending a new RU8 release,” Microsoft wrote on The Exchange Team Blog. “Customers should not proceed with deployments of this update until the new RU8 version is made available. Customers who have already started deployment of RU8 should rollback this update.”
Microsoft explained that the issue in the update affect Outlook’s ability to connect to Exchange. They are promising to release a revised version of the patch as soon as they can isolate the problem and correct it. Microsoft says it will post any further announcements on its Exchange Blog.