This month’s Patch Tuesday updates have been in the news for not quite the right reasons. A number of patches that were delivered in this cycle are causing issues for Windows 7 and Windows Server users.
One of the botched patches was MS13-066. According to the notification Microsoft published, this particular bulletin was aimed at Windows Server 2003, 2008, and 2012 systems, and was specifically designed to address a vulnerability that affected the Active Directory Federation Services
The flaw could allow cybercriminals to launch a denial-of-service attack on unpatched systems.
News of the faulty update soon surfaced after system administrators deployed the patch, and Microsoft was quick to pull it off while promising to look into the matter.
And now the company has relaunched the MS13-066 Windows Server patch after fixing some of the glitches that were reported, and caused some servers to stop working. The update and is currently being delivered to computers across the globe through the built-in Windows Update feature.
Microsoft has also published an updated notification on this revised update:
“Microsoft rereleased this bulletin to announce the reoffering of the 2843638 update for Active Directory Federation Services 2.0 on Windows Server 2008 and Windows Server 2008 R2.
The rereleased update addresses an issue in the original offerings that caused AD FS to stop working if the previously released RU3 rollup QFE (update 2790338) had not been installed; the rerelease removes this requirement.
Furthermore, in creating this rerelease, Microsoft has consolidated the fixes contained in the two original updates (2843638 and 2843639) into a single 2843638 update. Customers who already installed the original updates will be reoffered the 2843638 update and are encouraged to apply it at the earliest opportunity.
Note that when the installation is complete, customers will see only the 2843638 update in the list of installed updates.”
This, obviously, is not the only botched update that Microsoft released on Patch Tuesday.
Security bulletin KB2859537 is also causing trouble to many Windows 7 users, and there have been several reports of unexpected BSODs after deploying the fix. The company has acknowledged the issues, and is looking into it as of this writing. Expect a remedy soon.