back to article Microsoft quietly slips out patched patch for Outlook – in camouflage

If you held back on installing November's Patch Tuesday updates last week after Microsoft fumbled an Outlook patch, it's apparently safe to go back in the water. Many IT managers and normal folks held off on last week's patching cycle after one Microsoft fix – KB 3097877 – broke several versions of Outlook. The error came in …

  1. ashdav
    FAIL

    Why after all these years....

    Eventual death by a thousand cuts.

    Doesn't any one test this stuff.

    1. elDog

      Re: Why after all these years....

      Try a thousand-million cuts.

      Try to build a testing system that can handle all the variations in base hardware, devices, software add-ons. Try testing all those permutations against all the system software that has been on the x86 (or wherever) since 198x.

      Instead of testing every variation of possible environments (hardware/systems/etc.) it is far better to ensure that the software you are flogging is "correct". That there are no edge cases that can cause it to fail. That there are no external dependencies (HW drivers, memory addresses, timings) that might not work in a 48PB system of the future.

      Very few operating systems are tested at this level. It really requires a level of separation of trusted kernel against stuff that can change from outside (device drivers, privileged graphics processes). We've allowed ourselves to get away from the trusted kernel in the name of expediency and speed. We can get back there.

      1. notowenwilson

        Re: Why after all these years....

        Sooo... Don't ship anything until it is perfect? How long is that going to take? I for one would be happy with an OS that was 99% perfect if it meant I could get a copy of it 10 years before the version that was 100% perfect. There are some situations where it's worth going for the most reliable system available (nuclear weapons, space craft etc) but overall we're going to get a better outcome by moving faster with something that's not perfect and sorting it out as we go.

        If the testing regime is too hard you could always restrict your software to only run on specific hardware that you built, running programs that you approved and bingo! You've got iOS.

        1. Palpy

          Re: Don't ship anything until it is perfect?

          Agree entirely! No OS is going to make "perfect" anyway. Ever. Can't program OS for constantly changing tech without, um, constantly changing OS.

          I for one am happily working with OSes that are less than 99% perfect because I believe they are developing in constructive and intelligent directions.

          Personally, I don't think that's what Microsoft is doing.

        2. Ken Moorhouse Silver badge

          Re: Moving faster

          The problem with moving faster, in this context, is that you explode the quantity of "legacy" code that you are forced to support by exponential amounts.

          Software vendors have to write their software for all versions of currently supported operating system with an awareness of various combinations of updates. Web designers have to write web structures for all versions of currently supported web browsers.

          That is one hell of a commitment.

          ...and then some. Slightly off-topic, but with the current (and future) "attack landscapes" of production code that is out there in the wild, you can knock out the two occurrences of "currently supported" from the above (unless a "disable this code after such and such a date is reached" is embedded in the code - not a popular option)..

          No, the pace needs to slow down. Nobody can handle the current pace of development.

          What is the point of developing something fancy, which everyone likes, but finding that it is based on "castles on sand" and then telling everyone to stop using it - (hmm, now what can I possibly be referring to here?)

          1. bazza Silver badge

            Re: Moving faster

            No, the pace needs to slow down. Nobody can handle the current pace of development.

            Seconded.

            Strategy Anarchy

            MS's strategy has been all over the place in recent years. That makes it very hard to know what the best way of developing for their platform is. Metro was a disaster for those few who took the plunge...

            Alternative Strategy

            A loooooong time ago MS showed Windows 7 + Office 2007 compiled and running fairly satisfactorily on an ARM dev board. It was even printing to an Epson printer. All they'd done was an ARM HAL for the NT kernel, recompiled the entire thing for ARM, and run it. Unsurprisingly it worked.

            If they had followed through with that they could have had an ecosystem of fat x86/ARM binaries with an option for developers to put a touch interface on their applications too if they thought they'd be used on a phone or tablet as well as a desktop.

            For the developers that would have been great - one source code base, a choice of supporting one or two application interfaces to suit, running on either desktop x86 or ARM mobile.

            For users it would have been great. Your mobile would have a mobile interface when on the move. Plug in power, a HDMI, bluetooth mouse & keyboard and voila, a full desktop with desktop apps.

            Why they didn't do it

            The engineers who did that demo of Win7 + Office on ARM must surely have seen the potential for a strategy such as I've outlined above, and must surely have been desparate to do it.

            The barrier at the time was that ARM SoCs weren't quite up to running a full fat desktop OS kernel on battery power in the memory (512 MByte was typical).

            Those problems don't exist anymore, haven't existed for a few years now, and were always going to disappear as the ARM SoC arms race took off. ARM has had a good dose of Moores law...

            Had MS chosen that strategy they'd be doing veeery well now. Instead the impatience to be seen to be doing something, anything, in the mobile space meant shoe-horning a nasty cut down Windows onto an ARM powered devices and porting some of that nastiness and cutdownedness to desktop (Windows 8 / Metro).

            Where did that impatience come from? Ah yes, shareholder pressure... There must have been engineers weeping into their coffees.

            I suppose one advantage that Apple had was that Jobs ignored his shareholders (wouldn't even pay them a dividend), whereas MS can't quite do that.

            1. TheVogon

              Re: Moving faster

              "For the developers that would have been great - one source code base, a choice of supporting one or two application interfaces to suit, running on either desktop x86 or ARM mobile.

              For users it would have been great. Your mobile would have a mobile interface when on the move. Plug in power, a HDMI, bluetooth mouse & keyboard and voila, a full desktop with desktop apps."

              Just like Windows 8 - and now Windows 10 you mean? - which already have both Arm and Intel support...except it's just one API, not 2...

              1. Dan 55 Silver badge

                Re: Moving faster

                No, because there's no support for Win32 on Windows Phone 8/Windows 10 Mobile. If there were support, recompiling Win32 apps to run on ARM would have allowed compatibility with little developer work.

                Nobody's seen Windows Phone 8/Windows 10 Mobile running on Atom, if they could and allowed sideloading Win32 apps that would be even better, from the user's point of view.

                But as it is, it's ARM and the TIFKAM API. Completely new platform with no momentum behind it, so it's not surprising that developers jump ship.

                1. Anonymous Coward
                  Anonymous Coward

                  Re: Moving faster

                  "No, because there's no support for Win32 on Windows Phone 8/Windows 10 Mobile."

                  But there is on Windows RT which is Windows 8 for Arm that supports Win32, so that's simply a deployment choice from Microsoft as Win32 is not meant to be the single cross platform API.

                  "Nobody's seen Windows Phone 8/Windows 10 Mobile running on Atom"

                  Apparently they have: http://hexus.net/mobile/news/windows-phone/85631-purported-microsoft-surface-mobile-screenshot-specs-leak/

                  1. Dan 55 Silver badge

                    Re: Moving faster

                    RT is dead and Win32 is locked down on it anyway. Nothing interesting mobile-wise was announced by MS in September and certainly nothing like that rumour.

                    Continuum and Win32 would be the mutt's nuts but they haven't worked it out yet.

                    As always with MS on mobiles, maybe next year then.

        3. Terry 6 Silver badge

          Re: Why after all these years....

          I agree but, certain pathways should be SOP.

          Win 7 + Outlook 2010 isn't an obscure combination.

          Maybe the ctrl+alt+del route is.

      2. bazza Silver badge

        Re: Why after all these years....

        Try to build a testing system that can handle all the variations in base hardware, devices, software add-ons. Try testing all those permutations against all the system software that has been on the x86 (or wherever) since 198x.

        Try running the unit tests on the modified code and release it only if it passes. That's what a unit test is for, to make sure that a piece of code performs to specification.

        Field issues like this mean either that their unit tests for this piece of code aren't adequate, or they didn't run them.

        I like Windows generally, specifically 7, still thinking about 10. I have to say that over the past few months it does feel like MS have not had their A team working on patches, which is not exactly good news for me or them.

        I've thought long and hard about Linux, but Libre Office is too slow and not very good, the distro anarchy is a massive put off, there's only one decent-ish desktop (Cinnamon, but that has bugs and annoying features), there's the whole systemd thing.

        I also wonder where Apple will go with OS X. Will it still be there in 5 years time? And Apple aren't exactly brilliant at patches or framework stability either. Plus the hardware is stupidly expensive...

        1. Ken Moorhouse Silver badge

          Re: Unit testing

          Unit tests are a great idea in principle, but how do developers emulate all the possible permutations of code on their development systems? Web designers have portals where they can submit pages to see how they render for every combination of browser that is out there, but it's not so easy for developers using more traditional compiler-based tools.

          You could argue that compiler-based tools are old-hat for modern development, but "baking-in" code into an application is arguably the most robust way to ensure that it works as designed.

          Of course, many of the development tools we as developers use are heavily reliant on libraries for commonly referenced code. A frequent cause of breakage is for the compiled-code to remain static, but for the libraries that are called to be modified. A good developer should check the version of library being referenced before calling and making use of it. How easy to library-writers make it for developers to do this?

          1. bazza Silver badge

            Re: Unit testing

            Unit tests are a great idea in principle, but how do developers emulate all the possible permutations of code on their development systems?

            Who's code are you talking about?

            MS's APIs have a published interface, and all that their unit tests have to do is test that their DLLs, etc. satisfy that published specification. They don't need to care what use applications make of that interface, just so long as adherence to the specification is enforced (parameter range checking, etc).

            From the description of the bugs that were arising it seems that their patch changed the interface, or just didn't work at all, both of which would have been revealed by an adequate unit test. They could have replicated Outlook's and the login screen's use of that interface in the unit test if they'd wanted to be sure they didn't break their own applications, but it looks like they hadn't done that.

        2. brainout

          Re: I've thought long and hard about Linux..

          Yeah, me too. But when faced with the prospect of Windows crashing all the time as your indefinite future BECAUSE they aren't willing to a) TEST the junk prior and b) won't let YOU get rid of it prior, Linux is the only alternative.

          But not as a replacement for the older Windows that works. As an adjunct. It surfs well, uses famliar browsers and email clients that sync with the same UI and characteristics in their Windows counterparts. So, buy or create EXTERNAL Linux installs, sample howto here (works for any distro in about the same way): http://brainout.net/frankforum/viewtopic.php?f=10&t=6 .

          I learned that the hard way. The Linux forums don't seem to realize that if instead of installing to internal you install solely to EXTERNAL drive (not all distros will allow it, either), you don't have to learn Linux much. You don't have to mess up your internal Windows drive and its ever-touchy mbr, either. (BIOS has to be enabled to boot Linux from external, and you have to turn UEFI off for some distros, but that's easy.)

          So that's my business plan: keep my old Windows machines, Linux online, Windows offline. So I can leave this hitlerian aka.ms/msa that MSFT is now imposing on all its stuff, and leave its constantly unprofessional and borking updates. Past is prologue, and the prologue is Windows offline.

      3. Dan 55 Silver badge

        Re: Why after all these years....

        Try to build a testing system that can handle all the variations in base hardware, devices, software add-ons. Try testing all those permutations against all the system software that has been on the x86 (or wherever) since 198x.

        One would have thought they could stretch to testing Windows 7 + Office 2010 and 2013. If not, something's gone seriously wrong. It's only the combination most used by enterprise.

      4. Adam 1

        Re: Why after all these years....

        > Try to build a testing system that can handle all the variations in base hardware, devices, software add-ons

        We are talking about windows 7 + outlook 2010 or outlook 2013. Seriously, that has got to be well over 25% of business Windows machines.

  2. Gordon 11

    resulted in the email client crashing as soon as some emails were scrolled through.
    Nothing new there, then. Thanks to MS having little idea about how to handle mime-types in Outlook (they still assume that all attachments have an associated filename with a meaningful suffix) it was easy to send a mail which would crash Outlook 2007. And if the user had previews on it would crash it as soon as it started up.

    MS did provide a fix. It stopped the crash (but wouldn't actually show the text content which it was being told was there). But the fix was only in Outlook 2010 - never put into the version where the bug was actually reported.

  3. veti Silver badge
    Pint

    Obligatory

    Grumblemutter fonts mutter email mumble plain text growl mutter preview snort Outlook back to basics.

    Also, get off my lawn.

  4. Anonymous Coward
    FAIL

    "With the plethora of operating systems and software run by its users, the Redmond patch testing team has its work cut out for it to avoid code breaks with patches."

    Well, yes, but both Windows and Outlook are Microsoft products, and you'd expect a company to test its own products...

  5. Mikel

    No worries

    I swear some people would defend Windows updates causing the PC to spontaneously combust.

  6. psychonaut

    Actually it has pevented at least 5 systems i know of from displaying the password field on login on 7 home premium. No ctlaltdel required. It can be removed from win 7 boot disk or recovery console

    http://myonlinesecurity.co.uk/kb3097877-causing-severe-difficulties-for-some-windows-7-users-november-2015-windows-updates/

  7. Kraggy

    Why is The Register being a Microsoft apologist?

    "The case highlighted the problems Microsoft can have with patching. With the plethora of operating systems and software run by its users, "

    Um, Outlook is a Mickeysoft product running on a Mickeysoft O/S, how much simpler does it get to check it works?

    1. Anonymous Coward
      Anonymous Coward

      Re: Why is The Register being a Microsoft apologist?

      Oh, there is more:

      (from the article) Reissuing the patch with the same name might cause confusion to some users, but end users should now just download the full set of patches and get to work.

      Well, no. This is the exact thing that MS does to "creatively adjust" its statistics. This is a NEW patch, so should get a new ID. There is no excuse for making patches identical because it screws over testing and regression management. Basically, it's massaging the facts to make themselves look better (or, to be accurate, less bad).

  8. Anonymous Coward
    Facepalm

    Still running Windows 7? In 2015?

    C'mon peeps, surely you've moved to Windows 10 Fall Update for all your machines. I know I have!

    1. Pascal Monett Silver badge
      Stop

      I will probably still be running Win7 in 2020 for gaming.

      If I change OS, it will be for a Linux variant. Win7 is the last MS OS I will ever use at home.

      All the shenanigans with the bloody TIFKAM and forced push of Win10 without consent and botched patches that we no longer can know what they do has spelled the end for Microsoft in my house. MS is no longer a trustworthy, reliable OS maker. It has become a schizophrenic nutjob wrecking everything we have all become accustomed to. That is not acceptable, period.

      1. Hans 1
        Facepalm

        >MS is no longer a trustworthy, reliable OS maker.

        They have never been, where did you hear that nonsense ?

        1. Pascal Monett Silver badge

          MS was good enough until Vista. Vista got the slapdown, and MS did a 180 real quick and birthed 7, then promptly proceeded to indulge in deep amnesia and has now lost the plot entirely.

          Win 7 is the last Windows that attempted to preserve the user experience and a semblance of sanity. Everything after that resembles drug withdrawal symptoms : first you get the shakes and fever (TIFKAM), then cramps, pain and impaired motor functions (Win 1 0), finally ending with incoherence and unconsciousness (WU patch mayhem).

          And there is no clinic for MS. It's going to be overdose, or cold turkey. That'll depend purely on what the level of resistance is going to be.

          1. brainout
            Big Brother

            The Borg/Seedpods have taken over

            So resistance is futile. We can only LEAVE, or BOYCOTT and wait for it to DIE. Which is extremely painful, but until both the Board and all the top brass of MSFT quit/leave/die, the infection will not go away. Maybe not even then.

            And when you cut off a head, the chicken runs aimlessly, so that won't help, either.

    2. Anonymous Coward
      Thumb Up

      Re: Still running Windows 7? In 2015?

      surely you've moved to Windows 10 Fall Update for all your machines.

      Upvoted for humour.

    3. TheVogon

      Re: Still running Windows 7? In 2015?

      "surely you've moved to Windows 10 Fall Update for all your machines"

      All my machines installed it as soon as it was released on insider Fast Ring...zero issues so far.

    4. Pompous Git Silver badge

      Re: Still running Windows 7? In 2015?

      "C'mon peeps, surely you've moved to Windows 10 Fall Update for all your machines. I know I have!"

      Pedant alert! You misspelled "Fail".

  9. Hans 1
    FAIL

    Testing ....

    Well, as it turns out, no HW drivers come into play here. It is simply that they did not test the patch on a system with both Windows 7 and affected Outlook version installed, at the least, they did not test properly.

    They also failed to test the Windows Server 2008 R2/Outlook combo properly.

    I guess Microsoft is not using Outlook internally anymore.

    1. Anonymous Coward
      Anonymous Coward

      Re: Testing ....

      "I guess Microsoft is not using Outlook internally anymore."

      I think you mean they are not using Outlook 2010 internally. Office 2016 is out now....

  10. Newt_Othis

    KB3101488 is borked too

    Outlook on our test PCs falls over about four or five times a day since this little nugget of joy was installed.

    https://support.microsoft.com/en-us/kb/3118497

    Not a great set of patches this month.

  11. Unicornpiss
    Meh

    I know you can't give 100% QA on everything

    But with as many widespread problems as this patch caused with Outlook, surely MS could do a little better job? And after all, it's not like it was causing problems with 3rd party software, but instead with Office, Microsoft's flagship product. One wonders if they really tried beyond asking a dozen people in the company if they were having any problems.

    1. Tikimon
      Meh

      Re: I know you can't give 100% QA on everything

      You have to consider the myriad of different variables in any computer. All of our machines are Win 7 Office 2010, but the similarity ends there. Do you really think that the Microsoft accounting package this one has, the third-party fundraising software that one has, don't make any difference? Have they all loaded the same patches this week?

      The variables are ENDLESS and you can't test them all. They do try, but it's not a perfect science.

      That problem patch installed on four machines before I could stop it. Two of the four had no problem, the other two Outlook crashed. Same model machine, OS, Office version and patches.

      1. Anonymous Coward
        Anonymous Coward

        Re: I know you can't give 100% QA on everything

        > Two of the four had no problem, the other two Outlook crashed. Same model machine, OS, Office version and patches.

        But did the ones that didn't crash have the same emails? It seems that the crash is triggered by specific emails -- something to do with embedded fonts on non-trusted servers, from what I've read. And for me, out of hundreds of emails that I've tried, only the ones from a specific person cause it to crash (they all have the same format, but I can't tell anything about embedded fonts).

  12. Anonymous Coward
    Anonymous Coward

    Dear microsoft

    Thank you for f*cking my weekend, if I can ever do the same for you don't hesitate to ask, I'd be only too happy.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like