Microsoft blames 'human issues' for Bluetooth patch hiccup

Summary:Microsoft has re-released its critical MS08-030 bulletin for Windows XP SP2 and SP3 users, warning that "two separate human issues" caused a major hiccup with the critical security patch.The original version of the patch, which corrects a remote code execution flaw in the Windows Bluetooth stack, failed to properly fix the vulnerability for Windows XP users, according to Christopher Budd, a program manager in the MSRC (Microsoft Security Response Center).

Microsoft blames ‘human issues’ for Bluetooth patch hiccup
Microsoft has re-released its critical MS08-030 bulletin for Windows XP SP2 and SP3 users, warning that "two separate human issues" caused a major hiccup with the critical security patch.

The original version of the patch, which corrects a remote code execution flaw in the Windows Bluetooth stack, failed to properly fix the vulnerability for Windows XP users, according to Christopher Budd, a program manager in the MSRC (Microsoft Security Response Center).

[ SEE: Critical IE, Bluetooth, DirectX flaws highlight MS Patch Tuesday ]

Budd said an initial investigation into the hiccup identified "human issues" but he did not elaborate.

After we released MS08-030 we learned that the security updates for Windows XP SP2 and SP3 might not have been fully protecting against the issues discussed in that bulletin. As soon as we learned of that possibility, we mobilized our Software Security Incident Response Process (SSIRP) to investigate the issue.

Our investigation found that while the other security updates were providing protections for the issues discussed in the bulletin, the Windows XP SP2 and SP3 updates were not.

Our engineering teams immediately set to work to address the issue and release new versions of the security updates for Windows XP SP2 and SP3. These are available now and are being delivered through the same detection and deployment tools as the original update.

It's important to note that this re-release only applies to users running Windows XP SP2 or SP3.  "If you’ve deployed security updates for MS08-030 for other versions of Windows, you don’t need to take any action for those systems," Budd said.

Microsoft has had trouble in the past with faulty security updates but it's somewhat rare for to see a bulletin re-release because the patch missed an entire OS version.  The very reason we have a Patch Tuesday release cycle is to avoid situations where IT admins cannot properly prepare for testing and deploying updates.

Having two Patch Days in a month is borderline unacceptable, especially when it involves the "human issues" excuse.

Topics: Operating Systems, Microsoft, Security, Software, Wi-Fi, Windows

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.