Microsoft pulls September Lync security update

Microsoft has withdrawn the 2982385 security update that was released as part of this month's security updates. A revision to the security bulletin states:

Microsoft revised this bulletin to address a known issue that prevented users from successfully installing security update 2982385 for Microsoft Lync Server 2010. Microsoft is investigating behavior associated with the installation of this update, and will update this bulletin when more information becomes available. As an added precaution, Microsoft has removed the download links to the 2982385 security update.

The 2982385 update is not a conventional security update. The bulletin does not list any vulnerabilities addressed nor give the update a severity rating. It says "...as a defense-in-depth measure, Microsoft recommends that customers of this software apply this security update to help protect against any possible new attack vectors identified in the future." Microsoft has removed the download links for the update as well as the KB article for it.

The other Lync Server 2010 update (2982388) remains available, as do several for Lync Server 2013. 

WindowsIT Pro describes the manifestation of the problem as "... installers would be presented with a Windows Security screen stating that the update couldn't be installed because Windows couldn't verify the 'publisher of the driver.'" This indicates a problem with code signing of the update.

Microsoft has had to withdraw multiple updates in August and September because of problems. Last week a September non-security update for OneDrive for Business was pulled. One security update from August and several non-security updates were also pulled and re-released later on.