Microsoft blames 'human issues' for Bluetooth patch hiccup

Microsoft blames 'human issues' for Bluetooth patch hiccup

Summary: Microsoft has re-released its critical MS08-030 bulletin for Windows XP SP2 and SP3 users, warning that "two separate human issues" caused a major hiccup with the critical security patch.The original version of the patch, which corrects a remote code execution flaw in the Windows Bluetooth stack, failed to properly fix the vulnerability for Windows XP users, according to Christopher Budd, a program manager in the MSRC (Microsoft Security Response Center).

SHARE:

Microsoft blames ‘human issues’ for Bluetooth patch hiccupMicrosoft has re-released its critical MS08-030 bulletin for Windows XP SP2 and SP3 users, warning that "two separate human issues" caused a major hiccup with the critical security patch.

The original version of the patch, which corrects a remote code execution flaw in the Windows Bluetooth stack, failed to properly fix the vulnerability for Windows XP users, according to Christopher Budd, a program manager in the MSRC (Microsoft Security Response Center).

[ SEE: Critical IE, Bluetooth, DirectX flaws highlight MS Patch Tuesday ]

Budd said an initial investigation into the hiccup identified "human issues" but he did not elaborate.

After we released MS08-030 we learned that the security updates for Windows XP SP2 and SP3 might not have been fully protecting against the issues discussed in that bulletin. As soon as we learned of that possibility, we mobilized our Software Security Incident Response Process (SSIRP) to investigate the issue.

Our investigation found that while the other security updates were providing protections for the issues discussed in the bulletin, the Windows XP SP2 and SP3 updates were not.

Our engineering teams immediately set to work to address the issue and release new versions of the security updates for Windows XP SP2 and SP3. These are available now and are being delivered through the same detection and deployment tools as the original update.

It's important to note that this re-release only applies to users running Windows XP SP2 or SP3.  "If you’ve deployed security updates for MS08-030 for other versions of Windows, you don’t need to take any action for those systems," Budd said.

Microsoft has had trouble in the past with faulty security updates but it's somewhat rare for to see a bulletin re-release because the patch missed an entire OS version.  The very reason we have a Patch Tuesday release cycle is to avoid situations where IT admins cannot properly prepare for testing and deploying updates.

Having two Patch Days in a month is borderline unacceptable, especially when it involves the "human issues" excuse.

Topics: Operating Systems, Microsoft, Security, Software, Wi-Fi, Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

5 comments
Log in or register to join the discussion
  • What a rich comment

    "..having two patch days is borderline unacceptable.."

    And if MS didn't fix the problem and waited a whole month you'd be screaming that MS purposely withheld a patch and put people at risk.

    So someone goofed. Deal with it.
    croberts
    • Gee, maybe you're right...

      instead of being critical of yet another failed patch we should be celebrating. Maybe the people responsible for that "human element" should all get raises. After all, we can't start holding software companies responsible for their software. That would just be wrong.
      jasonp@...
      • Are you serious?

        When did the standard for anything become "perfection" or "lawsuit"?

        "Hold software companies responsible.." just listen to yourself. You sound like a lawyer. They are responsible. Someone made an error and they fixed it. Case closed.

        Maybe that's exactly what's wrong with the country these days. Someone always has to be "responsible" when something goes wrong. Never mind about fixing the problem. Job one is to pin the blame on someone.
        croberts
        • Yep

          Except some people are overly aggressive when looking to pin the blame on Microsoft.

          I have yet to hear such crazy talk about Mozilla's vulnerability...5 hours after 3.0 was released.
          rkuhn040172@...
  • yet another reason to use Vista

    Vista is not affected by this problem. Yet another reason to use Vista.
    qmlscycrajg