'

MS Exchange updates delayed until December

The two missing updates from this week's Patch Tuesday were for Exchange Server. They're not quite baked.

Amid several critical vulnerabilities disclosed on Tuesday by Microsoft was a mystery: Two updates scheduled to be released were withheld. All the bulletin summary said of them was "Release date to be determined."

It turns out that the updates were scheduled for Microsoft Exchange Server. The Exchange Team held back on release of the updates, unsatisfied that a problem in the Installer program was sufficiently resolved.

Testing determined that the Installer program for the security update could corrupt OWA files. One may resolve the issue by performing an MSI repair before the security update is installed, but this is both unacceptable and not something Microsoft can expect users to do.

The team believes that the problem is limited to Exchange Server 2013, but they have withheld the updates for Exchange 2007 and 2010 out of an abundance of caution.

An abundance of caution may be called for. Earlier this year Microsoft had to withdraw a botched update and recommend uninstallation of it after it made Windows unbootable.