| By Susan Bradley |
After each Patch Tuesday release, I scan the security forums and websites for reports of patching issues.
I morbidly call this monthly search “looking for dead bodies.” At this time, I’m still waiting to see what happens with MS12-006.
MS12-006 (2643584, 2585542)
Seeking more information on MS12-006 issues
January’s Patch Tuesday updates include MS12-006 (KB 2643584 and KB 2585542), which fixes an issue with Secure Socket Layer (SSL) implementation. Because we use SSL so often and don’t even think of it, I’ve been waiting to see whether any problems with the patch have floated up in security forums and listserves. Surprisingly, I’ve not seen many reports — and I think I know why. Even Microsoft is holding back on this update.
On the Patch Management listserve, Microsoft’s Doug Neal talks about how there are times when the company doesn’t push updates out through Microsoft or Windows Update. However, many Windows users might see this patch listed in Windows Update but not checked, as shown in Figure 1. (This was the case on my systems.) Why? I believe that Microsoft, too, is holding back a bit to make sure there are no major problems related to this update.
Figure 1. Occasionally, Microsoft offers a patch but leaves it unchecked — and thus not installed by automatic updating.
And, it would seem, with good reason. There are reports that some software vendors needed to update their products to work with this patch. For example, a Tech Strategies post notes that Kerio Outlook Connector fails, preventing Outlook from sending e-mails and generating error messages.