Despite how it might seem at times, flawed security updates are relatively rare. When there is a problem, Microsoft typically releases an update for the update.
For example, this past December there was a bug in the patch Microsoft released to fix a font vulnerability. In this special New Year’s edition of Patch Watch, I review three problem updates released in December.
Some side effects from fixing vulnerable fonts
For every Patch Watch edition, I install offered updates on my systemsand look for any problems the patches might cause. However, if a patch works on my PCs, there is no guarantee it’ll be problem-free on every PC — there’s a huge variety of PC configurations. The patches in MS12-078, for example, were intended to fix a vulnerability in TrueType and OpenType font files. Unfortunately, installing KB 2753842 had the unforeseen side effect of making fonts disappear in a few major applications such as PowerPoint, CorelDRAW, and other apps commonly used in the printing industry.
What to do: Microsoft rereleased KB 2753842 on Dec. 20, 2012. Install the new version — and if you are still having issues with this update, please post that information in the related Windows Secrets Lounge thread. I’ll do some more investigation.
Root certificates causing headaches for admins
Microsoft’s Windows root-certificate updating process is confusing and often makes me nervous. Too often, we must trust that a root-cert update won’t have long-term consequences to our systems and networks. KB 931125, the December 2012 root-cert update for Windows XP, is a recent example of some unintended consequences — especially for server admins using Network Policy Server (NPS) to protect their systems.
NPS is a technology that lets admins set minimum standards for PCs that connect to a network. These standards can include installed patch levels, browsers, antivirus software, and more. You’ll find NPS typically deployed on larger networks.