Microsoft Patches its Patch
Microsoft confirmed today that a security update for its Excel spreadsheet had turned English text in an important Windows tool into Chinese.
The admission was the second in the past two days from Microsoft's Office team of a gaffe involving a recent security update.
Friday's announcement involved the seven-patch update Microsoft shipped on Tuesday for Excel. "We have received reports from some of our Excel 2003 and Excel 2002 customers that after installing update KB978471 or KB978474, they are seeing non-English text in the 'Add or Remove Programs' tool (Win[dows] XP) or the 'Programs and Features' --> 'Installed Updates' view (Vista, Win[dows] 7)," Microsoft said in an entry published early today on the "Office Sustained Engineering" blog.
According to Microsoft, the patches are displayed in "Add or Remove Programs" in simplified Chinese rather than the intended English. "If English text ... is a requirement, there is a two-part workaround available," said Microsoft as it told users to first uninstall Tuesday's Excel update, then download and install a revamped version.
Today's snafu wasn't as serious as the one Microsoft acknowledged Thursday, also on the Office blog. Yesterday, the company confirmed that a Feb. 9 non-security hotfix that added support for .Net 4.0 to Office 2007 caused the suite's programs to crash when they were run on Windows Server 2008 R2 or Windows Server 2008 with Terminal Services.
Some users claimed that the update also made Internet Explorer 8 (IE8) crash when working with SharePoint 2007.
Microsoft yanked the hotfix -- which was served in limited fashion last month and then more widely via Microsoft Update starting last Tuesday -- and replaced it with another that corrected the crash problem. The crash-making hotfix was also pulled Thursday from Windows Server Update Services (WSUS), the patch-management system that many businesses use to distribute security and other fixes to company PCs.
Microsoft has had a string of update problems this year, the most widely-reported a February patch for a 17-year-old Windows vulnerability that caused computers to lock up and display the dreaded "blue screen of death" error message. Microsoft withdrew the update within days, and later said that only PCs infected with a rootkit had been affected.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed. His e-mail address is firstname.lastname@example.org.
Read more about desktop applications in Computerworld's Desktop Applications Knowledge Center.