RealTime IT News

MacBU: Sorry For Nothing

It's been a December to remember for Microsoft's  Macintosh Business Unit (MacBU).

Microsoft developers last week inadvertently published a patch for Macintosh Office users that included untested security elements. The company made matters worse by removing the patch from its servers -- after a number of users had already downloaded it.

To further muddy the waters, the Microsoft Security Response Center (MSRC) posted a notice telling users to uninstall the patch without giving clear guidance on how to do that.

"Unfortunately," blogged MacBU software development lead Erik Schweibert, "there is no easy way to uninstall it without going back to the original CD and doing a clean install followed by applying the latest full updater."

Schweibert added that the MSRC note made for "a really poor user experience for those who installed the update." But, he said, "there's no urgent need to uninstall the patch" because it turns out the code doesn't have any known issues.

He also said that this security issue "is not related to the Word zero-day alert that Microsoft warned about recently."

Not everyone on the Redmond campus seems to have gotten the message, though.

Despite Schweibert's reassuring blog post, the MSRC still has a notice recommending that users remove the patch -- and still with no information on how to do so.

The situation arose innocently enough: developers working in parallel on a variety of fixes, including security fixes, accidentally released the code while testing the download process for an upcoming Office patch.

Schweibert explained that the patch included "some normal stability issues as well as preparatory work for an upcoming security release."

"All the code in the patch had been tested and approved except for the security-related bits," he wrote.

The MacBU expects to provide a new updater for both Office X (version 10.1.9, with a new build number) and 2004 (version 11.3.2) by the end of the week. The updater will, among other things, remove the code that was accidentally released.

Schweibert also provided a five-step process for removing the code manually for anyone who doesn't want to take a chance of having untested security code on their Macs.

Earlier this month, the MacBU had to endure inaccurate rumors that Mac users wouldn't be given converters for Office 2007.