It’s been a December to remember for Microsoft’s
Macintosh Business Unit (MacBU).
Microsoft developers last week inadvertently published a patch for Macintosh Office users that included untested security elements. The company made matters worse by removing the patch from its servers — after a number of users had already downloaded it.
To further muddy the waters, the Microsoft Security Response
Center (MSRC) posted a notice telling users to uninstall the patch without giving clear guidance on how to do that.
“Unfortunately,” blogged MacBU software development lead Erik Schweibert,
“there is no easy way to uninstall it without going back to the original CD
and doing a clean install followed by applying the latest full updater.”
Schweibert added that the MSRC note made for “a really poor user experience
for those who installed the update.” But, he said, “there’s no urgent need to uninstall the patch” because it turns out the code doesn’t have any known issues.
He also said that this security issue “is not related to the Word
zero-day alert that Microsoft warned about recently.”
Not everyone on the Redmond campus seems to have gotten the message, though.
Despite Schweibert’s reassuring blog post, the MSRC still has a notice recommending that users remove the patch — and still with
no information on how to do so.
The situation arose innocently enough: developers working in parallel on a
variety of fixes, including security fixes, accidentally released the code
while testing the download process for an upcoming Office patch.
Schweibert explained that the patch included “some normal stability issues
as well as preparatory work for an upcoming security release.”
“All the code in the patch had been tested and approved except for the
security-related bits,” he wrote.
The MacBU expects to provide a new updater for both Office X (version
10.1.9, with a new build number) and 2004 (version 11.3.2) by the end of the
week. The updater will, among other things, remove the code that was accidentally released.
Schweibert also provided a five-step process for removing the code manually for
anyone who doesn’t want to take a chance of having untested security code on
Earlier this month, the MacBU had to endure
inaccurate rumors that Mac users wouldn’t be given converters for Office