Tower of Babel Outlook 2007 security patch KB 4011086 yanked, replaced

Tower of Babel Outlook 2007 security patch KB 4011086 yanked, replaced

With one month left until Outlook 2007 hits end of life, Microsoft released a fix yesterday for the September security patch’s polyglot ways. You may

License Plate Surveillance Company Attacks Nonprofits For Filing FOIA Requests
Open-source developers targeted in sophisticated malware attack
Apache Struts 2 Needs Patching, Without Delay. It's Under Attack Now.

With one month left until Outlook 2007 hits end of life, Microsoft released a fix yesterday for the September security patch’s polyglot ways. You may recall KB 4011086 as the Outlook 2007 patch that displays Swedish menus in the Hungarian language version, Portuguese in Italian, Swedish in Slovenian, Spanish in Italian, and many more. One hitch: You have to manually uninstall the old patch before you can install the new patch.

For those of you using Outlook 2010 who got hit with the same language switcheroo, I haven’t seen any notice that this month’s KB 4011089 has been fixed or pulled.

Worth remembering: This new Outlook 2007 patch, KB 4011110, also includes the “fix” that breaks VBScript printing in custom forms.

Outlook security patch scorecard

When you sort through all the announcements, changes and re-releases, here’s the latest Outlook security patch scorecard, with my recommendations:

Outlook 2007 — If you haven’t yet installed the September security patch, KB 4011086, wait. It’s too early to tell if the new security patch, KB 4011110, has bugs of its own. If you did install the original security patch, KB 4011086, and you aren’t encountering language change problems, stay put.

But if you installed the original security patch and you’re having problems with Swedish menus showing up in your Slovenian version, you need to manually uninstall KB 4011086, then install KB 4011110. The instructions in the KB article for uninstalling KB 4011086 are wrong. See a corrected version of the steps in @PKCano’s post on AskWoody.

If you apply either the Tower of Babel version KB 4011086 or this new, corrected language version KB 4011110, scripts won’t work in your custom forms, but at least now we know what’s happening. Realize that security patches for Office 2007 will stop next month.

Remember when patching Outlook 2007 was easy?

Outlook 2010 — If you haven’t yet install the September security patch, KB 4011089, wait. It isn’t clear if Microsoft will release another version that solves the language-mangling bug, much as they did with Outlook 2007. I also have a report (still unconfirmed) that KB 4011089 breaks the viewing of archived mail — you can see only a portion of archived messages, and the links to see the rest don’t work. (Thanks, @JBar300.)

Outlook 2013 — If you haven’t yet installed the September security patch, KB 4011090, wait. There’s no Tower of Babel looming over the patch, but we’ve only seen it in action for a week. It’s much too early to know if there are additional problems.

Outlook 2016 — Same recommendation, for the same reason. Wait.

Microsoft has a Security Advisory posted about these security patches. The only explanation given:

Microsoft has released an update for Microsoft Office that provides enhanced security as a defense-in-depth measure.

Which doesn’t exactly shout “Patch Now” to my ears.

As you might imagine, there’s a lively discussion going on the AskWoody Lounge.

Go to Source

COMMENTS