Three Microsoft Outlook patches unpatched, users left to DIY
It's 2017 and attachments with "..." in their names caused crashes
Microsoft has withdrawn at least three of the patches released at the end of June and early July, but left it to users to find out for themselves.
The three patches – KB 4011042, KB 3191849 and KB 3213654 – fixed the same file-handling bugs in Outlook's 2010, 2013 and 2016 editions. Attachments containing “...” (ellipsis) or exclamation points were blocked; e-mails with unsafe file extensions in the subject, ditto; and attachments using
ShowLevel1Attach caused errors.
The three have been updated to say the update "is not currently available. This article will be updated as soon as the update is available again", so rather than give users a heads-up, Microsoft is telling you to watch the pages for news.
A couple of weeks ago, Redditors started discussing crashes after the updates were released, and quotes Microsoft that this was the reason for their removal.
What Redmond told Reddit – but didn't say in its knowledge base announcements – is that the patches should be removed until the replacements arrive.
Sysadmins with big fleets, with auto-update turned on, probably already knew that something was wrong from the incessant bug reports, but no, Microsoft doesn't seem to have provided any automatic technique for removing the patches. ®
Sponsored: Becoming a Pragmatic Security Leader