Microsoft outdoes itself in botching patch release with reissue of KB 303639 without documentation for Vista and Windows Server 2003
Microsoft engineers seem to have taken fancy to botching up the patch releases. We had earlier recounted how Microsoft was bungling with its patches not once or twice but three times in the recent past. It seems to have repeated its mistakes only this time its poor victims are Windows Vista and Windows Server 2003 users.
The latest instance of its botching the patch is a undocumented KB 3037639 release on 17th Feb 2015 which seems to be just a “re-release” of its KB 3013455 which had “Text Quality Degradation” issue for Vista and Windows server 2003.
Microsoft Security Bulletin is released by Microsoft every 2nd Tuesday of a month and it has security updates for Windows operating system and related software applications. This is being done since 2003 and is known as Patch Tuesday or Black Tuesday. On 10th of Feb 2015, Microsoft released MS15-010/KB 3013455 patch and the main purpose of this release was to tackle the “Vulnerabilities in Windows Kernel-Mode Driver”.
However, it was found that this patch had some “Text Quality Degradation” issue in Windows Server 2008 SP2; Windows Server 2003 SP2; Windows Vista SP2. In these OS after the system was updated with the patch there was a corruption in the “Courier New” font. This corruption would be rectified if the patch was uninstalled. Also it was found that the patch does not affect the Windows 7 and 8.1 versions.
It was found that most of the users who use the simple fonts were affected and the temporary suggestion was to change the font where ever applicable, though Microsoft was working to get a permanent solution to this issue. Though uninstalling the patch would restore the text quality it was not recommended as the main purpose of the patch would have been a failure because the systems would still be exposed to the zero-day vulnerabilities in kernel mode driver for which the patch was released.
It seems finally Microsoft have come up with a fool proof solution to tackle the “font issue” as an undocumented KB 3037639 was released on 17th of Feb. The problem lies that, Microsoft published this patch without documentation and proper instructions regarding the patch.
This was not the usual Patch Tuesday release and seems to be just a solution to KB 3013455 and not a new patch. Users who have previously installed KB 3013455 need to now install KB 3037639 and the “font issue” was rectified. Also users can directly install KB 3037639 instead of KB 3013455 to tackle the vulnerability in Windows Kernel-Mode Driver.