Botched Outlook 2013 patches KB 2837618 and KB 2837643 break Out Of Office reply, Free/Busy, and more

Installing KB 2837618 causes slew of problems, and addition of KB 2837643 makes it impossible to fix them through a simple uninstall

Shortly after November's Black Tuesday patches rolled out of the automatic update chute, the Microsoft Answers forum started to light up with customers complaining about a wide array of Outlook 2013 problems: Outlook would hang when trying to sync IMAP accounts; trying to set up Out of Office replies on Exchange Server drew bogus "currently unavailable" messages; Free/Busy data for the Outlook Calendar didn't download; S/MIME certificates wouldn't validate, resulting in repeated credential prompts; and many others. Microsoft documented the problems in KB 2837618.

At the time it seemed like a relatively minor problem that would be diagnosed and fixed quickly. Over the ensuing weeks, reports started surfacing about two related problematic patches, KB 2837618 and KB 2837643. Resolving the Outlook 2013 problems may -- in some cases -- involve removing both of the bad patches; removing one or the other might not solve the problem. Microsoft hasn't documented any problems with the latter patch, and we don't yet have definitive word when the problems will be fixed.

KB 2837618, part of Security Bulletin MS13-094, is a typical, boring Office patch: With a Microsoft-assigned severity of "important" (not "critical"), an Exploitability index of 3, and no known examples in the wild, it was totally forgettable. According to the KB article, the patch "resolves a security vulnerability in Microsoft Outlook that could allow information disclosure when a specially crafted email message is opened or previewed."

KB 2837643 isn't even a security patch. It's a miscellaneous fix for Office 2013 that coincidentally got rolled out on Black Tuesday. According to the KB article, it fixes a glitch "when you use touch gestures on large-screen devices in PowerPoint 2013" and in other obscure situations.

Somehow, installing KB 2837618 causes the aforementioned problems, and adding KB 2837643 to the mix makes it impossible to fix the problems by simply uninstalling KB 2837618.

The details are complicated. Matthew Stublefield at the Missouri State University help desk has the most thorough explanation I've seen. Suffice it to say that the symptoms are subtle enough that it took a lot of people to track down the source of the problem.

The Patch Management newslist has a detailed thread about the problem, culminating in the recommendation that customers delete both patches, then delete and rebuild the Outlook profile. (Apparently, running a profile repair doesn't work.) Then you should hide both of the patches, should you be so trusting as to keep Automatic Update enabled.

At this point, I can't find any official word from Microsoft on when the patch will be fixed. Poster Gerry C J Cornell, writing on the Answers forum, said, "I talked to M$ yesterday and those rollouts will be fixed in December." Looks like we'll find out.

t/h SB

This story, "Botched Outlook 2013 patches KB 2837618 and KB 2837643 break Out Of Office reply, Free/Busy, and more," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow InfoWorld.com on Twitter.

Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies