Microsoft re-issues botched Black Tuesday patch

Even if you installed the old patch, you need to re-install KB 2753842 to get your fonts working correctly

Late yesterday, Microsoft re-issued its buggy MS12-078/KB 2753842 patch. Part of this month's Black Tuesday Automatic Update crop, MS12-078 was designed to fix a "critical" security hole in the OpenType Compact Font Format driver, which has never been exploited in the wild. The patch caused specific OpenType fonts to disappear from some systems, and it failed to work with many different packages on others, including Microsoft's own PowerPoint.

Here's the chronology:

December 11: Black Tuesday, the patch was pushed down the Automatic Update chute.

December 12: Wednesday morning, posts began appearing on the CorelDraw customer forum, correlating broken fonts with the Black Tuesday patches. By the middle of Wednesday morning, several CorelDraw users correctly identified the source of the problem -- a buggy KB 2753842 patch -- and how to fix the problem, by uninstalling the patch.

December 13: Thursday morning, claudep, identified on the CorelDraw forum as a Corel employees, states that he has confirmed it's a problem with the patch and that he "will notify Microsoft about this." Complaints started surfacing on many different fora, and the list of borked apps expanded: Quark Xpress, Quark CopyDesk, FlexiSign, SignLab, Musescore, Avid Marquee, Bentley MicroStation, Inkscape, Xara, Extensis, Serif PagePlus, Document Toolkit, Flash in design mode, and most embarrassingly PowerPoint and, reportedly, Excel.

December 14: Friday, Microsoft finally confirms in the KB article that "we are aware of issues related to OpenType Font (OTF) rendering in applications such as PowrPoint ... we are currently investigating these issues and will take appropriate action," but it continues to push the patch down the Automatic Update corridor.

December 17: Monday, the KB article wording remains the same, but the patch has been pulled from Automatic Update.

December 20: Thursday, Microsoft changes the KB article to say: "The original version of security update 2753842 had an issue related to OTF (OpenType Font) rendering in applications such as PowerPoint on affected versions of Windows. This issue was resolved in the version of this security update that was rereleased on December 20, 2012."

Although the KB article doesn't mention it, you need to install this new version of KB 2753842 whether or not you installed the old, buggy version. That's why Windows customers are reporting that they're being offered the patch again, even though it was installed already -- indeed, even though it appears on the Windows Update list of installed patches.

If you took Microsoft's advice, uninstalled the patch, and hid it from Automatic Update, you should unhide KB 2753842 now.

There is no wording on the Windows Update listing that would advise you of the fact that you need to re-install the patch, nor is there any indication that the current version is an update to fix a bug in the original patch.

This story, "Microsoft re-issues botched Black Tuesday patch," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow InfoWorld.com on Twitter.

Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies