In stark contrast to the demise of KB 2889866 last week -- a pulled patch that went very well, thanks to Office Sustained Engineering folks who were really on the ball -- the yanking of KB 2982385 was slow and painful. Nearly a week after the problem was first identified, Microsoft finally pulled the patch and posted a note about the problem in a backwater FAQ, leaving the KB 2982385 article hanging with a singularly unhelpful "Oops! The page you are looking for may have a new location, or is no longer available" notification, and with no explanation or mitigation instructions.
The patch itself was a disaster from the get-go.
MS 14-055 is an "Important" patch for Lync Server 2010 and 2013 that "resolves three privately reported vulnerabilities in Microsoft Lync Server." In the case of Lync Server 2010, the Response Group Service was exposed to a possible denial-of-service attack. The patch for the server component itself has no listed security impact, "however, as a defense-in-depth measure, Microsoft recommends that customers of this software apply this security update to help protect against any possible new attack vectors identified in the future."
Tobie Fysh at Freebridge Community Housing tweeted about the problem on Sept. 12. Apparently the installer for KB 2982385 throws off a Windows Security message that says, "Windows can’t verify the publisher of this driver software .… The driver software you’re attempting to install does not have a valid digital signature that verifies who published it, and could potentially be malicious software." Fysh submitted a support case to Microsoft.
On the night of Sept. 15, Microsoft modified the MS 14-055 article to say:
Why was this bulletin revised on September 15, 2014? Microsoft revised this bulletin to address a known issue that prevented users from successfully installing security update 2982385 for Microsoft Lync Server 2010. Microsoft is investigating behavior associated with the installation of this update, and will update this bulletin when more information becomes available. As an added precaution, Microsoft has removed the download links to the 2982385 security update.
There’s been no other discussion that I can see. The KB 2982385 article has disappeared, and KB 2982385 no longer appears in the WSUS database.
That’s quite a study in contrasts. Two yanked Black Tuesday patches in September, one that went well and one that went, well…