Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • Excel security patch MS17-014 for Excel 2010, KB 3178690, triggering crashes

    Home Forums AskWoody blog Excel security patch MS17-014 for Excel 2010, KB 3178690, triggering crashes

    This topic contains 24 replies, has 10 voices, and was last updated by  woody 1 month ago.

    • Author
      Posts
    • #102349 Reply

      woody
      Da Boss

      Apparently this has been fixed. At least MS says it’s been fixed. See See https://www.askwoody.com/2017/fix-released-for-the-botched-excel-2010-security-patch-kb-3178690/

      [See the full post at: Excel security patch MS17-014 for Excel 2010, KB 3178690, triggering crashes]

      • This topic was modified 1 month ago by  woody.
      4 users thanked author for this post.
    • #102382 Reply

      anonymous

      KB 3178690 still shows, but is no longer checked on my Windows Update.

      1 user thanked author for this post.
    • #102396 Reply

      samak
      AskWoody Lounger

      So if MS acknowledge that the patch may cause Excel to be unusable, why issue the patch in the first place?

       

      W7 SP1 Home Premium 64-bit, Office 2010, Group B, non-techie

      • #102409 Reply

        Noel Carboni
        AskWoody MVP

        Could be they just don’t know what causes it yet, or whether it’s a problem with the patch at all, and they’re just managing the risk.

        -Noel

        • #102572 Reply

          anonymous

          And they need us, the unpaid beta testers, to test this in our production machines.

      • #102533 Reply

        lurks about
        AskWoody Lounger

        MS regularly releases buggy patches (Woody’s Defcon system). Many suspect the primary culprit is poor internal (or nonexistent) testing procedures at MS with users getting alpha/beta test grade releases too often for a patch. Thus the widespread reports of problems.

        This long history of problematic patches is way many are leery of the new patching system in W10 as well as its semi-rolling/rolling release model. Buggy patches mean the old system and methods provided users with workarounds that were a pain but viable. The new system has a much higher risk of hosing a system. Also, MS seems to misunderstand why one uses a rolling/semi-rolling release distro in Linux. It is not to get new features as much as to keep entire system up to date and at the latest release including the installed non-OS software. New features are added but the side effect not the goal. Rolling release distros are not considered suitable for the average user because they require more attention to detail and knowledge to maintain.

        1 user thanked author for this post.
    • #102415 Reply

      RCPete
      AskWoody Lounger

      I noticed that KB3178690 was Important, but not checked this morning (7:30 PST). I wondered what was going on, but not enough to override the Defcon guidelines…

      • #102428 Reply

        woody
        Da Boss

        Important but not checked. That’s a very unusual combination!

        • #102448 Reply

          ch100
          AskWoody MVP

          Important but not checked. That’s a very unusual combination!

          Office Updates have been temporarily released as such in the recent months, except for Windows 10, where this is likely not possible, due to the Windows 10 implementation of WU/MU.
          Not Office Security updates though, so this one is “special”. We may see either a re-release or a rapid release hotfix in Catalog only. But I don’t think Office 2010 is seen as priority for Microsoft now, so users impacted are better advised not to install or uninstall now and not wait for Microsoft. Most users are not impacted and as such should just wait and do nothing, regardless of the patch being installed or not.

          For Windows 7 there are 2 patches which have had this behaviour, at least for a while and this is likely to never change:
          KB971033 – Important unchecked
          KB3021917 – Recommended unchecked/Important unchecked if Recommended is merged into Important via WU settings

          3 users thanked author for this post.
    • #102478 Reply

      ch100
      AskWoody MVP

      Please read Susan Bradley’s reply here.

      https://answers.microsoft.com/en-us/windows/forum/all/why-are-some-windows-7-important-updates-unchecked/8ac2f5fb-7e9b-4de5-b137-0737d1f4cc04

      Why are some Windows 7 important updates unchecked by default?

      Answer
      Susan Bradley – volunteer here not a MS employee
      Susan Bradley – volunteer here not a MS employee replied on

      MVP Insider Launch expert – Windows 10

      From:

      http://marc.info/?l=patchmanagement&m=132536109306522&w=2

      “Although we don’t generally use the word ‘throttling’ externally, that’s exactly what this is. An unchecked update in the WUapp (Windows Update Control Panel applet) is an indication of an update that’s being throttled (publicly called, “gradually releasing update x over a period of time”). This only affects the consumer scenarios: automatic update (AU) and Windows/Microsoft Update (WU/MU). And usually only the tech savvy folks would see it since they would need to open WUapp, see the update and notice it’s unchecked). Enterprise scenarios (WSUS, SMS, SCCM, SBS, SCE, MBSA) and the MU Catalog are not affected since there’s no concept of throttling (local admins like you have this control).

      Updates are generally throttled when they are (a) major releases that need to be gradually deployed (like a major version upgrade for Internet Explorer), (b) when there are potential quality issues found in the first day or two of release (so we can slow the deployment while we gather data to assess the scope of an issue), or – as in this case – (c) we don’t want to hit every Windows consumer PC on the planet at an inopportune time (like during the holidays) – but still give tech-savvy admins the ability to release the update (through WSUS/SMS/SCCM or by checking the box in WUapp).

      A throttled update can be seen in the LOGs as the “regulation server” not permitting the download of the update. Of course, if you interactively check the checkbox in WUapp, you will circumvent the regulation server (throttling) and receive the update anyway. ”

      doug neal
      Microsoft Update (MU)

      • This reply was modified 1 month, 1 week ago by  woody. Reason: (Stripped out the \ formatting)
      • #102494 Reply

        woody
        Da Boss

        Interesting. I would guess that this patch was issued, and now it’s in the process of being pulled. We may not see an update until next month….

        But this does demonstrate the superiority of individual patches. Imagine if all the Office patches were bundled the way Win7 and Win10 are now…

        • #102508 Reply

          ch100
          AskWoody MVP

          I would say that (b) applies here:

          (b) when there are potential quality issues found in the first day or two of release (so we can slow the deployment while we gather data to assess the scope of an issue)

          They may or may not expire the update, depending on the outcome of the assessment and as always, costs involved.
          We will find out soon if the update will be expired.

      • #102520 Reply

        RCPete
        AskWoody Lounger

        This is most likely what we’re seeing here. There are three Important security updates: Office 2010 (KB3178688) and Word 2010 (KB3178687), but only Excel’s KB3178690 is unchecked.

        No, I’ll skip being an unpaid beta tester for MS.

         

      • #102577 Reply

        anonymous

        (b) when there are potential quality issues found in the first day or two of release (so we can slow the deployment while we gather data to assess the scope of an issue)

        AKA, the now usual forced Microsoft public and unpaid beta testing.

    • #102573 Reply

      Charlie
      AskWoody Lounger

      Lest we not forget – WE are MS’s software beta testers. Thank you so much for these valuable warnings Woody!

    • #102771 Reply

      anonymous

      I’ve got the patch on several PCs but haven’t yet seen the problem. Are there any steps that can consistently produce a crash?

    • #102928 Reply

      gkarasik
      AskWoody Lounger

      Had occasion today to run MicUp on a Win7/Ent machine, and KB3178690 is still being offered, but it is unchecked by default where the other Office 2010 updates are checked by default. So even though MS know this is a bad update, instead of pulling it, they have left it available but diminished its importance. I find that baffling.

      GaryK

    • #103263 Reply

      anonymous

      It’s Wednesday 22nd here in Europe … still no fix?

    • #103356 Reply

      anonymous

      The answer to defective updates was provided by Lord Acton, “Power tends to corrupt, and absolute power corrupts absolutely.” Within “Windows-Land” MicroRipoff is absolute power and its decision makers long ago lost interest in protecting Windows users. This patch is merely another example of indifference to customer safety. Question is, is MR to blame, or is customer silence to blame?

    • #103364 Reply

      gkarasik
      AskWoody Lounger

      The answer to defective updates was provided by Lord Acton, “Power tends to corrupt, and absolute power corrupts absolutely.” Within “Windows-Land” MicroRipoff is absolute power and its decision makers long ago lost interest in protecting Windows users. This patch is merely another example of indifference to customer safety. Question is, is MR to blame, or is customer silence to blame?

      Thanks to Woody, there’s a bit less customer silence.

      GaryK

    • #103755 Reply

      anonymous

      Update is now ticked and kb article still lists the issue(s) as in existence?!

      Can only wonder what is going on in the heads of Microsoft employees these days…
      I guess this is the outcome of laying off all the original engineers who after years of hard work, actually knew what they were doing.
      Now it seems MS has hired many a young new graduate with zero experience and none of the original talent have been kept on to mentor and guide the new starts.

      All that wisdom gone to waste :o(

       

      • #104665 Reply

        anonymous

        @Anonymous
        Yesterday evening it was still unchecked in my Windows Update?

    • #104674 Reply

      anonymous

      By the way: the KB-article had a revisiondate of March 24th, but I cannot detect the revision.

      https://support.microsoft.com/en-us/help/3178690/ms17-014-description-of-the-security-update-for-excel-2010-march-14-20

       

    • #104954 Reply

      GregH_
      AskWoody Lounger

      Fix released today, but I haven’t tested yet.

      https://support.microsoft.com/en-us/help/3191855

       

       

      3 users thanked author for this post.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Excel security patch MS17-014 for Excel 2010, KB 3178690, triggering crashes

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information:


    Comments are closed.