June 19, 2008
By Gregg Keizer

Just days after fixing a glitch in one of its enterprise patch-distribution tools, Microsoft Corp. said that another of its patching programs has been blocking last week's security updates. According to a Wednesday post to the Windows Server Update Services (WSUS) blog, some Windows client systems that rely on the free WSUS have been unable to retrieve the June 10 patches.

"Computers that have Office 2003 or components of Office 2003 installed fail to run a detection against a WSUS server that has the latest Office updates," said Cecilia Cole, a WSUS program manager. "This prevents the computers from receiving any updates from the WSUS server." This is the second time in a week that Microsoft has told customers that its patch software is unable to deploy the newest updates.

Those updates, which plugged 10 vulnerabilities in Windows, Internet Explorer (IE) and Bluetooth, were released June 10. Last week, the company's security team warned corporate users of System Center Configuration Manager (ConfigMgr) 2007, the successor to System Management Server (SMS) 2003, that clients running SMS 2003 wouldn't obtain the June 10 fixes. The problem, said Microsoft Tuesday when it issued a hotfix, was "additional metadata" associated with Microsoft Office 2003 SP1.

Although Cole also linked the WSUS problem to Office 2003 SP1, she didn't say whether it was the same issue that plagued ConfigMgr. "When computers with products related to Office 2003 communicate with a [WSUS] server, the Web service is unable to process the approvals, resulting in the detection failure," she said in a section of the alert tagged as "Root Cause."