Security Experts:

Microsoft Reissues Security Update Due to Outlook Crash

Microsoft has reissued one of the security patches released on Tuesday as part of its monthly update cycle after many customers complained that it caused the Outlook email client to crash.

Windows users complained on Microsoft’s support forums and elsewhere that Outlook 2010 and 2013 had been crashing when viewing HTML emails. Experts determined that the culprit was KB3097877 on Windows 7 and in some cases possibly KB3105213 (cumulative update) on Windows 10.

KB3097877 is part of Microsoft’s MS15-115 critical bulletin, which resolves seven Windows vulnerabilities that can be exploited for remote code execution and to bypass security features. Microsoft released an updated version of the bulletin late on Wednesday to address the Outlook crash issue.

“[MS15-115] bulletin revised to inform customers running Windows 7 that the 3097877 update has been re-released to address an issue that caused crashes for some customers when they viewed certain emails. Customers who previously installed update 3097877 should reinstall the update to correct this known issue,” Microsoft said.

System administrators said the buggy update had caused problems on tens and even hundreds of their machines.

Most of the affected users who went to Microsoft’s TechNet forum to complain confirmed that removing KB3097877 fixes the issue on Windows 7. Some have also confirmed that the reissued update no longer causes Outlook to crash.

The tech giant released a total of 12 security bulletins on Tuesday, four of which have been classified as “critical.” The updates patch 49 vulnerabilities, more than 30 of which are critical.

One of the flaws patched with MS15-115 has been publicly disclosed, but none of them have been exploited in the wild, Microsoft said.

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.