Microsoft yanks .Net security patches over conflict with SQL Server, Veritas Backup

From InfoWorld: If you’re using SQL Server or Veritas Backup on a Windows 8.1, Server 2012, or 2012 R2 system, and running .Net Framework 4.5.2, you may be having problems with this month’s .Net security patches, KB 3210137 and 3210138.

The problems are so bad that Microsoft yanked the patches from the Microsoft Update Catalog, and issued a formal warning yesterday for those who use SQL Server. Veritas independently posted a warning about those patches blocking its BackupExec Management Service. Microsoft’s warning comes with a manual workaround for SQL Server. Veritas says you should either upgrade to .Net Framework 4.6.1 or uninstall the patch.

Surprisingly, Microsoft didn’t pick up the bug in its “Preview of Quality Rollup” phase, which put the patches out for testing in November. I didn’t see any notice about the problem until yesterday--a full week after the final, December versions of the patches appeared and a month after the bug first hit in the “Preview” phase.

The documentation, as usual, lags behind the reality. Neither KB 3210137 nor KB 3210138--both of which stand at version 3.0--nor the overarching description of MS16-155, KB 3205640, now at version 2.0, has been updated to warn of this known conflict.

The problems with the November updates that Veritas mentions (KB 3195382, 3195383, 3196684, 3196686, and others) are in fact bugs in the preview versions of this month’s bad patches.

View: Article @ Source Site