The last buggy patch of 2015, KB 3132372, begat the first buggy patch of 2016, KB 3133431, now at version 2
The last buggy patch of 2015, KB 3132372, begat the first buggy patch of 2016, KB 3133431, freshly updated to version 2. It appears that Microsoft found more bugs to squash.
It’s hard to piece together a timeline for most Microsoft patches, in no small part because the official Windows Update list occasionally “forgets” to list updates and re-issues, and in part because the Internet Archive Wayback Machine rarely indexes historic copies of KB articles.
With that caveat, here’s what I’ve been able to reconstruct.
On Dec. 29, Microsoft released KB 3132372, the last patch of 2015. As its title says, it was an “Update for vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge: December 29, 2015” for IE in Windows 8, 8.1, Server 2012, 2012 R2, Win10, and Win10 version 1511, as well as Edge in Win10 and Win10 1511.
All hell broke loose. Within hours, the patch was accused of breaking Flash in many applications, including (remarkably!) Skype. The folks at Skype responded quickly by disabling the part of Skype that was causing the crash, but others weren’t so lucky. For example, the HP Solution Center wouldn’t launch.
The loudest complaints came from Windows 10 users. That prompted Microsoft to amend its KB 3132372 article to say:
Known issues in this security update
We are aware of limited application crashes that occur after this security update is installed on Windows 10.
A week later, on Jan. 5, Microsoft released a patch called KB 3133431 that apparently fixed the problems in Windows 10. In the interim, IE and Edge users in Win10 couldn’t get Flash to work. The Jan. 5 version of the patch said it:
Resolves a problem in which Adobe Flash Player does not load correctly in applications that are running in Internet Explorer or Microsoft Edge and that have Flash Player embedded. This problem occurs after security update 3132372 for Adobe Flash is installed on Windows 10.
Here’s where it gets wonky. Yesterday, Jan. 12, as part of the Patch Tuesday trove, Microsoft re-released KB 3133431, but this time the description reads like this:
Resolves a problem in which Adobe Flash Player does not load correctly in applications that are running in Internet Explorer or Microsoft Edge and that have Flash Player embedded. This problem occurs after security update 3132372 for Adobe Flash is installed on Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, or Windows 10 Version 1511.
Somehow, Microsoft found and fixed problems with the Flash Player patch in Windows 8, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2, then simply slipstreamed it into the Windows Update automatic updates pile. The KB 3133431 article was changed to reflect the newfound bugs. But the KB 3132372 article didn’t get the memo.
In fact, the official Windows Update list says this new patch is an “Update for Internet Explorer Flash Player for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 8, Windows RT, and Windows Server 2012.” It doesn’t say that the new patch is for Windows 10 or Win10 version 1511. On my test Windows 10 machines, it didn’t appear yesterday.
It looks like Microsoft buried another rejiggering of the bad Flash Update patch, two weeks after the original.