News

Microsoft Pushes Non-Security Security Update

Microsoft Corp.released a new security advisory. The good news is that it doesn't actually deal with a known exploit, worm, or virus. In other words, it doesn't technically deal with security at all.

What do you want first, the bad news or the good? Let's start with the bad: Microsoft Corp. last night released a new security advisory, the second this week. The good news is that it doesn't actually deal with a known exploit, worm, or virus. In other words, it doesn't technically deal with security at all.

Instead, last night's advisory concerns the release of a new fix for the Windows Installer (MSI). In spite of its non-security status, Microsoft says the MSI patch is a "high priority" security update because it fixes a memory leak that can cause resource utilization levels to spike when users scan their systems using either Windows Update or Microsoft Update. The bug is the cause of several known issues, according to Microsoft. In some cases, Windows becomes unresponsive and CPU usage for the svchost process spikes to 100 percent. In other cases, users might receive an access violation error in svchost.exe. (This usually causes the Windows Server and Workstation services to stop.) In still other cases, Windows Update or Microsoft Update take hours to complete.

Call it self-imposed denial-of-service (DoS), of a sort.

"This update applies to currently supported versions of Windows except Windows Vista," writes researcher Christopher Budd on the Microsoft Security Response Center (MSRC) blog. Although Microsoft plans to push the fix via Windows Update and Microsoft Update, it doesn't expect any Catch-22-worthy irony. "I want to note that this update will install correctly even if you're experiencing this issue. However, the issue may prevent you from installing other updates (including security updates) until you apply this new update, so we encourage customers to apply this right away," Budd explains.

Nor does Microsoft see any irony in its having released a security advisory that deals with a non-security update. "Security advisories address security changes that may not require a security bulletin but may still affect customers' overall security," the advisory reads. "In this case, we are communicating the availability of an update that affects your ability to perform subsequent updates, including security updates. Therefore, this advisory does not address a specific security vulnerability; rather, it addresses your overall security."

About the Author

Stephen Swoyer is a Nashville, TN-based freelance journalist who writes about technology.

Featured

  • Microsoft Offers Support Extensions for Exchange 2016 and 2019

    Microsoft has introduced a paid Extended Security Update (ESU) program for on-premises Exchange Server 2016 and 2019, offering a crucial safety cushion as both versions near their Oct. 14, 2025 end-of-support date.

  • An image of planes flying around a globe

    2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.

  • Notebook

    Microsoft Centers AI, Security and Partner Dogfooding at MCAPS

    Microsoft's second annual MCAPS for Partners event took place Tuesday, delivering a volley of updates and directives for its partners for fiscal 2026.

  • Microsoft Layoffs: AI Is the Obvious Elephant in the Room

    As Microsoft doubles down on an $80 billion bet on AI this fiscal year, its workforce reductions are drawing scrutiny over whether AI's ascent is quietly reshaping its human capital strategy, even as official messaging avoids drawing a direct line.