Microsoft has pulled a non-security update to Office 2007 after customers complained of serious connection issues and performance degradation.
The update (KB2412171), which was issued Dec. 14, was supposed to apply stability enhancements and performance improvements to Outlook 2007. But shortly after the automatic update was applied, Microsoft support forums began filling up with complaints from users having problems connecting to Microsoft Exchange Server or having sluggish performance.Not only opening Outlook folders was very slow, it refused to download POP3 emails from Gmail, but it was downloading from other POP3 mail servers.
Microsoft Answers support forum
"Not only was opening Outlook folders very slow, it refused to download POP3 emails from Gmail, but it was downloading from other POP3 mail servers," according to one complaint on the Microsoft Answers support forum.
The bulk of the issues were reported by consumers and small businesses that may not have a Microsoft Exchange Server account configured in Outlook.
Microsoft's Outlook product team confirmed the Outlook 2007 email authentication issues late last week in a blog entry and yanked the update while engineers addressed the problem. The errant update broke Outlook's support of Secure Password Authentication, a Microsoft protocol that enables Outlook to authenticate using SMTP, POP or IMAP. The update also caused sluggishness when switching between folders.
"Outlook customers using Gmail who have the SPA option turned on cannot connect to Gmail," the Outlook team wrote.
In an email message, Dave Forstrom, director of Microsoft's Trustworthy Computing, said the update was supposed to allow Outlook 2007 users to opt into Extended Protection for Authentication. But the update process instead modified the behavior for Outlook 2007, causing the authentication issues.
"We have no evidence the update caused any security issues," Forstrom said.
The update was supposed to add protection for certain types of attacks, Forstrom said. Extended Protection for Authentication ensures authentication requests are bound to both the Service Principal Names (SPN) of the server and the Transport Layer Security (TLS) channel where Windows authentication occurs, Forstrom said.