Back in April of 2008, Microsoft pushed Office Genuine Advantage out to Customers' WSUS servers world-wide, though the tool was only supposed to be distributed in a targeted geographic area. This was acknowledged as a "mistake" by Microsoft. No method of removal was provided.
In November 2007, Microsoft renamed a product category in the head-end WSUS servers and broke the user interface on Customers' WSUS servers. This was rectified in a subsequent update. Quoting a note from the WSUS team: "We are also improving our publishing tools to make sure that issues like this are caught during the publishing process, before they impact customers." (It would seem that this relates only to catching this particular issue-- assuming we don't see it happen again.) If you were one of the unlucky Customers to receive the bad data, you were stuck performing a manual resolution procedure!
In October 2007, Windows Desktop Search was widely deployed to desktop computers, inadvertantly, by Customers using WSUS. Microsoft cited the "decision to re-use the same update package" as having "unintended consequences to our WSUS customers". No automated solution was provided to undo the damage done to potentially large numbers of computers. Windows Desktop Search did get a boost in installed base, though.
In September 2007, Microsoft caused the WSUS servers of Customers who opted to synchronize hardware driver updates to see approximately 4,000 new updates for ATI graphics cards. The WSUS team noted: "We are changing the publishing process for the future btw so that multiple HWIDs will be associated to one update in the future." Customers received metadata for the 3,982 seemingly duplicated updates were given instructions on manually rectifying the situation themselves.
In November 2006, Microsoft released Internet Explorer 7, Spanish locale, to all locales (not just Spanish). The error was confirmed by Microsoft and updated metadata was scheduled to be deployed. At the time, Microsoft's representative stated "We regret the inconvenience and confusion this issue may have caused WSUS customers. Thank you for your reports and enabling us to get this issue headed off so quickly." It is fortunate that so many Microsoft Customers work as unpaid regression and quality-assurance testers.
(I'm not even going into the months-long fiasco about "SVCHOST.EXE" hanging older PCs and the multiplicity of "fixes" that didn't actually resolve the issue proffered by Microsoft. That's probably more a beef with the "Windows Installer" people than with the WSUS people.)
After all of this, we now have a situation where bad data gets synchronized into Customers' WSUS databases causing unhandled errors in the server-side code called by client computers looking for updates. Beautiful.
So far, the only resolution I'm aware of involves a manual procedure performed by the Customers. This is also beautiful. I've already had the issue in at least one Customer site.
Is there any regression testing being done on patches deployed thru WSUS? Is there regression testing of the patch metadata being synchronized into Customers' WSUS databases? It sure doesn't look like it, on either front.
Why can't Microsoft take the time to provide automated fixes for the damage it creates automatically. It's not as if they can't write code to do things automatically.
It has the look and feel that a single disgruntled (or stupid) Microsoft employee could bring down a large portion of the desktop PCs and servers in the world. I won't even think about malicious third-parties gaining access to the server computers that serve updates out to privately owned WSUS servers throughout the world. Seemingly, if some catastrophe like this did happen, Microsoft would release a procedure for their Customers to manually perform on each affected system. Whee!
Yet again, I'm embarrassed to have my Microsoft "certification" and to be associated with them in any way. Way to foster trust in IT, Microsoft!