5 Companies That Had A Rough Week

The Week Ending Oct. 12

Topping this week's roundup of those having a rough week is Microsoft, which had to pause its rollout of the latest Windows 10 release following reports that the software deletes files when it installs.

Also making the list this week are Google for coming under fire for not disclosing a bug discovered more than six months ago in its Google+ social network; IBM for calling back a flawed patch for a significant security vulnerability in its WebSphere Application Server; Broadcom, which made headlines when an apparently fake Pentagon memo suggested its plan to buy CA Technologies could be a national security risk; and Adobe for scrambling to fix a number of vulnerabilities in its products, four of them critical.

Not everyone in the IT industry was having a rough go of it this week. For a rundown of companies that made smart decisions, executed savvy strategic moves – or just had good luck – check out this week's Five Companies That Came To Win roundup.

Microsoft Hits Pause On Windows 10 October Rollout

Faced with a growing number of reports of deleted documents and files, Microsoft this week temporarily halted the deployment of its newest edition of Windows, the Windows 10 October 2018 Update.

The update, also known as version 1809 of Windows 10, began rolling out last week.

Multiple sites, including Microsoft's user forum and social media, have carried reports of users losing documents, including photos and music, when the Windows 10 update was installed.

Microsoft announced on its Windows support site that it was pausing the rollout while it investigates the reports.

Google Criticized For Not Disclosing Google+ Vulnerability That Exposed Data On Hundreds Of Thousands Of Users

Google came under fire this week when a report disclosed that the company discovered a bug in its Google+ social network more than six months ago and fixed it without notifying anyone.

Following the Monday report about the incident in the Wall Street Journal, Google announced that it will shut down the consumer portion of Google+, which never really attracted the number of users that Google had hoped for.

According to the Wall Street Journal report, Google discovered the bug and fixed it in March, then opted not to disclose it even though it gave private application developers access to data from Google+ profiles – including those not marked public. Exposed data included user names, email addresses, ages, genders and occupations.

The Wall Street Journal report cited an internal memo that suggested Google kept the incident under wraps because it was worried about causing a data privacy scandal and attracting attention from regulators. The memo even drew comparisons to the Facebook-Cambridge Analytica data privacy scandal earlier this year.

IBM Pulls Botched Application Server Security Fix

It's a bad week when you issue a fix for a system vulnerability, then have to pull back the fix because it breaks things.

IBM this week pulled back a patch for a significant security vulnerability in its WebSphere Application Server software when the fix caused problems with some customers' systems, according to a story on The Register website.

IBM issued the patch for the remote-code execution vulnerability, deemed critical, back on Sept. 5. The vulnerability is in WebSphere versions 7.0, 8.0, 8.5 and 9.0, according to an IBM security bulletin.

But the patch has caused problems with systems when installed, referred to as "regression" in the security bulletin, and the patch was pulled back on Wednesday.

"There may be a failure after the security fix for PI95973 is installed," the security bulletin warns. "The fix has been removed while it is being reworked by development. We will re-post the fix and this bulletin when an updated fix is available."

Suspected Fake Pentagon Memo Roils Broadcom's Plans To Buy CA

Broadcom's $18.9 deal to acquire CA Technologies appeared to hit a major roadblock this week when a four-page memo, purportedly written by the Pentagon's Defense Security Service, said the acquisition should be investigated on national security grounds.

But the memo, which circulated among members of the U.S. Congress and U.S. media outlets this week, is apparently a fake and the Pentagon is investigating where it came from.

The issue is sensitive for Broadcom, which was originally based in Singapore but earlier this year changed its headquarters to San Jose, Calif. Earlier this year President Donald trump blocked an unsolicited bid by Broadcom to acquire chipmaker Qualcomm.

The memo outlined what it described as Broadcom's commercial ties to Chinese businesses, according to a Newsweek story, and called for an investigation by the federal Committee on Foreign Investment in the United States or CFIUS.

On Wednesday, Broadcom issued a statement saying the company has been informed by the Department of Defense that the document is fraudulent. "Broadcom and CA Technologies are both American companies, and there is no basis in fact or law for CFIUS review of our pending transaction. We have received HSR [Hart-Scott-Rodino antitrust laws] clearance and the approval of CA shareholders, and we have a clear path to completing the transaction in the fourth calendar quarter of 2018," the company said.

​

Adobe Scrambles To Fix Critical Flaws In Its Digital Edition

Adobe rushed to issue patches for 16 vulnerabilities in multiple products this week, including four in the Adobe Digital Edition that were deemed "critical," according to a Threatpost story.

The critical bugs could allow "arbitrary code execution," meaning an attacker could take control of a target system and execute any command.

Adobe also patched five out-of-bounds read flaws in the Digital Edition that were rated "important," Threatpost said, and flaws in several other software products including Adobe Experience Manager, Adobe Technical Communication Suite and Adobe Framemaker for Windows.