While I would love to just be lazy and link out to someone else’s article on this matter, no one has been able to get the product name right yet - everyone keeps referencing the nonsensical Windows SharePoint Server 3.0 – so I will just provide the short and shorter of it right here without giving anyone else the credit. Perhaps they should have just stuck with the WSS 3.0 acronym.

At any rate, there is a patch, Microsoft Security Bulletin MS10-130 (KB983444), that shipped as part of the June “Patch Tuesday” last week. The patch is supposed to fix a security hole whereby a user could elevate his or her privileges on WSS 3.0 all by themselves.

Great idea on paper right? Regular users making themselves site collection admins sounds like a bad thing, and fixing it must be good. Well, several users have been posting to the SharePoint Forums that, after applying the patch, they are seeing an “Unable to connect to configuration database” error, apparently even on Central Admin. There have been reports that running the SharePoint Configuration Wizard has fixed the issue in some cases, but not all of them.

It’s kind of funny that I heard the Hippocratic Oath-y phrase “do no harm” put forth by a SharePoint MVP just this week as the mantra of the SharePoint Product Team when working on the WSS 3.0 / MOSS 2007 to SPF 2010 / SPS 2010 upgrade process. Also adding to my personal giggles over this is the fact that I shared a Twitter thread with some friends this week about some great free products in the open source community and personally remarked that sometimes you really don’t get what you pay for.

While no “Patch Tuesday” being called “Black Tuesday” scenario is good for Microsoft, it just seems funny to me after seeing those Tweets. You can just picture someone at Microsoft saying — at least the free stuff is messed up. Could you imagine if we messed up MOSS installations? Now THAT would be bad.

As exepcted, Microsoft is sort of not really acknowledging the issue yet, but probably scrambling behind the scenes to get a fix. Given their recent track record of being highly successful at delivering good patches and quickly fixing those that aren’t good, I would expect this issue to be resoved in short order.

The lesson, as always, is this: anything you do that takes control of YOUR environment out of YOUR hands, to include the myopic Download and Install Updates Automatically should have “caveat emptor” written all over it beforehand and “I told you so” afterwards.