Microsoft Monday confirmed it is investigating two-week-old reports from users unable to update client PCs using Windows Server Update Services (WSUS), but said that it is "premature" to assume the snafu had the same source as another patch glitch the company has grappled with since mid-June.

"Microsoft has issued [a] security advisory to inform customers of a non-security related issue that prevents updates from being distributed to client systems through WSUS 3.0 or WSUS 3.0 Service Pack 1 that have client systems with Office 2003 installed in their environments," said Bill Sisk , a spokesman for the Microsoft Security Response Center (MSRC), in an e-mail.

MSRC's advisory was posted to Microsoft's site Monday afternoon.

The WSUS bug was outlined nearly two weeks ago by Cecilia Cole, a WSUS program manager. At the time, Microsoft refused to say whether it would issue a security advisory for the WSUS problem, as it had the previous week for a similar-sounding bug that prevented corporations running System Center Configuration Manager 2007 (ConfigMgr) from pushing patches to some end users' machines.

Both problems, according to Microsoft, relate in some way to a June update to Office 2003 Service Pack 1 (SP1). But in a follow-up e-mail responding to a question today, Fisk said it is too early to connect the two to Office. "It is premature to conclude that the additional metadata that was added for Microsoft Office 2003 SP1 is the source of the problem for [the WSUS issue], being that we are still investigating," he said, claiming that the WSUS bug is "a separate issue" than the one with ConfigMgr.

Andrew Storms, director of security operations at nCircle Network Security Inc., who has been tracking a spate of problems with Microsoft's update mechanisms, thought differently. "It makes sense that Microsoft says that they haven't gotten to the cause, but the two seem to be related to the same root cause," said Storms.

He also tied the WSUS problem with one from November 2007, when the update server software returned errors to administrators just a day before that month's scheduled security updates. "It appears that we have a unique key constraint problem," said Storms, referring to this month's WSUS bug. "Probably, somewhere in the package deployments, we have two patches with the same key and the WSUS database is correctly enforcing unique identifiers. So either the package has bad data, or something is amiss with the master package distribution systems at Microsoft."

For more enterprise computing news, visit Computerworld. Story copyright Computerworld, Inc.