It's a tough week for Microsoft shops.
On Tuesday, the software giant released an even dozen security updates. The company deemed eight of those "critical," meaning that IT staffs are supposed to apply them immediately. All-in-all, the fixes addressed 71 issues—and that means a tough day (or two) at the office for Windows administrators.
To add insult to injury, one of the patches, for the Outlook 10 email client, has already been pulled, according to Infoworld. The reason? Instead of repairing the glitch it was supposed to fix, the patch actually caused an error to occur. Microsoft addressed that issue here.
Vulnerabilities deemed critical could allow code to execute on the user's machine without her knowledge and without warning. Not good.
Separately, Microsoft (msft) also acknowledged that an Xbox Live digital certificate was also inadvertently disclosed. This security certificate could be used to launch "man-in-the-middle" attacks, according to ThreatPost. Such attacks occur when the bad guy secretly inserts himself between two parties of a conversation and eavesdrops. He can also alter the conversation without their knowledge.
No such attacks have been discovered and Microsoft said it has invalidated the rogue certificate.
Bolstering the security of the software that runs many businesses is a tough gig. For software makers like Microsoft, which recently made a big splash about how it's improved its security posture, issuing too many patches can prompt howls of protest. But imagine if it did not post patches and a vulnerability caused serious damage?
Hard to win here.
Make sure to subscribe to Data Sheet, Fortune’s daily newsletter on the business of technology.