Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft: Patches, Patches Everywhere!

Posted by timothy on from the and-not-a-patch-they-think dept.

Ridgelift writes "Even though Microsoft's recently announce they would not be issuing any new patches for the month of December, the boys at Redmond were scrambling today to figure out why some systems are being patched. The reason? They haven't got a clue."

8 of 388 comments (clear)

  1. Monthly patches? by beattie · · Score: 3, Interesting

    At the end of the article it says that MS wants to do monthly patches to make it less of a surprise to sysadmins... Anyone else see a problem with waiting a month for your windows machine to get updated?

    1. Re:Monthly patches? by bryhhh · · Score: 3, Interesting

      ...and of course you read the article didn't you? Please allow me to quote the first paragraph from the article for your benefit.

      The company scrambled on Wednesday morning to figure out why a patch had been issued through its Windows Update service, when the software maker had declared on Tuesday that it would not issue any fixes in December.

      In short, the update wasn't a 'zero-hour' patch, or a planned release.

      Interestingly, this update has been mysteriously approved on our local SUS server without our knowledge. I really do hope that this patch has been thorougly tested by Microsoft, as they have just deployed it across our LAN without our consent.

      Trustworthy computing? pftttt.

    2. Re:Monthly patches? by Cromac · · Score: 4, Interesting
      What is the latest "safe" version of Windows Media Player, anyway? I've kept with 6.4 for fear of privacy/DRM problems with later versions.

      Should I upgrade?

      Media Player 6.4 won't play all of Microsofts media files anymore. WMA or ASF files created with the latest version of Media Player won't play on ver 6.4, it won't download the codecs for all of them. Subtle way for them to get people to upgrade, isn't it.

      Wether that's worth upgrading for is up to you.

  2. Uhhh, they DO know? by LookSharp · · Score: 4, Interesting

    ...They haven't a clue.

    On Wednesday morning, Microsoft discovered that a glitch in the patching process resulted in a November fix not being applied to some Windows XP computers. The same patch was sent out again via the Windows update service on Tuesday night. The company is still investigating why and how the patch was reissued.

    It looks like someone modified a patch. When a patch gets updated, the KB articles (and often the fixes) are auto-published.

    I'd be more interested in knowing why some corporate SUS (Software Update Services, like an in-house Windows Update) subscribers were reporting to NTBugTraq today that they got about a DOZEN updated patches last night!

  3. Any other company than Microsoft yes by Anonymous Coward · · Score: 3, Interesting

    Any other company like Microsoft no, the catch being of course that there arent any other companies like Microsft. Microsoft is singled out because it stands alone in its class, and it is an undeniable adversary of the GPL ... no other reason.

  4. Whatever happened to One Service Pack behind? by mr_lithic · · Score: 5, Interesting
    It used to be the standard method of dealing with Microsoft Service Packs that you never deployed the latest one on your boxes. You always stayed one step behind. This practice was proved right with the Service Pack 6/6a debacle.

    With automatic patching of machines from Windows Updates at Microsoft, it seems that everyone is thrown into chaos at the same time.

    Do we really trust Microsoft enough to think that they will get their updates right everytime?

  5. Monthly patches are stupid by Anonymous Coward · · Score: 5, Interesting

    As someone who has to keep over 1000 clients patched, I have no idea what they're talking about when they say "admins want this".

    You know what admins want? I'll tell you. They want to know about bugs AS THEY ARE FOUND, not AS THEY ARE PATCHED, so that we can block ports/attachments/capabilities and aren't sitting there vulnerable for months waiting for a patch. Then, when we get the patch, we want the patch to work. Lastly, we want products that aren't as much in need of patches. Are you listening? That's my top 3 requests--I don't give a rat's ass about monthly patch releases.

    Here's how it works out in the real world, Microsoft. Nobody trusts your patches. After you release them, do you think we just cross our fingers and install the thing? Hell no. We do a test deployment, let it run for a few weeks, and if there aren't any problem, THEN we do the general deployment. And guess what? Frequently, we find problems with your patches and don't deploy them at all.

    So this leaves us vulnerable. Sure, that's bad, but we were ALREADY vulnerable the whole time we've been using this software, and more alarmingly, we were vulnerable and you knew about it and didn't tell us while you were working on a patch.

    We didn't choose to be vulnerable when we chose not to install your broken patches, we chose to be vulnerable when we chose to use your products.

  6. Exploits from patch announcements? by JimmytheGeek · · Score: 4, Interesting

    MS has claimed that worms come from reverse-engineering vulnerability patches, but I'm not convinced. If an outside researcher found the problem, what makes you think a Black Hat didn't (and has been keeping quiet)?