Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft: Patches, Patches Everywhere!

Posted by timothy on from the and-not-a-patch-they-think dept.

Ridgelift writes "Even though Microsoft's recently announce they would not be issuing any new patches for the month of December, the boys at Redmond were scrambling today to figure out why some systems are being patched. The reason? They haven't got a clue."

16 of 388 comments (clear)

  1. What's the big deal? by TwistedSquare · · Score: 5, Insightful
    On Wednesday morning, Microsoft discovered that a glitch in the patching process resulted in a November fix not being applied to some Windows XP computers. The same patch was sent out again via the Windows update service on Tuesday night.

    The patch was due out in November, but it got missed so they re-issued. It's sort of going against what they said but it's understandable and I doubt it will make the world stop spinning. Why is this front page slashdot? If it had been any other company than Microsoft it never would have been news.

  2. Where is Edward James Olmos? by charlieo88 · · Score: 5, Funny

    So the computers are patching themselves now, are they?

    When exactly was it that the Cylons are supposed to attack?

  3. Re:Monthly patches? by Fjornir · · Score: 5, Informative

    ...and of course you read the announcement about this, didn't you? And as such you know that they will still release zero-hour patches for vulnerabilities which are actively being exploited in the wild and/or are to the top left of the threat matrix (remote/system level explots).

    --
    I want a new world. I think this one is broken.
  4. SUS at least makes this easy. by Coaster-Sj · · Score: 5, Insightful

    Ever since we started using Software Update Services this has been cake.
    All the clients just pull the windows critical updates that we approve from OUR servers.
    I feel sorry for anyone who is trying to run around and do them by hand.

    --
    "Average intelligence is pretty damn stupid"
  5. Microsoft did the right thing by spitzak · · Score: 5, Insightful

    If I understand this right, there was a bug. Maybe this bug was introduced by the previous patch, or maybe the previous patch did not work as expected, or whatever, but no matter what the reason, there was a bug, they could fix it, and they sent out a patch. That is the correct behavior.

    They were probably being pretty stupid to say "no new patches". Due to Murphy's law, that guarantees that a problem will come up within days. Probably if they said "we are going to issue more patches than ever" then suddenly all their programmers would start have trouble finding bugs or figuring out how to fix them...

    Anyway we can laugh at marketing for the "no new patches" but technically they did the right thing.

  6. And... by Nom+du+Keyboard · · Score: 5, Funny
    It moved to a fixed schedule of monthly patches to make the process more predictable for network and system administrators.

    ...and virus writers.

    --
    "It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
  7. It's not a patch by spidergoat2 · · Score: 5, Funny

    It's an undocumented upgrade.

  8. It' MS's fault by nytes · · Score: 5, Funny

    They keep sending me those security patches in email, and I keep applying them. I wish they'd stop it.

    --
    -- I have monkeys in my pants.
  9. Addendum by tds67 · · Score: 5, Funny
    In October, Microsoft committed to making its patch-release schedule more regular, by only publishing patches on the second Tuesday in each month.

    In other news today, the Cracker community announced it would commit to new virus and worm releases on the second Wednesday in each month.

  10. Whatever happened to One Service Pack behind? by mr_lithic · · Score: 5, Interesting
    It used to be the standard method of dealing with Microsoft Service Packs that you never deployed the latest one on your boxes. You always stayed one step behind. This practice was proved right with the Service Pack 6/6a debacle.

    With automatic patching of machines from Windows Updates at Microsoft, it seems that everyone is thrown into chaos at the same time.

    Do we really trust Microsoft enough to think that they will get their updates right everytime?

  11. Re:The apparent lack of a patch. by 0WaitState · · Score: 5, Funny

    We once again apologize for the fault in the patch process. Those responsible for patching the patchers who have patched the patch process, have now been patched.

    --

    Remain calm! All is well!
  12. Monthly patches are stupid by Anonymous Coward · · Score: 5, Interesting

    As someone who has to keep over 1000 clients patched, I have no idea what they're talking about when they say "admins want this".

    You know what admins want? I'll tell you. They want to know about bugs AS THEY ARE FOUND, not AS THEY ARE PATCHED, so that we can block ports/attachments/capabilities and aren't sitting there vulnerable for months waiting for a patch. Then, when we get the patch, we want the patch to work. Lastly, we want products that aren't as much in need of patches. Are you listening? That's my top 3 requests--I don't give a rat's ass about monthly patch releases.

    Here's how it works out in the real world, Microsoft. Nobody trusts your patches. After you release them, do you think we just cross our fingers and install the thing? Hell no. We do a test deployment, let it run for a few weeks, and if there aren't any problem, THEN we do the general deployment. And guess what? Frequently, we find problems with your patches and don't deploy them at all.

    So this leaves us vulnerable. Sure, that's bad, but we were ALREADY vulnerable the whole time we've been using this software, and more alarmingly, we were vulnerable and you knew about it and didn't tell us while you were working on a patch.

    We didn't choose to be vulnerable when we chose not to install your broken patches, we chose to be vulnerable when we chose to use your products.

  13. Re:This is Newsworthy? by placeclicker · · Score: 5, Insightful

    Windowsupdate is the offical service to update Windows.

    All versions of windows use this service.

    If Windowsupdate sends out a bogus patch, millions of machines install the patch.

    See where this is going? WindowsUpdate could easily be utalized to infect millions of machines with a virus. It could also bug out and send a patch that breaks millions of machines.

    This service should *NOT* be sending out mysterious patches that no one knew anything about.

    --

    Browse at -1, because trolls are often the most creative part of /.
  14. Re:Stupid for desktop/home users by Nevo · · Score: 5, Informative

    It's no skin off your nose, but you're not the admin for 1500 machines.

    The admins of large scale deployments have asked Microsoft to make patches more predictable so they can do planning for patch deployment. Microsoft complied.

    As others have stated, when a known vulnerability exists, or when sample code is publicly available, Microsoft will release the patch as soon as it's written.

  15. Re:The apparent lack of a patch. by Joe+the+Lesser · · Score: 5, Funny

    Patch bites can be preti nasti mind you

    --
    "I only speak the truth"
    Karma: null(Mostly affected by an unassigned variable)
  16. How I read it by swb · · Score: 5, Funny
    I read this in October:
    In case you didn't get a chance to review the statement from Steve Ballmer last week, I will try to bring you all up to date on the new process for security alerts.

    The net of this all is that Microsoft is moving to a monthly security bulletin release schedule. This change was in response to customer feedback.

    After today, we will be releasing security bulletins on the second calendar Tuesday of every month. Today was the starting day, and was an exception.

    There are a couple of benefits to this new process:

    1) Switching to a monthly release cycle for security patches allows customers to install multiple patches with a single install and single reboot (using Qchain.exe, Update.exe and other similar tools). This will minimize downtime on mission-critical systems and will allow customers to consolidate the patch deployment to once per month.

    2) Another benefit of the monthly cycle is that it offers customers more time between releases of security patches. This allows customers to evaluate, test and install patches in their computing environments in a timely manner. The release schedule is also more predictable and allows customer to plan in advance for deploying patches.

    You may notice as well that the format of the bulletins has changed, so when you view the bulletin from the link inside of the security alert email, you will notice the sections of the bulletins have changed a bit.

    The change in this process is in order to make it more predictable for our customers so that you can plan and implement patches as quickly as possible.

    If you have any feedback on this new process, please feel free to let me know and I will pass it along to the security team directly.
    Which I translated as:
    We were so humiliated by the never-ending barrage of security vulnerabilities in our products that in order to enable our sales force to make any headway at all against Linux/IBM/Sun we decided to bundle all our security vulnerabilities into a once-per-month release. Our analysis of MSN News and Entertainment Tonight indicates that on our chosen date, the second Tuesday of the month, people are much more likely to be preoccupied with Ben 'n' Jen and the previous day's sporting events, and will easily overlook the most recent worm/virus/breech attributable to our bloated, unmanageable software base.

    The other reasons for the new monthly cycle are that since we'll be dumping more patches into a single file, you'll need more time to debug, back out or ultimately rebuild systems corrupted by patches that will also include special new "features". We also think that our new monthly cycle will coincide with your or your spouses' monthly cycle, allowing you to be victimized by uncontrolled emotional outbursts in one tidy week, instead of having it spread out all over the month.

    Thanks again for buying Microsoft.