Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Rereleases Patch to Fix Problems

Posted by CowboyNeal on from the if-at-first-you-don't-secure dept.

AbdullahHaydar writes "From CRN: 'One day after releasing a fix for an Office XP flaw, Microsoft upgraded the severity of the vulnerability to critical and re-issued a new patch to address a new attack scenario discovered in the last 24 hours.' The funny thing is that the second bug they missed with the first fix is 'critical' whereas the original bug the fix was for is 'important.'"

28 of 226 comments (clear)

  1. It ain't necessarily so by Space+cowboy · · Score: 5, Insightful

    The fact that 24 hours after releasing an 'important' bug patch, Microsoft re-released a 'critical' bugpatch should *not* be held against them! It certainly would not be the first time someone had realised that the consequences of X are far more than previously thought.

    I'm no apologist for MS (see my posting history :-), but re-relasing a new patch at a higher security classification ought to be applauded, not ridiculed. Fair play, guys, and play the game according to *all* the rules, not just the "Redmond -4" ruleset...

    Simon

    --
    Physicists get Hadrons!
    1. Re:It ain't necessarily so by Kethinov · · Score: 4, Insightful

      Yeah, my thoughts exactly.

      I read the headline and the summary and it left me wondering "uh, and?"

      This just in, grass is green! Whether you're OS is corporate or open source, security patches are going to happen and revisions of security patches are going to happen.

      --
      You're right, I wouldn't steal a car. But if it were possible, I sure as hell would download one!
    2. Re:It ain't necessarily so by THE+ROCK · · Score: 4, Funny
      Or applauding Paris Hilton for having the good sense to only videotape herself having regular and oral sex and not anal sex.


      I for one DO applaud Paris Hilton for doing just that. After all, videotaping yourself having ANAL sex and having it leaked all over the internet might get a little embarrasing for her. Good thing she didn't let things go THAT far!

    3. Re:It ain't necessarily so by Phexro · · Score: 5, Funny

      It's a hot thing to do in bed if you're a slutty shaved blonde worth $30m.

      It is not a hot thing to do if you're a 300lb, hairy, sweaty slashdot nerd 'flying solo.' I beg you, slashdot readers, don't video tape yourselves in bed.

    4. Re:It ain't necessarily so by the_mad_poster · · Score: 4, Insightful

      So everyone could get on their ass for slow patching instead?

      Look, they patched a hole in a relatively decent period of time. They then patched additional issues quickly as well.

      I hate Microsoft too, but for crying out loud... how utterly fucking naive do you have to be to sit there trying to spin reasonable patch fixes against the company? Some people just need to get a life...

      --
      Alito: A vote for Alito is a punch in the eye to put that bitch back in her place!
  2. The problem.. hmm... by thrillbert · · Score: 5, Funny
    I love that headline.. a patch to fix problems.. great.. I'll apply it to my marriage, my job, my car, my bank account (too little money could be a problem).. and I'll apply it twice to my teenage daughter for better results..

    I knew eventually microsoft would do something right...

    ---
    Universe, n.:
    • The problem.
  3. This is consistent by El · · Score: 4, Funny

    Remember, to Microsoft it is not an important problem unless they already have a fix for it!

    --

    "Freedom means freedom for everybody" -- Dick Cheney

  4. More information on the vulnerability by windows · · Score: 5, Informative

    More information on the vulnerability can be found here.

  5. Two bugs in one place by Anonymous Coward · · Score: 5, Insightful

    As I recall it took more than 24 hours for the second bug in the mremap function to be found in Linux. While bashing MS is always fun & exciting (and I do think their security sucks). I think Slashdot should try to post more stories about how Linux could be improved (security & functionality). Not to imply that Linux is bad, but there is this reactionary attitude where we must adapt to everything MS does as opposed to doing things first. No Longhorn till 2006 should not mean we sit around waiting for MS to come out with something to whine about. It should be seen as an opportunity to evolve Linux in new directions that MS can't emulate. Don't be afraid to embrace changes that could propel us way ahead of them.

  6. Facts of life? by nmoog · · Score: 4, Funny
    "People have resigned themselves to this being a fact of life. "
    Life, death, taxes, and patching flaky patches.
  7. Patches by black+mariah · · Score: 4, Insightful

    Exactly how is this different from the multitude of patches to fix things in the Linux kernel? Or patches in ANY OSS project? Are you trying to tell me that there has never been a security patch to any Linux kernel ever?

    I seem to recall a /. story just a short while back about a security vulnerability in the Linux kernel that was patched and te resulting posts were nothing but a bunch of open source taint nuzzling. When MS fixes a problem on the other hand, it's a bad thing.

    --
    'Standards' in computing only impress those who are impressed by things like 'standards'.
  8. Apache OS by Eberlin · · Score: 5, Funny

    Ok, ok, patching is a part of life -- that's understood. We have to patch our Linux installs too, after all. However, the Linux community doesn't seem to wrap itself in this strange PR shroud that MS does. You know the one -- how hackers are good for testing MS software and then how hacks aren't found until after MS releases a patch...oh and this business about making patch management easier by bundling patches monthly instead of releasing them sooner to protect their customers from harm.

    Right. So here we have a patch that should've probably been QA-ed to death (since they're doing this monthly instead of knee-jerk) and then later issuing another patch to properly plug the hole.

    I guess after they um...opened the source to some of Windows, they're only following suit by doing the "Release early, release often" mantra. Next thing we know, they'll be sponsoring Linux-friendly news sites and even exhibiting in Open Source conventions.

  9. Great choice of article by mattgreen · · Score: 4, Funny

    I applaud the Slashdot editors once again in choosing a relevant and timely news story. Never before has a patch been reissued. This is surely a momentous day on the Internet.

    Plus we can have a chance to talk about how our favorite operating system would never do such a thing! This IS a great post!

  10. They did not re-issue a new patch! by Nevo · · Score: 4, Informative
    It's the same patch they released yesterday. They just discovered it's more serious than they first thought, so they released the same binaries with a higher severity.

    http://www.microsoft.com/technet/security/bullet in/ms04-009.mspx

    Read the revisions section

  11. Excuse me... by Quinn_Inuit · · Score: 5, Funny

    "The funny thing"? The funny thing? That's like walking out of a Monty Python show and saying, "Man, that one joke was really funny."

    --

    Stop learning! Only you can prevent esoterrorism.
  12. Anyone else notice... by ManxStef · · Score: 4, Informative

    ...the broken PGP signature on the e-mail update Microsoft sent round relating to this? (The original was fine.) Just seemed a bit sloppy from a company who's now supposed to be taking security so seriously is all...

    BTW The Register chastised MS for marking the original as only "important", looks like they were right on the money!
  13. Everytime a story like this is posted.... by gatkinso · · Score: 4, Insightful

    ....I am tempted to check the kernel cvs source tree history.

    But why inject objectivity and reality into an otherwise excellent discussion?

    --
    I am very small, utmostly microscopic.
  14. Patch requires install CDs by mmusson · · Score: 5, Interesting

    I tried to install the first patch last night and found that I had to apply office SP2 first. Ok. So, I ran office SP2 and it required the install CDs.

    I travel extensively for work and I don't carry around all my install CDs for my laptop. So, I cannot even install the critical security patch because I cannot install office SP2.

    I think this is a problem when people that would want to install this 'critical' security patch are not able to. Why can't this patch be stand-alone (not require install CDs) like the ones available from the windows update site?

    --
    SYS 49152
    1. Re:Patch requires install CDs by enosys · · Score: 4, Informative

      Office XP SP3 also fixes the problem. You can get a version of SP3 that doesn't require access to the install CDs:
      OfficeXpSp3-kb832671-fullfile-enu.exe 58925 KB

  15. Must have CD to install by ccnull · · Score: 5, Informative

    How aggravating that many people won't install these service packs because Microsoft requires you have the original CD to install them.

    There is a workaround: Download the larger (the 58MB one with "fullfile" in the name) file on this page here and you can do the update without a CD.

    --
    filmcritic.com - Movie reviews on Internet time
    1. Re:Must have CD to install by ccnull · · Score: 4, Informative

      ... on second analysis, this method has now failed on 2 different machines -- both of which asked me for the CD despite being eligible for the CD-free patch per Microsoft's own rules. Use at your own risk, folks! (And apologies if I led anyone astray...)

      --
      filmcritic.com - Movie reviews on Internet time
  16. My copy of Office must not need the patch... by pdcryan · · Score: 4, Funny

    ...because when right click on the paperclip and ask it if there is a security problem... and he told me Word already had security features.

    Thank god!

    --
    Ryan Kennedy opposes comm
  17. My question is... by Anonymous Coward · · Score: 5, Funny

    So does this patch require a restart? Because I'd hate to lose my 8 hours of uptime.

  18. Re:new method by value_added · · Score: 4, Informative

    FWIW, you can use Microsoft's qchain utility that purportedly allows you to apply several patches a single reboot. Haven't tried it yet, as my hours are still being spent trying to figure out what patches I need on my systems. Seems that between the Windows update site, the HFNetChk commandline utility, and a handful of patch management programs I've been looking at, I'm getting a variety of results as to what's needed and what's been installed.

    If anybody has any favourite suggestions for managing this mess, I'm all ears.

  19. Re:So now there's four 'R's? by dasmegabyte · · Score: 4, Insightful

    Really?

    It reminds me of a company trying to fix problems with a popular software product so that their customers' computers aren't fucked up by hackers.

    But, you know, your cartoon analogy is good, too.

    --
    Hey freaks: now you're ju
  20. I grow weary... by Epistax · · Score: 4, Funny

    of these threatening severity levels. I will install no patch less severe than "orgasmic" or possiblity "chocolicious".

  21. New Service Pack by CycoChuck · · Score: 4, Funny

    I heard that MS is releasing a new SP for Office that would fix all the problems. They're calling it OpenOffice. The new Windows SP, code named Linux, is suppose to be released soon as well.

    --
    Windows is as solid as quicksand.
  22. The thing is by uptownguy · · Score: 4, Insightful

    I get your anger at... but I think you are missing the forest for the trees when you say things like "Slashdotters don't care much about the truth as long as they can whine... If they're not complaining...when did anyone on Slashdot..." Come on. Slashdot isn't some monolithic discussion board. That's what makes it great. That's why YOU come here and that's why YOU post. It's because Slashdot is the home the great unwashed masses -- the strongest from every side here come to passionately defend their case. You never see one "side" persuaded... you don't ever get to see one side win...

    ...but I don't know. I come here, not to have my point of view reinforced but rather to read intelligent people discussing an issue. I don't spend all my time discussing issues. I go out with friends to bars. I watch movies. But sometimes I like to think about issues. And this is a great place to come to find ideas. Sometimes I even find myself being surprised by a different point of view...

    I just think the parent post dripped with a little too much bravado. And just to stay on topic ... wouldn't you say that the VAST MAJORITY of us are just keeping quiet on this because there isn't that much insightful to say? I mean, really, releasing patches of known vulnerabilities is a good thing. Duh.

    --


    I would have to say that explosives are the most abused technology in all of history.