Microsoft Rereleases Patch to Fix Problems

← Back to Stories (view on slashdot.org)

Microsoft Rereleases Patch to Fix Problems

Posted by CowboyNeal on Thursday March 11, 2004 @11:48AM from the if-at-first-you-don't-secure dept.

AbdullahHaydar writes "From CRN: 'One day after releasing a fix for an Office XP flaw, Microsoft upgraded the severity of the vulnerability to critical and re-issued a new patch to address a new attack scenario discovered in the last 24 hours.' The funny thing is that the second bug they missed with the first fix is 'critical' whereas the original bug the fix was for is 'important.'"

10 of 226 comments (clear)

It ain't necessarily so by Space+cowboy · 2004-03-11 11:49 · Score: 5, Insightful

The fact that 24 hours after releasing an 'important' bug patch, Microsoft re-released a 'critical' bugpatch should *not* be held against them! It certainly would not be the first time someone had realised that the consequences of X are far more than previously thought.

I'm no apologist for MS (see my posting history :-), but re-relasing a new patch at a higher security classification ought to be applauded, not ridiculed. Fair play, guys, and play the game according to *all* the rules, not just the "Redmond -4" ruleset...

Simon

--
Physicists get Hadrons!
1. Re:It ain't necessarily so by Phexro · 2004-03-11 12:47 · Score: 5, Funny
  
  It's a hot thing to do in bed if you're a slutty shaved blonde worth $30m.
  
  It is not a hot thing to do if you're a 300lb, hairy, sweaty slashdot nerd 'flying solo.' I beg you, slashdot readers, don't video tape yourselves in bed.
The problem.. hmm... by thrillbert · 2004-03-11 11:49 · Score: 5, Funny
I love that headline.. a patch to fix problems.. great.. I'll apply it to my marriage, my job, my car, my bank account (too little money could be a problem).. and I'll apply it twice to my teenage daughter for better results..

I knew eventually microsoft would do something right...

---
Universe, n.:
- The problem.
More information on the vulnerability by windows · 2004-03-11 11:51 · Score: 5, Informative

More information on the vulnerability can be found here.
Two bugs in one place by Anonymous Coward · 2004-03-11 11:53 · Score: 5, Insightful

As I recall it took more than 24 hours for the second bug in the mremap function to be found in Linux. While bashing MS is always fun & exciting (and I do think their security sucks). I think Slashdot should try to post more stories about how Linux could be improved (security & functionality). Not to imply that Linux is bad, but there is this reactionary attitude where we must adapt to everything MS does as opposed to doing things first. No Longhorn till 2006 should not mean we sit around waiting for MS to come out with something to whine about. It should be seen as an opportunity to evolve Linux in new directions that MS can't emulate. Don't be afraid to embrace changes that could propel us way ahead of them.
Apache OS by Eberlin · 2004-03-11 11:58 · Score: 5, Funny

Ok, ok, patching is a part of life -- that's understood. We have to patch our Linux installs too, after all. However, the Linux community doesn't seem to wrap itself in this strange PR shroud that MS does. You know the one -- how hackers are good for testing MS software and then how hacks aren't found until after MS releases a patch...oh and this business about making patch management easier by bundling patches monthly instead of releasing them sooner to protect their customers from harm.

Right. So here we have a patch that should've probably been QA-ed to death (since they're doing this monthly instead of knee-jerk) and then later issuing another patch to properly plug the hole.

I guess after they um...opened the source to some of Windows, they're only following suit by doing the "Release early, release often" mantra. Next thing we know, they'll be sponsoring Linux-friendly news sites and even exhibiting in Open Source conventions.
Excuse me... by Quinn_Inuit · 2004-03-11 12:04 · Score: 5, Funny

"The funny thing"? The funny thing? That's like walking out of a Monty Python show and saying, "Man, that one joke was really funny."

--

Stop learning! Only you can prevent esoterrorism.
Patch requires install CDs by mmusson · 2004-03-11 12:22 · Score: 5, Interesting

I tried to install the first patch last night and found that I had to apply office SP2 first. Ok. So, I ran office SP2 and it required the install CDs.

I travel extensively for work and I don't carry around all my install CDs for my laptop. So, I cannot even install the critical security patch because I cannot install office SP2.

I think this is a problem when people that would want to install this 'critical' security patch are not able to. Why can't this patch be stand-alone (not require install CDs) like the ones available from the windows update site?

--
SYS 49152
Must have CD to install by ccnull · 2004-03-11 12:25 · Score: 5, Informative

How aggravating that many people won't install these service packs because Microsoft requires you have the original CD to install them.

There is a workaround: Download the larger (the 58MB one with "fullfile" in the name) file on this page here and you can do the update without a CD.

--
filmcritic.com - Movie reviews on Internet time
My question is... by Anonymous Coward · 2004-03-11 13:00 · Score: 5, Funny

So does this patch require a restart? Because I'd hate to lose my 8 hours of uptime.