Slashdot Mirror

← Back to Stories (view on slashdot.org)

13 New Windows Security Vunerabilities

Posted by CowboyNeal on from the focused-on-security dept.

Petree writes "Microsoft has given advance notice that on February 8th, they will be releasing patches for 13 vunerabilities. Happily a day later they'll have a nice little webcast so answer questions about the vunerabilities. Windows users, don't forget to run WindowsUpdate first thing Monday morning."

23 of 410 comments (clear)

  1. "Run WindowsUpdate first thing Monday morning" by Anonymous Coward · · Score: 5, Informative

    And then again on Tuesday when the actual updates come out.

    1. Re:"Run WindowsUpdate first thing Monday morning" by theancient2 · · Score: 5, Informative

      It's only necessary to reboot once, not after each update. (The only time you need to reboot more than once is when installing a major update, such as a new version of Internet Explorer.)

    2. Re:"Run WindowsUpdate first thing Monday morning" by andalay · · Score: 2, Informative

      Thats odd, xfce, kde and gnome all have applets/applications that do this for you without restarting X.

    3. Re:"Run WindowsUpdate first thing Monday morning" by LurkerXXX · · Score: 2, Informative
      You must get all your 'knowledge' from google, because it's obvious you have never actually had to install updates on 1000 machines yourself. If you did, you'd find MS has a nice toold called SUS server, that will roll them out to your network for you. No need to 'reboot till valentines day'

      As the grandparent said, you are either clueless or a troll.

    4. Re:"Run WindowsUpdate first thing Monday morning" by BandwidthHog · · Score: 2, Informative

      I had to do four reboots on each of thirteen XP machines last week. Of course, they hadn't been updated since they were set up a little over a year ago, so hopefully your mileage has varied greatly. It was some HTTP transport (forget exactly what) patch for the new WindersUpdate, then a clump of nearly a dozen miscellaneous patches, then SP2, then another pair. Hmm, considering the two admin machines I was dealing with, that mean I rebooted XP over sixty times that day. Wow. Just, wow.

      --

      Quantum materiae materietur marmota monax si marmota monax materiam possit materiari?
  2. Redundant? by Anonymous Coward · · Score: 5, Informative

    The summary is wrong, and this is pointing out that fact. Running Windows Update on Monday won't get you anything since the updates come out on TUESDAY, aka the 8TH.

  3. You can automate the updating by Anonymous Coward · · Score: 1, Informative

    Some of us actually use Automatic Update Agent, that downloads and installs the patches. No need for manual updates anymore.

    Running Windows Update on Monday will not help, someone please -1 the original article.

  4. They don't need to by Jugalator · · Score: 4, Informative

    Windows users, don't forget to run WindowsUpdate first thing Monday morning.

    These days, Windows users don't need to "run" Windows Update to grab security updates; the Windows service do that job, so they don't have to remember to do anything special on Tuesday. However, you need to actively visit windowsupdate.microsoft.com if you need other stuff than security updates.

    --
    Beware: In C++, your friends can see your privates!
    1. Re:They don't need to by mosch · · Score: 1, Informative

      Clearly you have no actual systems admin experience. Auto-update is a fantastic way to automatically take down your whole corporate network. Occasionally one of the updates will be incompatible with something, like say... an ethernet driver. Now if you have that ethernet card in your machine, you're offline. Not a huge problem, but annoying. If you have that ethernet card in every machine in your 2,000 employee company... huge, gigantic, enormous problem.

  5. Every second Tuesday by NaCl · · Score: 2, Informative

    Microsoft releases updates for Windows XP every second Tuesday of the month, Windows users should be aware of that, as there always is something fixed.

    --
    I shot the sheriff
  6. Idiots by essdodson · · Score: 2, Informative

    1) It's Tuesday not Monday; afternoon rather than morning as they seem to release about noon time PST.
    2) This is a repeat.

    --
    scott
  7. Re:Why? by Zocalo · · Score: 3, Informative

    Mostly because not every one might appreciate having to download a huge patch for something they don't have installed. Also because the patches are covering multiple Windows versions, and EDS can tell you all about what happens when you apply a patch for one Windows varient over another...

    --
    UNIX? They're not even circumcised! Savages!
  8. AntiSpyware by inertia187 · · Score: 3, Informative

    If you haven't done it already, go to microsoft.com and search for antispyware. Install Microsoft AntiSpyware (beta). You'd be surprised how many trojans and spyware it will find on your "secure" Windows boxen.

    Microsoft didn't write it. It's GIANT AntiSpyware with a new label. It may think some of your legitimate apps are spyware, like VNC, but it usually marks them as ignore by default anyway. It's great if you forgot they were there or someone else installed them without your knowledge.

    --
    A programmer is a machine for converting coffee into code.
    1. Re:AntiSpyware by Bambi+Dee · · Score: 2, Informative
      It found exactly nothing, just like Ad-Aware and Spybot S&D and Clam AV and AVG and whatever else I tried. Am I in violation of any natural laws here?

      Except for that one time when I decided I'd go see what it's really like for those who always complain about random popups and slowdowns and stuff.

      It was quite a hassle at first, but once you've disabled/enabled enough to get the malware to install, there's a rainbow-coloured nightmare wonderland of Studly Males Online Gambling Hello Kitty Porno Toolbar Screensavers waiting. It's a regular shadow internet. I've seen things you people wouldn't believe! Attack ships on fire off the shoulder of Orion. I watched C-beams glitter in the dark near Tannhauser gate. All those moments will be lost in time, like tears in rain. Time to die...

      At least I discovered spyware scanners actually do something and will happily keep recommending them (as I keep recommending Macs. Maybe I should try those, too)

  9. Re:Explain this to a non-windows guy by essdodson · · Score: 2, Informative

    Their corperate customers have asked them to schedule updates in this manner unless they absolutely must be pushed out in a hurry. MS previously released weekly on Tuesdays, now due to input from large corperate customers who like to plan downtimes and patches they do it once a month.

    --
    scott
  10. Re:Explain this to a non-windows guy by Emperor+Skull · · Score: 4, Informative

    Past experience has shown that exploits are developed very quickly after a patch is released. Without advance notice admins can't schedule or plan to deploy updates. I test and approve patches for about 3000 Windows machines. I'm also in Louisiana where this happens to be a 4 day weekend because of Mardi Gras. Had a critical patch been released on Thursday or Friday I probably wouldn't get to even look at it before next Wednesday. If an exploit was released before then, then well my first day back is going to be a real bad day. While the second Tuesday of the Month might not be perfect for everybody, at least we can plan for it. I know I'll remote in and approve the patches for deployment to my test lab sometime on Mardi Gras day (and watch bugtraq and other places to help determine how important it is to deploy these quickly.) ES

  11. A different perspective by AverageMidget · · Score: 2, Informative

    Some Windows users (like myself) shut off the "Automatic update" service (along with many others) in order to have less system resources used (and less vulnerabilities) while doing what really matters...surfing for porn! Although I can understand the disgust with constantly hearing about patches, there are some people who might not hear about them any other way.

  12. Re:You should be behind a firewall anyway. by Joe+U · · Score: 3, Informative

    When using Windows you should always be behind a firewall

    When shouldn't you be behind a firewall? With the exception of say, a WebTV, ALL operating systems should be behind a firewall.

    Mac included.

  13. Did You RTFA? by Rolan · · Score: 5, Informative
    1) The 8th is TUESDAY and the SECOND TUESDAY of every month is when Microsoft does their patch releases (unless they're so critical they release them out of cycle).
    2) It's not 13 patchs for windows. As the article could not state any clearer it's:

     9 Microsoft Security Bulletins affecting Microsoft Windows. The greatest aggregate, maximum severity rating for these security updates is Critical. Some of these updates will require a restart.
    1 Microsoft Security Bulletin affecting Microsoft SharePoint Services and Office. The greatest aggregate, maximum severity rating for this security bulletin is Moderate. These updates may or may not require a restart.
    1 Microsoft Security Bulletin affecting Microsoft .NET Framework. The greatest aggregate, maximum severity rating for this security bulletin is Important. This update will require a restart.
    1 Microsoft Security Bulletin affecting Microsoft Office. The greatest aggregate, maximum severity rating for this security bulletin is Critical. These updates will require a restart.
    1 Microsoft Security Bulletin affecting Microsoft Windows, Windows Media Player, and MSN Messenger. The greatest aggregate, maximum severity rating for these security updates is Critical. These updates will require a restart.


    3) Read before you submit.
    --
    - AMW
  14. Making a more secure Windows by The+Fifth+Man · · Score: 3, Informative

    IE always seems to be the weak point, or the HTML subsystem... Even if it isn't, I've got instructions on removing several subsystems from Windows that will make it more secure.

    Check out my page on Windows patches, I think it's a convincing argument to rip all of this stuff out of Windows. Just download the files, drag-drop-replace, burn, and install.

    XP subsystem removal software here.

  15. aspell, anyone? by kernelistic · · Score: 3, Informative

    Come on guys, how hard could spelling "Vulnerabilities" correctly be?

  16. Re:At least they are actively patching... by Lisandro · · Score: 2, Informative

    Seriously. Damned if they do and damned if they don't. I update atleast two or three software packages a day in Gentoo (most of them version revisions with bugfixes) and it's not all over the news.

  17. Re:Remote update of office by RequestTimedOut · · Score: 2, Informative

    Try out WUS, successor to SUS and currently in beta. It allows you to select Office updates to deploy. (Office XP & higher I believe)