Slashdot Mirror

← Back to Stories (view on slashdot.org)

13 New Windows Security Vunerabilities

Posted by CowboyNeal on from the focused-on-security dept.

Petree writes "Microsoft has given advance notice that on February 8th, they will be releasing patches for 13 vunerabilities. Happily a day later they'll have a nice little webcast so answer questions about the vunerabilities. Windows users, don't forget to run WindowsUpdate first thing Monday morning."

11 of 410 comments (clear)

  1. "Run WindowsUpdate first thing Monday morning" by Anonymous Coward · · Score: 5, Informative

    And then again on Tuesday when the actual updates come out.

    1. Re:"Run WindowsUpdate first thing Monday morning" by theancient2 · · Score: 5, Informative

      It's only necessary to reboot once, not after each update. (The only time you need to reboot more than once is when installing a major update, such as a new version of Internet Explorer.)

  2. Redundant? by Anonymous Coward · · Score: 5, Informative

    The summary is wrong, and this is pointing out that fact. Running Windows Update on Monday won't get you anything since the updates come out on TUESDAY, aka the 8TH.

  3. They don't need to by Jugalator · · Score: 4, Informative

    Windows users, don't forget to run WindowsUpdate first thing Monday morning.

    These days, Windows users don't need to "run" Windows Update to grab security updates; the Windows service do that job, so they don't have to remember to do anything special on Tuesday. However, you need to actively visit windowsupdate.microsoft.com if you need other stuff than security updates.

    --
    Beware: In C++, your friends can see your privates!
  4. Re:Why? by Zocalo · · Score: 3, Informative

    Mostly because not every one might appreciate having to download a huge patch for something they don't have installed. Also because the patches are covering multiple Windows versions, and EDS can tell you all about what happens when you apply a patch for one Windows varient over another...

    --
    UNIX? They're not even circumcised! Savages!
  5. AntiSpyware by inertia187 · · Score: 3, Informative

    If you haven't done it already, go to microsoft.com and search for antispyware. Install Microsoft AntiSpyware (beta). You'd be surprised how many trojans and spyware it will find on your "secure" Windows boxen.

    Microsoft didn't write it. It's GIANT AntiSpyware with a new label. It may think some of your legitimate apps are spyware, like VNC, but it usually marks them as ignore by default anyway. It's great if you forgot they were there or someone else installed them without your knowledge.

    --
    A programmer is a machine for converting coffee into code.
  6. Re:Explain this to a non-windows guy by Emperor+Skull · · Score: 4, Informative

    Past experience has shown that exploits are developed very quickly after a patch is released. Without advance notice admins can't schedule or plan to deploy updates. I test and approve patches for about 3000 Windows machines. I'm also in Louisiana where this happens to be a 4 day weekend because of Mardi Gras. Had a critical patch been released on Thursday or Friday I probably wouldn't get to even look at it before next Wednesday. If an exploit was released before then, then well my first day back is going to be a real bad day. While the second Tuesday of the Month might not be perfect for everybody, at least we can plan for it. I know I'll remote in and approve the patches for deployment to my test lab sometime on Mardi Gras day (and watch bugtraq and other places to help determine how important it is to deploy these quickly.) ES

  7. Re:You should be behind a firewall anyway. by Joe+U · · Score: 3, Informative

    When using Windows you should always be behind a firewall

    When shouldn't you be behind a firewall? With the exception of say, a WebTV, ALL operating systems should be behind a firewall.

    Mac included.

  8. Did You RTFA? by Rolan · · Score: 5, Informative
    1) The 8th is TUESDAY and the SECOND TUESDAY of every month is when Microsoft does their patch releases (unless they're so critical they release them out of cycle).
    2) It's not 13 patchs for windows. As the article could not state any clearer it's:

     9 Microsoft Security Bulletins affecting Microsoft Windows. The greatest aggregate, maximum severity rating for these security updates is Critical. Some of these updates will require a restart.
    1 Microsoft Security Bulletin affecting Microsoft SharePoint Services and Office. The greatest aggregate, maximum severity rating for this security bulletin is Moderate. These updates may or may not require a restart.
    1 Microsoft Security Bulletin affecting Microsoft .NET Framework. The greatest aggregate, maximum severity rating for this security bulletin is Important. This update will require a restart.
    1 Microsoft Security Bulletin affecting Microsoft Office. The greatest aggregate, maximum severity rating for this security bulletin is Critical. These updates will require a restart.
    1 Microsoft Security Bulletin affecting Microsoft Windows, Windows Media Player, and MSN Messenger. The greatest aggregate, maximum severity rating for these security updates is Critical. These updates will require a restart.


    3) Read before you submit.
    --
    - AMW
  9. Making a more secure Windows by The+Fifth+Man · · Score: 3, Informative

    IE always seems to be the weak point, or the HTML subsystem... Even if it isn't, I've got instructions on removing several subsystems from Windows that will make it more secure.

    Check out my page on Windows patches, I think it's a convincing argument to rip all of this stuff out of Windows. Just download the files, drag-drop-replace, burn, and install.

    XP subsystem removal software here.

  10. aspell, anyone? by kernelistic · · Score: 3, Informative

    Come on guys, how hard could spelling "Vulnerabilities" correctly be?