Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Releases Eight Security Updates

Posted by CowboyNeal on from the locking-down dept.

Juha-Matti Laurio writes "After a very uncommon break in March Microsoft has just published 8 new security updates. Almost all updates that are a part of the monthly release cycle are rated as 'Critical.' New Windows Shell vulnerability, named as MS05-016 is only 'Important,' but Windows XP Service Pack 2 is affected too, however. This is not the first time when there was something to fix at Shell32.dll. Vulnerabilities in TCP/IP that could allow remote code execution and denial of service at cumulative bulletin MS05-019 are affecting SP2 too. Windows Kernel, Exchange, MSN Messenger, Word (Office) and Internet Explorer get their updates as well."

6 of 344 comments (clear)

  1. More updates by nenolod · · Score: 5, Insightful

    And yet they are less vague than the ones which have recently come out of OpenBSD. That's scary.

  2. So... by bl4nk · · Score: 5, Insightful

    Can we expect a news article every month blasting Microsoft for releasing security updates? Christ, where are the news articles when updates come out for other OS's? Or is it only a bad thing when Microsoft does it?

  3. Re:One wonders... by Neopoleon · · Score: 5, Insightful

    You have to keep things in perspective - Windows isn't open source, so publishing the vulnerabilities ahead of time, in many cases, wouldn't actually do much good.

    As you know, with OSS, announcing a vulnerability is like a call to arms, getting devs out of bed and coding fixes. With a closed source product, it's like saying "Cooooooooooooome 'n get it!"

    If users could plug these holes with their fingers, then telling them would help. As things are, though, this is probably the safer way to do it for our product.

    --
    - Rory [Microsoft Employee] | Free dirt: neopoleon.com
  4. "Critical" patches every month. Sure, we can wait! by TheStick · · Score: 5, Insightful

    I never understood why Microsoft released "critical updates" only every month. If they're critical, you're supposed to release a patch as soon as you hear about them. 48 hours is already too much, and a month represents a century in the IT universe...

  5. Re:WS2K3 SP1 by arete · · Score: 5, Insightful

    You misunderstood. /. wants everything. Especially because different people want different things...)

    They quite literally want to build a automatic cake making machine so they can have lots of cake while they're eating their cake : )

    They want a blindingly fast machine with a 90 inch display that fits on their keychain and uses no power. They want this machine to be completely secure while allowing random applications to do whatever necessary to squeeze their hardware. They want it to use an OS that is unpopular enough instill geek pride but is somehow the primary development platform of all cool games.

    Oh, and it should be Free as in speech, Free as in beer, and produced by a trusted public company that somehow makes money off this without doing anything that would make them unloved.

    And they want cute little penguins to somehow get them laid by actual women, generally without them having to go anywhere they might actually meet women.

    I'm not saying any of these individual goals are bad ideas, I'm just saying you can't always have everything you want.

    (Incidentally, I'm in favor of really paranoid IE settings, but since by using it you're implicitly trusting MS, the Office update site could probably have been automatically added to that list. I think that's why the gp noted it.)

    --
    Looking for freelance Actionscript (Flash/Flex) or ColdFusion work and/or freelance developers. Email me, put Slashdot
  6. Because MS "Painted Themselves Into A Corner" by EXTomar · · Score: 5, Insightful

    Why wait a month? Because their patching system blows. They didn't learn lessons learned decades ago about how to patch core components and kernel services and now we live with this every day (or month as the case maybe).

    Patching a single Windows machine is difficult especially if you are a novice (many still don't understand why computers "just don't work"). Patching many Windows machines is hard. Patching a live server is hard. Considering how hard some of the patching is on some machines you might even want to consider waiting a few more days to the weekend to apply this patch to patch them especially since one of the patches fixes exploits that are mitigated by using firewalls. Reguardless Windows is so hard to patch you can't have the "on the fly" patching other platforms feature.

    It is really lesser of two evils. You can either spend almost all of your time patching or you can lump the difficult time in one large shot. If MS dropped patches when ever they felt it was complete (which is good for security!) you finished updating the entire enterprise (this might take a weeks if not a month with serious stuff like SP 2) you'd have to start over and do it again for a brand new one. So on and so forth.

    The real problem is "patching Windows is hard". The "fix" right now to this is pushing patches once a month. As long as Windows is hard to patch then there is no other real solution to this horrible situation MS sold us on.