Slashdot Mirror
Microsoft Skips Patch Tuesday
maotx writes "According to their recently released security bulletin, Microsoft will skip this month's Patch Tuesday. Patch Tuesday, also known as Black Tuesday amongst Administrators, is the second Tuesday of every month, in which Microsoft releases a series of patches and critical updates for its various operating systems and applications."
That security on there software is too expensive, and that they can lower the TCO and become cheaper tha linux by forgoing security completely.
Finally, all of the Microsoft vulnerabilities have been fixed. No more work to do.
In your face, LINUX!
See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
"Patch Tuesday" has cancelled.
"Hawaiian Shirt Friday" will continue as normal.
"Executive Chair Throwing Saturday" is uncertain, but quite likely.
$10/month: 120GB bw, SSH, CVS, Rails and 10 years' experience!
...
*sigh* Who am I kidding...
Many Bothans died to bring you this sig.
A patch every month ?. Do they hold onto the patches if it happened to be one that slipped a schedule and became available on the thursday after the first release. Do they wait an entire month before shipping in the next ?.
I've often heard tuesday mid-morning was the best time to release a new package - mostly hearsay. Any bit of truth in it ?
Tuesday's are considered unlucky in Indian lore - to undertake new things. Wednesdays are the day of beginnings - but it's already Wed here by the time it's released worldwide.
Quidquid latine dictum sit, altum videtur
In Firefox, the linked website is wider than the screen. Did anyone try it with IE?
As far as it goes, Black Tuesday is only a means for hackers to learn vulnerabilities in Windows by analyzing the dropped bits. It's very infrequent that an exploit is released before the updates are.
Windows is sure to have many problems, but if hackers are only willing to investigate changed bits and then attack not-yet updated systems, then not putting any updates out will keep those hackers at bay.
I don't think they should do this. Security through obscurity is very temporary. But I understand the reasoning behind not giving hackers hints. Maybe Microsoft's next update release will make things really good.
Jesus saved me from my past. He can save you as well.
I am glad to know that if Microsoft gets Slashdotted, we have this cut and paste to refer to. We all know Saturday morning in the U.S. is the heaviest traffic time, and that Microsoft runs its servers off of 486's with 32 megs of ram.
We have no idea how you beat out all the subscribers, and got around the 404's. But somehow, undoubtedly through minutes of perserverence, you were able to get the job done. And in your rush to provide this service, you were STILL able to make sure it was formatted nicely. Well done.
If it weren't for you, therer is absolutely no way I could have read this fine article. I Thank you and your country thanks you.
See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
We don't need no steenking patches!
I was just going to yell "Karma Whore!", but the stupid 2 minutes between posts rule gave me way too much time to think of something like this....
See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
It's not so much that there isn't a patch this month, as that Microsoft has decided to hold off on releasing a patch due to stability concerns, which is laudable. So, while we have no patches this month, we also have a known unpatched, remotely exploitable hole in Internet Explorer until the eventual release. The big question is, will Microsoft release an out of cycle patch to fix the issue, or will be have a full month of PCs getting owned just because they visited the wrong URL using IE6?
UNIX? They're not even circumcised! Savages!
I beilieve that's only 640k since it's billyg's boxen
WTF?
TFA article clearly says that they're issuing several updates right on schedule this coming Tuesday.
They are delaying a security update that was previoiusly scheduled for Tuesday. They're delaying it because they found some problems during late testing. Good on 'em for that.
Aside from that, the rest of the updates will be issued as scheduled.
That is one positive thing about Microsoft. When they release a patch, you can be sure that it has been tested through the roof.
Is that why these patches always seem to break things?
Microsoft Windows Malicious Software Removal Tool? So Microsoft admits that some of its software is malicious, and that users should remove it?
Notice how the wording says that no SECURITY patches are coming out this month due to their "strict focus on quality"? Notice that there's still a high=priority non-security patch coming out.
I looked for examples of what this covered on my WSUS server, and found that this generally means, "Some patch or service pack or program isn't going to install/run unless you install this 'non-security patch'."
KB885523: "This update resolves a compatibility issue with a non-Microsoft software application installed on your computer [excellent weasel words again there]. This application prevents successful installation of Windows XP Service Packs, critical security updates, and other system file updates. This update should be applied to your system to enable safe installation of these updates now and in the future."
A spot check of other "non-security updates" indicates that it's pretty common for them to resolve bugs that make installing patches impossible.
I can't complain too much though - like many others, I'd be out of business if they got their act together.
Oh wait now it's modded funny. I guess the poster was being funny :)
Funny--my girlfriend also said something about not needing to use the patch this week...and something else about a missed month...
Oh, wow! Cigars, anyone?
It's good to know no more patches are needed for Windows, and that it is now finally secure.
Next month, on the day formerly known as patch Tuesday, Microsoft will buy everyone a pony. Henceforth it shall be known as Microsoft Pony Tuesday. We shall be celebrating with the pixies and faeries!
These posts express my own personal views, not those of my employer
this is how you spend your time?
Kettle: Hey pot, you're black!
Pot: And you are...?
main(0)
When the title says "Microsoft skips patch tuesday", it means that Microsoft will skip a patch's deployment on tuesday, not that they are going to cancel the "patch tuesday".
Sigh.
It takes a man to suffer ignorance and smile
Be yourself no matter what they say
I always refer to it as "That time of the month for P.M.S.: Patching Microsoft Servers."
("Patching Microsoft Systems" also works).
Cut and paste all you want, but please, for God's sake, remove the gratutious capitalization. We don't want people to think they've accidentally clicked on a timecube link.
We were figuring on the IHOP.
"CERT and other vulnerability watchdogs have noticed an continuous increase in new exploits which are released, almost synchronously, on the second Wednesday of each month." -- Phrak News
It will mean one less reader, meaning less activity. If activity slows enough, OSDN/VA Software would allocate less bandwidth to Slashdot. Then, users would end up slashdotting Slashdot, which would cause countless more users to quit, reducing activity further, and allocating more bandwidth away. Eventually, they would cut Slashdot off altogether, since NOBODY would be visiting.
In short, your quitting Slashdot would help bring about what you want.
--
Bonk the Zonk! TMM for editor!
Trolling all trolls since 2001.
Microsoft software is insecure because that is a way of "maximizing shareholder value", in my opinion.
When people have problems with their computer, they often buy a new computer. Then Microsoft sells another copy of Windows, which, of course, still has huge security risks.
That also seems to be why Microsoft software is so... unfinished. If they ever finished the job, no one would need to buy another copy. So maximizing shareholder value means minimizing quality as much as possible, considering what customers will accept, and trying to introduce new hassles that can be fixed by even later versions.
It's only after it becomes unreliable (or really ugly from rust etc) that you think about replacing it.
Software (despite what M$ would have us believe) doesn't wear out.
The only way to sell new stuff is have it break down. They only fix a few vulnerabilities at a time to make us believe they're trying to keep it safe, but they really built the "rust" at the factory.
Add a few new "features" (read code bloat) and the replacement cycle starts all over again.
They're probably secretly supporting a few exploits the keep the damand up.
Read the summary at least before attempting to explain away the unnecessary MS bashing.
You know, I have never heard of that site before and I though you were making a joke. I had to go there thinking I would see something like, "Bill Gates has alien's child!" or "Bill Gates gives all of his money to Linus Torvalds!"
Evil people don't think they're evil. - George Lucas, Making of Ep III
Microsoft: We're so great that there is nothing to do this month! Oh, don't worry about those High Severity Remote Code Execution vulnerabilities.
Macromedia and Real Networks have been competing with Microsoft, but Microsoft is considerably ahead in being insecure.
I have always wondered what it would be like if magically, all of M$'s non-techie customers (private and commercial) suddenly had the ability to fully understand the way their "Magic boxes" work, and could objectively evaluate what Microsoft tells them.
What a wonderful day it would be if average users started asking hard questions and DEMANDING answers (as in: Why does there need to be a patch Tuesday in the first place?)
I'm not a Linux fanboy by any means( I use both windows and linux boxes, and both OS's have their own advantages), but why in the hell should anyone who pays money to a company for an OS have to put up with it having to be patched and updated constantly just to keep it functional?
How long do you wanna bet it would take for Suse, Mandriva, or Redhat to go bankrupt if they had issues with their products on the scale that M$ has?
Hopefully, over the next couple of generations, most people, having grown up with computers since early childhood, will be educated enough not to be snowed by all the FUD and misinformation coming out of Redmond and demand products that are secure and functional "out of the box".
It's good to see that they are still teaching sarcasm in high school.
word.
MOD PARENT UP!! Good thinking.
Lameness filter encountered. Post aborted! Reason: Don't use so many caps. It's like YELLING.
We have a lame lameness filter.
--
If your gov't chooses killing as policy (CIA trained Arabs in 1980), expect others to choose the same.
No, you got it all wrong. It's a malicious tool that removes all your software
Mod parent up! :)
Caesar si viveret, ad remum dareris.
High School? I'm in my thirties! I've been out of high school for three years now.
See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
The Inquirer reports tech news.
The Enquirer reports stories about bat boy.
Small, but important, difference.
An inaccurate headline and summary on Slashdot? You, sir, are threatening the hegemony.
"Sufferin' succotash."
Are they so reluctant to release security patches that they name the day "black"?
Why would a business invest in software that has a set patch schedule. Would they buy a fleet of cars that need to be brought in to fix a safty recall monthly?
Sure, a safety fix deals with life and death, but look how much money some of the corporations stand to loose to this bullshit. Look at Caterpillar.
-William
God is everything science has yet to explain.
Who modded this up!? BTW, I found this great site!!? He's promoting his own site here. Get a grip mods!
There are several unpatched vulnerabilities in IE 6, according to Secunia. The security monitoring company has issued 85 alerts on the web browser since 2003; 19 of those security bugs remain unpatched, according to Secunia's website.
In addition to the Windows security fixes, Microsoft on Tuesday plans to release an update for Windows that it deems high priority but is not security related, the company said.
Perverted priorities and Microsoft. Film at 11.
Full story.
to mod parents up! Damn my lack of moderation points! (For once a year it seems....)
I remember sigs. Oh, a simpler time!
I thought they only had 640k of RAM.
It doesn't cost anything to 0wn a windows box and I've got a 10k strong botnet to prove it!
Trying to release "Mini-Microsoft" or something, I'm sure.
until your engine siezes up?
This sig left unintentionally blank.
Nice myth there.
Even Microsoft site scanning monkeys found that one.
Send IE to as many sites as able and see how many get exploted and by what. They found a lot of 0 day faults that were in use on partical sites.
Spammers and Crackers find faults and explot them and tell people nothing. Virus writers seam not to be doing this any more.
All OS have 0 day faults question is who is going to attack you system. Are you going to loss you email account because of spaming or lose you data due to data thief or lose you idenity. Yep viruses are only minor problems.
Linux developers report faults fast so that firewalls can be altered and effected sections could be disabled before patch to counter 0 day.
Problem how many DHCP servers does microsoft make 1 How many DHCP servers does linux have. It has many. This applies basicly for every service.
So a notice of a major fault is a minor problem in the Linux world. Windows World major fault is a major problem because there is no other services to swap to.
Microsoft either opensource or double develop.
Tcp/IP Stack was Patched some time between 1994 to 1998.
The Open Source Patch was only intergrated in Windows XP SP 2 and even then not completely yep not all the known faults in the Open Source Tcp/IP stack are fixed in Windows XP SP2 heck they did not even have to develop it all they had to do is copy the code in.
Jpeg Interface OpenSource.
Png Interface OpenSource.
Zip file interface OpenSource.
The list go on and on. Large sections of Windows is Open Source.
Without OpenSource Windows will fail.
Let just say 100% of the market uses Open Source 95% uses Closed source as well. So are weak to attack from both.
Yep Open Source people write subsystem parts that Microsoft used. Reason why we have all os attacks from time to time. Microsoft in all past cases is the last to patch.
Microsoft Attacking Open Source should be taken with a grain of salt. They are attacking the very developers they depend on to find and remove faults from the open source parts in their OS.
This works both ways. How would you like it if every trip to the auto-mechanic you were chided for having certain tires, not using a particular brand/weight of motor oil, not being timely enough in getting a tune up, why didn't you change your own oil, your tire pressures too low?
I'd love it if cars were like software and the mechanic was a well meaning and exasperated free auto evangelist. The tires, oil and all that would be free and I'd only have to press a button to refresh them, if only I'd give up the inferior "big oil" brand that's so highly advertised. I know it would be difficult to see through the FUD and fog, but one day I'd be very happy. If you know of an automobile or any other physical object that works like software, please let me know.
Other than that, I completely agree with you. Everyone needs to be nice to their customers instead of acting like M$ Partners or Steve Balmer. Also, the only thing dumber than running Windoze is running Windoze on autopilot. The "upgrades" will burn you.
Setting up a nice new laptop from school showed me just how bad the Windoze world has gotten. The gave me a brand new Dell Inspiron 2200, which is about as fast as my best desktop machine. Being new, Mepis had some problems with the machine's power management, which I have yet to resolve. It won't go into hibernate. Silly me, I thought the Windozy ACPI software would fix things so I asked where the utilities were in the forrest of disorganized tabs. No luck, Windoze merely disabled the wifi without asking after taking forever to boot and run a stupid anti-virus tool that "scanned" every file one of the 40,000 useless files on the partition. I was able to turn wifi back on by forcing it to connect to my home wifi and turning it off that way. Acpid and wmacpi, which I just installed via apt-get, will probably work better. How can anyone stand to run that nasty single interface, security nightmare? What single advantage does it have that make it worth the trouble?
Friends don't help friends install M$ junk.
I don't know about you, but I just get bored sometimes, and want something new. Why does the old one have to be broken before I get a new one? The resale is better if it's working.
My blog. Good stuff (when I remember to update it). Read it.
"My other computer is your MS-Windows box"
Got time? Spend some of it coding or testing
I found this great site...HAHAHAHAHA no.
Just wait for the official release then, If you're running beta software you're doomed with many updates.
FAT Tuesday?
So it's (Microsoft Windows)(Malicious ((Software Removal) tool)). Dang, I could have sworn it was (Microsoft Windows) ((Malicious Software) (Removal Tool)).
Let's write it all in Lisp.