Slashdot Mirror
Microsoft Skips Patch Tuesday
maotx writes "According to their recently released security bulletin, Microsoft will skip this month's Patch Tuesday. Patch Tuesday, also known as Black Tuesday amongst Administrators, is the second Tuesday of every month, in which Microsoft releases a series of patches and critical updates for its various operating systems and applications."
fuck this whole fuckin place.
eh0d is EVERYBODYS daddy now. TekMonkey (649444): Can a moderator or admin ban this guy? Just look at his record.
That security on there software is too expensive, and that they can lower the TCO and become cheaper tha linux by forgoing security completely.
W00t!
fp?
Finally, all of the Microsoft vulnerabilities have been fixed. No more work to do.
In your face, LINUX!
See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
Microsoft Security Bulletin Advance Notification
a ils.aspx?EventID=1032279532&EventCategory=4&cultur e=en-US&CountryCode=US
Updated: September 9, 2005
Security Bulletin Advance Notification
Update: Microsoft will not issue any new security updates on September 13th as part of the September monthly bulletin release cycle.
Based on customer feedback, Microsoft instituted a monthly security update release process on the second Tuesday of each month to provide customers with security guidance and updates on a predictable and manageable schedule. This update release process involves a significant testing focus to help ensure customers will receive updates that are of a high quality and Microsoft will not release an update until it meets those standards. Occasionally, the testing process and our strict focus on quality can result in a month where no security updates are released, as is the case for 13 September 2005.
In addition, to help customers prioritize monthly security updates with any non-security updates released on Microsoft Update, Windows Update, Windows Server Update Services and Software Update Services on the same day as the monthly security bulletins, we also provide:
Information about the release of updated versions of the Microsoft Windows Malicious Software Removal Tool.
Information about the release of NON-SECURITY, High Priority updates on Microsoft Update (MU), Windows Update (WU), Windows Server Update Services (WSUS) and Software Update Services (SUS). Note that this information will pertain ONLY to updates on Windows Update and only about High Priority, non-security updates being released on the same day as security updates. Information will NOT be provided about Non-security updates released on other days.
On 13 September 2005 Microsoft is planning to release:
Security Updates
No new security updates on September 13th as part of the September monthly bulletin release cycle. This represents a change in the information found in the Advance Notification on Thursday, September 8, 2005. Late in the testing process, Microsoft encountered a quality issue that necessitated the update to go through additional testing and development before it is released. Microsoft is committed to only releasing high quality updates that fix the issue(s) in question, and therefore we feel it is in the best interest of our customers to not release this update until it undergoes further testing.
Microsoft Windows Malicious Software Removal Tool
Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center.
Note that this tool will NOT be distributed using Software Update Services (SUS).
Non-security High Priority updates on MU, WU, WSUS and SUS
Microsoft will release one NON-SECURITY High-Priority Updates for Windows on Microsoft Update (MU), Windows Update (WU), Windows Server Update Services (WSUS) and Software Update Services (SUS).
Microsoft will still host a webcast next week to address customer questions on any previously released security bulletins. For more information on this webcast please see below:
TechNet Webcast: Information about Microsoft's Security Bulletins (Level 100)
Wednesday, 14 September 11:00 AM (GMT-08:00) Pacific Time (US & Canada)
http://msevents.microsoft.com/CUI/WebCastEventDet
main(0)
And it's not something that matters.
"Patch Tuesday" has cancelled.
"Hawaiian Shirt Friday" will continue as normal.
"Executive Chair Throwing Saturday" is uncertain, but quite likely.
$10/month: 120GB bw, SSH, CVS, Rails and 10 years' experience!
...
*sigh* Who am I kidding...
Many Bothans died to bring you this sig.
A patch every month ?. Do they hold onto the patches if it happened to be one that slipped a schedule and became available on the thursday after the first release. Do they wait an entire month before shipping in the next ?.
I've often heard tuesday mid-morning was the best time to release a new package - mostly hearsay. Any bit of truth in it ?
Tuesday's are considered unlucky in Indian lore - to undertake new things. Wednesdays are the day of beginnings - but it's already Wed here by the time it's released worldwide.
Quidquid latine dictum sit, altum videtur
In Firefox, the linked website is wider than the screen. Did anyone try it with IE?
As far as it goes, Black Tuesday is only a means for hackers to learn vulnerabilities in Windows by analyzing the dropped bits. It's very infrequent that an exploit is released before the updates are.
Windows is sure to have many problems, but if hackers are only willing to investigate changed bits and then attack not-yet updated systems, then not putting any updates out will keep those hackers at bay.
I don't think they should do this. Security through obscurity is very temporary. But I understand the reasoning behind not giving hackers hints. Maybe Microsoft's next update release will make things really good.
Jesus saved me from my past. He can save you as well.
Stop the illegal war!
The US PROPAGANDA MACHINE has done an excellent job at controlling public anger against the unjust Iraq war, in TOTAL contrast to the VIETNAM WAR.
The Vietnam war ended when the PUBLIC started protesting not at a DEAF government, but the people fighting the war (the NATIONAL GUARD). Having anger against the millitary helps ensure that reserves are down, and no PROFITTERING wars will HAPPEN in the short term.
A HATE CAMPAIGN needs to start against those who are willing to fight in an UNJUST WAR. However, this needs to be done in a NON-VIOLENT way.
Other nations (such as CHINA and RUSSIA) should CONDEMN this illegal war, and help out with propaganda AGAINST the US.
PROTEST against Millitary recruitment, and the armed forces.
DONT LISTEN to their propaganda about needing a STRONG ARMED FORCE. Force isn't needed when you HAVE NO ENIMIES
---
cut and paste this text and post it wherever possible. Only by spreading the word will the war stop
We don't need no steenking patches!
It's not so much that there isn't a patch this month, as that Microsoft has decided to hold off on releasing a patch due to stability concerns, which is laudable. So, while we have no patches this month, we also have a known unpatched, remotely exploitable hole in Internet Explorer until the eventual release. The big question is, will Microsoft release an out of cycle patch to fix the issue, or will be have a full month of PCs getting owned just because they visited the wrong URL using IE6?
UNIX? They're not even circumcised! Savages!
Note to Ubuntu devs - please follow SUSE's lead and start issuing binary-diff-style updates post-haste, or nobody is going to bother to catch up on critical security fixes and will end up getting rooted left, right and centre.
WTF?
TFA article clearly says that they're issuing several updates right on schedule this coming Tuesday.
They are delaying a security update that was previoiusly scheduled for Tuesday. They're delaying it because they found some problems during late testing. Good on 'em for that.
Aside from that, the rest of the updates will be issued as scheduled.
That is one positive thing about Microsoft. When they release a patch, you can be sure that it has been tested through the roof.
Is that why these patches always seem to break things?
Notice how the wording says that no SECURITY patches are coming out this month due to their "strict focus on quality"? Notice that there's still a high=priority non-security patch coming out.
I looked for examples of what this covered on my WSUS server, and found that this generally means, "Some patch or service pack or program isn't going to install/run unless you install this 'non-security patch'."
KB885523: "This update resolves a compatibility issue with a non-Microsoft software application installed on your computer [excellent weasel words again there]. This application prevents successful installation of Windows XP Service Packs, critical security updates, and other system file updates. This update should be applied to your system to enable safe installation of these updates now and in the future."
A spot check of other "non-security updates" indicates that it's pretty common for them to resolve bugs that make installing patches impossible.
I can't complain too much though - like many others, I'd be out of business if they got their act together.
Oh wait now it's modded funny. I guess the poster was being funny :)
Funny--my girlfriend also said something about not needing to use the patch this week...and something else about a missed month...
Oh, wow! Cigars, anyone?
It's good to know no more patches are needed for Windows, and that it is now finally secure.
Next month, on the day formerly known as patch Tuesday, Microsoft will buy everyone a pony. Henceforth it shall be known as Microsoft Pony Tuesday. We shall be celebrating with the pixies and faeries!
These posts express my own personal views, not those of my employer
When the title says "Microsoft skips patch tuesday", it means that Microsoft will skip a patch's deployment on tuesday, not that they are going to cancel the "patch tuesday".
Sigh.
It takes a man to suffer ignorance and smile
Be yourself no matter what they say
I always refer to it as "That time of the month for P.M.S.: Patching Microsoft Servers."
("Patching Microsoft Systems" also works).
We were figuring on the IHOP.
will there be any patches released for Windows Vista. BTW i found this great Windows Vista community. it seems that it's the most active forums that's currently available. the URL is: http://winvistasecrets.com/
"CERT and other vulnerability watchdogs have noticed an continuous increase in new exploits which are released, almost synchronously, on the second Wednesday of each month." -- Phrak News
It will mean one less reader, meaning less activity. If activity slows enough, OSDN/VA Software would allocate less bandwidth to Slashdot. Then, users would end up slashdotting Slashdot, which would cause countless more users to quit, reducing activity further, and allocating more bandwidth away. Eventually, they would cut Slashdot off altogether, since NOBODY would be visiting.
In short, your quitting Slashdot would help bring about what you want.
--
Bonk the Zonk! TMM for editor!
Trolling all trolls since 2001.
Microsoft software is insecure because that is a way of "maximizing shareholder value", in my opinion.
When people have problems with their computer, they often buy a new computer. Then Microsoft sells another copy of Windows, which, of course, still has huge security risks.
That also seems to be why Microsoft software is so... unfinished. If they ever finished the job, no one would need to buy another copy. So maximizing shareholder value means minimizing quality as much as possible, considering what customers will accept, and trying to introduce new hassles that can be fixed by even later versions.
It's only after it becomes unreliable (or really ugly from rust etc) that you think about replacing it.
Software (despite what M$ would have us believe) doesn't wear out.
The only way to sell new stuff is have it break down. They only fix a few vulnerabilities at a time to make us believe they're trying to keep it safe, but they really built the "rust" at the factory.
Add a few new "features" (read code bloat) and the replacement cycle starts all over again.
They're probably secretly supporting a few exploits the keep the damand up.
Read the summary at least before attempting to explain away the unnecessary MS bashing.
You know, I have never heard of that site before and I though you were making a joke. I had to go there thinking I would see something like, "Bill Gates has alien's child!" or "Bill Gates gives all of his money to Linus Torvalds!"
Evil people don't think they're evil. - George Lucas, Making of Ep III
Microsoft: We're so great that there is nothing to do this month! Oh, don't worry about those High Severity Remote Code Execution vulnerabilities.
Macromedia and Real Networks have been competing with Microsoft, but Microsoft is considerably ahead in being insecure.
I have always wondered what it would be like if magically, all of M$'s non-techie customers (private and commercial) suddenly had the ability to fully understand the way their "Magic boxes" work, and could objectively evaluate what Microsoft tells them.
What a wonderful day it would be if average users started asking hard questions and DEMANDING answers (as in: Why does there need to be a patch Tuesday in the first place?)
I'm not a Linux fanboy by any means( I use both windows and linux boxes, and both OS's have their own advantages), but why in the hell should anyone who pays money to a company for an OS have to put up with it having to be patched and updated constantly just to keep it functional?
How long do you wanna bet it would take for Suse, Mandriva, or Redhat to go bankrupt if they had issues with their products on the scale that M$ has?
Hopefully, over the next couple of generations, most people, having grown up with computers since early childhood, will be educated enough not to be snowed by all the FUD and misinformation coming out of Redmond and demand products that are secure and functional "out of the box".
MOD PARENT UP!! Good thinking.
Lameness filter encountered. Post aborted! Reason: Don't use so many caps. It's like YELLING.
We have a lame lameness filter.
--
If your gov't chooses killing as policy (CIA trained Arabs in 1980), expect others to choose the same.
Mod parent up! :)
Caesar si viveret, ad remum dareris.
The Inquirer reports tech news.
The Enquirer reports stories about bat boy.
Small, but important, difference.
An inaccurate headline and summary on Slashdot? You, sir, are threatening the hegemony.
"Sufferin' succotash."
Are they so reluctant to release security patches that they name the day "black"?
Why would a business invest in software that has a set patch schedule. Would they buy a fleet of cars that need to be brought in to fix a safty recall monthly?
Sure, a safety fix deals with life and death, but look how much money some of the corporations stand to loose to this bullshit. Look at Caterpillar.
-William
God is everything science has yet to explain.
There are several unpatched vulnerabilities in IE 6, according to Secunia. The security monitoring company has issued 85 alerts on the web browser since 2003; 19 of those security bugs remain unpatched, according to Secunia's website.
In addition to the Windows security fixes, Microsoft on Tuesday plans to release an update for Windows that it deems high priority but is not security related, the company said.
Perverted priorities and Microsoft. Film at 11.
Full story.
to mod parents up! Damn my lack of moderation points! (For once a year it seems....)
I remember sigs. Oh, a simpler time!
It doesn't cost anything to 0wn a windows box and I've got a 10k strong botnet to prove it!
Trying to release "Mini-Microsoft" or something, I'm sure.
until your engine siezes up?
This sig left unintentionally blank.
Nice myth there.
Even Microsoft site scanning monkeys found that one.
Send IE to as many sites as able and see how many get exploted and by what. They found a lot of 0 day faults that were in use on partical sites.
Spammers and Crackers find faults and explot them and tell people nothing. Virus writers seam not to be doing this any more.
All OS have 0 day faults question is who is going to attack you system. Are you going to loss you email account because of spaming or lose you data due to data thief or lose you idenity. Yep viruses are only minor problems.
Linux developers report faults fast so that firewalls can be altered and effected sections could be disabled before patch to counter 0 day.
Problem how many DHCP servers does microsoft make 1 How many DHCP servers does linux have. It has many. This applies basicly for every service.
So a notice of a major fault is a minor problem in the Linux world. Windows World major fault is a major problem because there is no other services to swap to.
Microsoft either opensource or double develop.
Tcp/IP Stack was Patched some time between 1994 to 1998.
The Open Source Patch was only intergrated in Windows XP SP 2 and even then not completely yep not all the known faults in the Open Source Tcp/IP stack are fixed in Windows XP SP2 heck they did not even have to develop it all they had to do is copy the code in.
Jpeg Interface OpenSource.
Png Interface OpenSource.
Zip file interface OpenSource.
The list go on and on. Large sections of Windows is Open Source.
Without OpenSource Windows will fail.
Let just say 100% of the market uses Open Source 95% uses Closed source as well. So are weak to attack from both.
Yep Open Source people write subsystem parts that Microsoft used. Reason why we have all os attacks from time to time. Microsoft in all past cases is the last to patch.
Microsoft Attacking Open Source should be taken with a grain of salt. They are attacking the very developers they depend on to find and remove faults from the open source parts in their OS.
This works both ways. How would you like it if every trip to the auto-mechanic you were chided for having certain tires, not using a particular brand/weight of motor oil, not being timely enough in getting a tune up, why didn't you change your own oil, your tire pressures too low?
I'd love it if cars were like software and the mechanic was a well meaning and exasperated free auto evangelist. The tires, oil and all that would be free and I'd only have to press a button to refresh them, if only I'd give up the inferior "big oil" brand that's so highly advertised. I know it would be difficult to see through the FUD and fog, but one day I'd be very happy. If you know of an automobile or any other physical object that works like software, please let me know.
Other than that, I completely agree with you. Everyone needs to be nice to their customers instead of acting like M$ Partners or Steve Balmer. Also, the only thing dumber than running Windoze is running Windoze on autopilot. The "upgrades" will burn you.
Setting up a nice new laptop from school showed me just how bad the Windoze world has gotten. The gave me a brand new Dell Inspiron 2200, which is about as fast as my best desktop machine. Being new, Mepis had some problems with the machine's power management, which I have yet to resolve. It won't go into hibernate. Silly me, I thought the Windozy ACPI software would fix things so I asked where the utilities were in the forrest of disorganized tabs. No luck, Windoze merely disabled the wifi without asking after taking forever to boot and run a stupid anti-virus tool that "scanned" every file one of the 40,000 useless files on the partition. I was able to turn wifi back on by forcing it to connect to my home wifi and turning it off that way. Acpid and wmacpi, which I just installed via apt-get, will probably work better. How can anyone stand to run that nasty single interface, security nightmare? What single advantage does it have that make it worth the trouble?
Friends don't help friends install M$ junk.
I don't know about you, but I just get bored sometimes, and want something new. Why does the old one have to be broken before I get a new one? The resale is better if it's working.
My blog. Good stuff (when I remember to update it). Read it.
"My other computer is your MS-Windows box"
Got time? Spend some of it coding or testing
FAT Tuesday?
So it's (Microsoft Windows)(Malicious ((Software Removal) tool)). Dang, I could have sworn it was (Microsoft Windows) ((Malicious Software) (Removal Tool)).
Let's write it all in Lisp.