Slashdot Mirror
Microsoft Skips Patch Tuesday
maotx writes "According to their recently released security bulletin, Microsoft will skip this month's Patch Tuesday. Patch Tuesday, also known as Black Tuesday amongst Administrators, is the second Tuesday of every month, in which Microsoft releases a series of patches and critical updates for its various operating systems and applications."
That security on there software is too expensive, and that they can lower the TCO and become cheaper tha linux by forgoing security completely.
Finally, all of the Microsoft vulnerabilities have been fixed. No more work to do.
In your face, LINUX!
See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
"Patch Tuesday" has cancelled.
"Hawaiian Shirt Friday" will continue as normal.
"Executive Chair Throwing Saturday" is uncertain, but quite likely.
$10/month: 120GB bw, SSH, CVS, Rails and 10 years' experience!
A patch every month ?. Do they hold onto the patches if it happened to be one that slipped a schedule and became available on the thursday after the first release. Do they wait an entire month before shipping in the next ?.
I've often heard tuesday mid-morning was the best time to release a new package - mostly hearsay. Any bit of truth in it ?
Tuesday's are considered unlucky in Indian lore - to undertake new things. Wednesdays are the day of beginnings - but it's already Wed here by the time it's released worldwide.
Quidquid latine dictum sit, altum videtur
In Firefox, the linked website is wider than the screen. Did anyone try it with IE?
As far as it goes, Black Tuesday is only a means for hackers to learn vulnerabilities in Windows by analyzing the dropped bits. It's very infrequent that an exploit is released before the updates are.
Windows is sure to have many problems, but if hackers are only willing to investigate changed bits and then attack not-yet updated systems, then not putting any updates out will keep those hackers at bay.
I don't think they should do this. Security through obscurity is very temporary. But I understand the reasoning behind not giving hackers hints. Maybe Microsoft's next update release will make things really good.
Jesus saved me from my past. He can save you as well.
I am glad to know that if Microsoft gets Slashdotted, we have this cut and paste to refer to. We all know Saturday morning in the U.S. is the heaviest traffic time, and that Microsoft runs its servers off of 486's with 32 megs of ram.
We have no idea how you beat out all the subscribers, and got around the 404's. But somehow, undoubtedly through minutes of perserverence, you were able to get the job done. And in your rush to provide this service, you were STILL able to make sure it was formatted nicely. Well done.
If it weren't for you, therer is absolutely no way I could have read this fine article. I Thank you and your country thanks you.
See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
We don't need no steenking patches!
I was just going to yell "Karma Whore!", but the stupid 2 minutes between posts rule gave me way too much time to think of something like this....
See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
It's not so much that there isn't a patch this month, as that Microsoft has decided to hold off on releasing a patch due to stability concerns, which is laudable. So, while we have no patches this month, we also have a known unpatched, remotely exploitable hole in Internet Explorer until the eventual release. The big question is, will Microsoft release an out of cycle patch to fix the issue, or will be have a full month of PCs getting owned just because they visited the wrong URL using IE6?
UNIX? They're not even circumcised! Savages!
WTF?
TFA article clearly says that they're issuing several updates right on schedule this coming Tuesday.
They are delaying a security update that was previoiusly scheduled for Tuesday. They're delaying it because they found some problems during late testing. Good on 'em for that.
Aside from that, the rest of the updates will be issued as scheduled.
Microsoft Windows Malicious Software Removal Tool? So Microsoft admits that some of its software is malicious, and that users should remove it?
Notice how the wording says that no SECURITY patches are coming out this month due to their "strict focus on quality"? Notice that there's still a high=priority non-security patch coming out.
I looked for examples of what this covered on my WSUS server, and found that this generally means, "Some patch or service pack or program isn't going to install/run unless you install this 'non-security patch'."
KB885523: "This update resolves a compatibility issue with a non-Microsoft software application installed on your computer [excellent weasel words again there]. This application prevents successful installation of Windows XP Service Packs, critical security updates, and other system file updates. This update should be applied to your system to enable safe installation of these updates now and in the future."
A spot check of other "non-security updates" indicates that it's pretty common for them to resolve bugs that make installing patches impossible.
I can't complain too much though - like many others, I'd be out of business if they got their act together.
Funny--my girlfriend also said something about not needing to use the patch this week...and something else about a missed month...
Oh, wow! Cigars, anyone?
It's good to know no more patches are needed for Windows, and that it is now finally secure.
Next month, on the day formerly known as patch Tuesday, Microsoft will buy everyone a pony. Henceforth it shall be known as Microsoft Pony Tuesday. We shall be celebrating with the pixies and faeries!
These posts express my own personal views, not those of my employer
When the title says "Microsoft skips patch tuesday", it means that Microsoft will skip a patch's deployment on tuesday, not that they are going to cancel the "patch tuesday".
Sigh.
It takes a man to suffer ignorance and smile
Be yourself no matter what they say
I always refer to it as "That time of the month for P.M.S.: Patching Microsoft Servers."
("Patching Microsoft Systems" also works).
"CERT and other vulnerability watchdogs have noticed an continuous increase in new exploits which are released, almost synchronously, on the second Wednesday of each month." -- Phrak News
Microsoft software is insecure because that is a way of "maximizing shareholder value", in my opinion.
When people have problems with their computer, they often buy a new computer. Then Microsoft sells another copy of Windows, which, of course, still has huge security risks.
That also seems to be why Microsoft software is so... unfinished. If they ever finished the job, no one would need to buy another copy. So maximizing shareholder value means minimizing quality as much as possible, considering what customers will accept, and trying to introduce new hassles that can be fixed by even later versions.
It's only after it becomes unreliable (or really ugly from rust etc) that you think about replacing it.
Software (despite what M$ would have us believe) doesn't wear out.
The only way to sell new stuff is have it break down. They only fix a few vulnerabilities at a time to make us believe they're trying to keep it safe, but they really built the "rust" at the factory.
Add a few new "features" (read code bloat) and the replacement cycle starts all over again.
They're probably secretly supporting a few exploits the keep the damand up.
You know, I have never heard of that site before and I though you were making a joke. I had to go there thinking I would see something like, "Bill Gates has alien's child!" or "Bill Gates gives all of his money to Linus Torvalds!"
Evil people don't think they're evil. - George Lucas, Making of Ep III
Microsoft: We're so great that there is nothing to do this month! Oh, don't worry about those High Severity Remote Code Execution vulnerabilities.
Macromedia and Real Networks have been competing with Microsoft, but Microsoft is considerably ahead in being insecure.
I have always wondered what it would be like if magically, all of M$'s non-techie customers (private and commercial) suddenly had the ability to fully understand the way their "Magic boxes" work, and could objectively evaluate what Microsoft tells them.
What a wonderful day it would be if average users started asking hard questions and DEMANDING answers (as in: Why does there need to be a patch Tuesday in the first place?)
I'm not a Linux fanboy by any means( I use both windows and linux boxes, and both OS's have their own advantages), but why in the hell should anyone who pays money to a company for an OS have to put up with it having to be patched and updated constantly just to keep it functional?
How long do you wanna bet it would take for Suse, Mandriva, or Redhat to go bankrupt if they had issues with their products on the scale that M$ has?
Hopefully, over the next couple of generations, most people, having grown up with computers since early childhood, will be educated enough not to be snowed by all the FUD and misinformation coming out of Redmond and demand products that are secure and functional "out of the box".
It's good to see that they are still teaching sarcasm in high school.
word.
MOD PARENT UP!! Good thinking.
Lameness filter encountered. Post aborted! Reason: Don't use so many caps. It's like YELLING.
We have a lame lameness filter.
--
If your gov't chooses killing as policy (CIA trained Arabs in 1980), expect others to choose the same.
High School? I'm in my thirties! I've been out of high school for three years now.
See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
The Inquirer reports tech news.
The Enquirer reports stories about bat boy.
Small, but important, difference.
An inaccurate headline and summary on Slashdot? You, sir, are threatening the hegemony.
"Sufferin' succotash."
Why would a business invest in software that has a set patch schedule. Would they buy a fleet of cars that need to be brought in to fix a safty recall monthly?
Sure, a safety fix deals with life and death, but look how much money some of the corporations stand to loose to this bullshit. Look at Caterpillar.
-William
God is everything science has yet to explain.
I thought they only had 640k of RAM.
It doesn't cost anything to 0wn a windows box and I've got a 10k strong botnet to prove it!
Trying to release "Mini-Microsoft" or something, I'm sure.
until your engine siezes up?
This sig left unintentionally blank.
This works both ways. How would you like it if every trip to the auto-mechanic you were chided for having certain tires, not using a particular brand/weight of motor oil, not being timely enough in getting a tune up, why didn't you change your own oil, your tire pressures too low?
I'd love it if cars were like software and the mechanic was a well meaning and exasperated free auto evangelist. The tires, oil and all that would be free and I'd only have to press a button to refresh them, if only I'd give up the inferior "big oil" brand that's so highly advertised. I know it would be difficult to see through the FUD and fog, but one day I'd be very happy. If you know of an automobile or any other physical object that works like software, please let me know.
Other than that, I completely agree with you. Everyone needs to be nice to their customers instead of acting like M$ Partners or Steve Balmer. Also, the only thing dumber than running Windoze is running Windoze on autopilot. The "upgrades" will burn you.
Setting up a nice new laptop from school showed me just how bad the Windoze world has gotten. The gave me a brand new Dell Inspiron 2200, which is about as fast as my best desktop machine. Being new, Mepis had some problems with the machine's power management, which I have yet to resolve. It won't go into hibernate. Silly me, I thought the Windozy ACPI software would fix things so I asked where the utilities were in the forrest of disorganized tabs. No luck, Windoze merely disabled the wifi without asking after taking forever to boot and run a stupid anti-virus tool that "scanned" every file one of the 40,000 useless files on the partition. I was able to turn wifi back on by forcing it to connect to my home wifi and turning it off that way. Acpid and wmacpi, which I just installed via apt-get, will probably work better. How can anyone stand to run that nasty single interface, security nightmare? What single advantage does it have that make it worth the trouble?
Friends don't help friends install M$ junk.
I don't know about you, but I just get bored sometimes, and want something new. Why does the old one have to be broken before I get a new one? The resale is better if it's working.
My blog. Good stuff (when I remember to update it). Read it.
"My other computer is your MS-Windows box"
Got time? Spend some of it coding or testing
So it's (Microsoft Windows)(Malicious ((Software Removal) tool)). Dang, I could have sworn it was (Microsoft Windows) ((Malicious Software) (Removal Tool)).
Let's write it all in Lisp.