Microsoft Skips Patch Tuesday

maotx writes "According to their recently released security bulletin, Microsoft will skip this month's Patch Tuesday. Patch Tuesday, also known as Black Tuesday amongst Administrators, is the second Tuesday of every month, in which Microsoft releases a series of patches and critical updates for its various operating systems and applications."

They have decided

[guildsolutions]

That security on there software is too expensive, and that they can lower the TCO and become cheaper tha linux by forgoing security completely.

Re:They have decided

[l0ungeb0y]

That's complete BS. The average user does give a damn.
The problem is that the average user is scared as hell to update their Windows OS because when they have in the past it broke things and caused all sorts of problems.

There's an old saying: "Once bitten, twice shy".
You do the "right" thing only to get bitten in the ass because of it, you learn quickly not to do that again.

The average user isn't a geek and while so many geeks can't understand this fact and rant how most people are clueless.
This works both ways. How would you like it if every trip to the auto-mechanic you were chided for having certain tires, not using a particular brand/weight of motor oil, not being timely enough in getting a tune up, why didn't you change your own oil, your tire pressures too low? Or if you went to a lawyer, you were spoken down to and treated like a schmuck because of your ignorance of legalese?

So when these people run Windows auto-update in their attempt to "be good" and then need to call in some geek to fix it, only to get an ear-full of crap about IE this and Outlook that and VB-de blah de blah, you think they really want to suffer that indignity again?

It's a two fold problem really -- Running MS Auto-update is like playing Russian Roulette and if you lose, you've got to fork over cash for a lecture from some holier than thou sociopathic computer geek that's lost all perspective of life outside /.

So for many, the best option is to ignore the patches to avoid the headaches they've learned by experience to associate with negative experiences.

And it's people like you that help reinforce that associative perception. Good job.

Yes!

[MyLongNickName]

Finally, all of the Microsoft vulnerabilities have been fixed. No more work to do.

In your face, LINUX!

Memo to all employees:

[freetipe]

"Patch Tuesday" has cancelled.
"Hawaiian Shirt Friday" will continue as normal.
"Executive Chair Throwing Saturday" is uncertain, but quite likely.

What happens for patch-quick operations ?.

[Gopal.V]

A patch every month ?. Do they hold onto the patches if it happened to be one that slipped a schedule and became available on the thursday after the first release. Do they wait an entire month before shipping in the next ?.

I've often heard tuesday mid-morning was the best time to release a new package - mostly hearsay. Any bit of truth in it ?

Tuesday's are considered unlucky in Indian lore - to undertake new things. Wednesdays are the day of beginnings - but it's already Wed here by the time it's released worldwide.

Re:What happens for patch-quick operations ?.

[Saven+Marek]

The whole idea of releasing patches only once a month and on a set date is ridiculous.

Vulnerabilities aren't discovered and exploits aren't written to respect the timing of Microsoft in this regard.

What happens if a vulnerability is discovered and an exploit written for it a couple of days after patch tuesday? Microsoft's whole bug fixing scheme is then set to only handle it 28 days later.

And we all know what happens in 28 days later.

What happens when a vulnerability is fixed that needs more testing for many people, but also comes attached to vulnerabilities that can be simply exploited? do we wait for the former before applying the latter, or apply the latter and to hell with the consequences in the former?

I think this is moron thinking. Each patch should be one small patch to fix that vulnerability and only that vulnerability. no other bug fixes with regards to non security issues, no combining patches, no waiting for days to fix a patch.

Then the monthly updates can be set client side however the client wishes to handle it. daily or weekly or monthly. whatever they wish to handle. at the time.

Re:T... F... A!

[MyLongNickName]

I am glad to know that if Microsoft gets Slashdotted, we have this cut and paste to refer to. We all know Saturday morning in the U.S. is the heaviest traffic time, and that Microsoft runs its servers off of 486's with 32 megs of ram.

We have no idea how you beat out all the subscribers, and got around the 404's. But somehow, undoubtedly through minutes of perserverence, you were able to get the job done. And in your rush to provide this service, you were STILL able to make sure it was formatted nicely. Well done.

If it weren't for you, therer is absolutely no way I could have read this fine article. I Thank you and your country thanks you.

Jeez, miss the key point why don't you...

[Zocalo]

It's not so much that there isn't a patch this month, as that Microsoft has decided to hold off on releasing a patch due to stability concerns, which is laudable. So, while we have no patches this month, we also have a known unpatched, remotely exploitable hole in Internet Explorer until the eventual release. The big question is, will Microsoft release an out of cycle patch to fix the issue, or will be have a full month of PCs getting owned just because they visited the wrong URL using IE6?

Re:Jeez, miss the key point why don't you...

[maskedbishounen]

(...) or will be have a full month of PCs getting owned just because they visited the wrong URL using IE6?

And how is that different from any other month?

*ducks*

Sometimes Microsoft does beat Open Source

[Henry+V+.009]

"Late in the testing process, Microsoft encountered a quality issue that necessitated the update to go through additional testing and development before it is released. Microsoft is committed to only releasing high quality updates that fix the issue(s) in question, and therefore we feel it is in the best interest of our customers to not release this update until it undergoes further testing."

That is one positive thing about Microsoft. When they release a patch, you can be sure that it has been tested through the roof. It's a rare open source project that can match Microsoft on that.

No, from TFA, they're NOT skipping Patch Tuesday

[bearl]

TFA article clearly says that they're issuing several updates right on schedule this coming Tuesday.

They are delaying a security update that was previoiusly scheduled for Tuesday. They're delaying it because they found some problems during late testing. Good on 'em for that.

Aside from that, the rest of the updates will be issued as scheduled.

No Patch? Skipped a month?

[marktwen0]

Microsoft announced they had omitted the patch

Funny--my girlfriend also said something about not needing to use the patch this week...and something else about a missed month...

Oh, wow! Cigars, anyone?

Re:No Patch? Skipped a month?

I guess that'd be funny if you actually had a girlfriend.

Vulnerability Wednesday

[soloport]

"CERT and other vulnerability watchdogs have noticed an continuous increase in new exploits which are released, almost synchronously, on the second Wednesday of each month." -- Phrak News