Microsoft to Release 7 Patches Next Week

craters writes "Microsoft plans to release 7 patches next week for Windows and Office. From the article: 'In the monthly pre-patch notification it sends out five days prior to unveiling fixes, Microsoft said that at least two of the seven will be rated Critical, which by the company's definition means that the vulnerability can be remotely exploited.'"

Lack of bug fixing strategy

[mporcheron]

It appears there is a conflict at Redmond.  In one case they are fixing a bug which has yet to be discovered, in another they are fixing a bug which has existed for around nine months.

It's about time they came up with a proper strategy other than randomly fixing the bugs they want to fix.

Martin

Re:Lack of bug fixing strategy

You don't say.

Re:Lack of bug fixing strategy

[voice_of_all_reason]

A   L A T E   F I X   I S   F I N E   T O O

Re:Lack of bug fixing strategy

[flooey]

It appears there is a conflict at Redmond. In one case they are fixing a bug which has yet to be discovered, in another they are fixing a bug which has existed for around nine months.

It's about time they came up with a proper strategy other than randomly fixing the bugs they want to fix.

It looks unusual from the outside, but it doesn't necessarily mean that they don't have a proper strategy. Some bugs are easy to fix, some are difficult. Some are more important, some are less important. Some are likely to cause software to stop working, some aren't. Since there's no way to know just what was involved in each bug at this point (and we'll probably never know what the source looks like as it relates to the bugs), just because it looks funny doesn't mean they're not prioritizing properly.

Re:Lack of bug fixing strategy

Gee it's too bad you're not running Microsoft. I'm sure you'd solve all their problems in short order.

Re:Lack of bug fixing strategy

[Kolisar]

Assuming that M$ actually cares (yes, possibly an exaguration) I will assume that they are fixing the bugs as they are able to and get the fixes tested. It may have taken 9 months to fix the one mentioned so that, based on their tests, the fix does not crash the system. I realize the M$ bashing is fun (and I participate often myself) but I think that this issue is pretty clear.

Re:Lack of bug fixing strategy

If I see that fucking meme one more time

Re:Lack of bug fixing strategy

[MSFanBoi2]

Um, it's quite simple, mayhap some bugs are very easy to fix, to regression test, to ensure nothing else breaks with the patch, or possibly lies on a well known area within the OS or a smaller module. Maybe another that takes a while longer to fix is much harder to pin down and properly resolve.

One would think most people would understand common stuff like this.

Re:Lack of bug fixing strategy

[MadMidnightBomber]

A L A T E F I X I S F I N E T O O

Well, it's better than no fix or for that matter, a poke in the eye with a sharp stick. But it doesn't exactly give you the warm fuzzies to know that Windows is vulnerable to a remote exploit a significant amount of the time - keep an eye on Eeye's upcoming advisories. There seems to have been at least one remote exploit on this list most times I've looked at it over the last couple of years. That's one of the reasons Windows isn't safe without a properly configured hardware firewall. (Not that it is necessarily safe with one, but that's a minimum.)

Re:Lack of bug fixing strategy

I don't get it....why is this post Interesting?

Re:Lack of bug fixing strategy

[10101001+10101001]

In one case they are fixing a bug which has yet to be discovered

I'd love to be using whatever magic powers that allow them to do that.

Re:Lack of bug fixing strategy

[Krach42]

It appears there is a conflict at Redmond. In one case they are fixing a bug which has yet to be discovered, in another they are fixing a bug which has existed for around nine months.

It's about time they came up with a proper strategy other than randomly fixing the bugs they want to fix.

It appears there is a conflict in the Linux community. In one case they are developing features which no one else has done, in another they are developing features that have existed in other OSes for years.

Linux really needs to come up with a proper strategy other than randomly developing whatever they want.

Re:Lack of bug fixing strategy

[dustmite]

... a bug which has yet to be discovered

How do you know that?

Great timing

[0110011001110101]

FTFA - Microsoft will also issue one non-security, high-priority update to Windows, and will update the Windows Malicious Software Removal Tool to, at the least, account for the parasitic Kama Sutra/MyWife/Nyxem worm that caused a stir last week.

Ohhhh man... it figures.. right when I had my spyware pickup line down to a science...

Example:

Me: Well maam, I can fix the problem.
Hot Housewife: Great! Whats it going to take?
Me: Well I've been reading some websites on good ways to deal with myWife.
Hot Housewife: mmmmHmmmm
Me: ANd then we'll look and see if I can find my article on Kama Sutra, and get to work.
Hot Housewife: Screw the article.. why don't you just start checking out my ports now!

Please delay this patch for a couple more weeks, until my viagra laden penis enlargment pills and kingly inheritance arrive from my new friends in Nigeria, thus negating my need for cheesy spyware pickup line attempts.

Re:Great timing

[Horatio_Hellpop]

// thus negating my need for cheesy spyware pickup line//

Methinks you need a hella lot more than pills and bills ...

Re:Great timing

[ettlz]

Shouldn't you be, like, mending fridges or something?

Re:Great timing

[hunterx11]

Your attempt to parody the situation doesn't fit in quite as well as you might like. The problem is with the timing, I think.

Re:Great timing

[SleepyHappyDoc]

Others may disagree, but that was the best laugh I've had all week. You made me spill my coffee on my keyboard, though :/

Re:Great timing

[linguae]

Apparently, you failed at it. Properly bolding the letters, that is. (You accidentially made the whole word like boldface).

Re:Great timing

[PatrickThomson]

first post, eh? Very bold of you to open with a funny

Re:Great timing

[Schraegstrichpunkt]

You're just trying to capitalize on the situation so that you can punctuate your computer hacking skills.

Re:Great timing

really? we couldn't see that, thanks for point that out.

*sarcasm detector explodes*

Re:Great timing

[subterfuge]

Oh, great, a sarcasm detector - thats as reeeally useful invention...

Sounds like a good day. . .

[Limburgher]

. . .to call in sick.

Re:Sounds like a good day. . .

[Rodness]

As the parent alludes, bustage from patches is precisely why our corporate network admins have disabled automatic updates via group policy.

They download the patches directly and install them on some test machines, and verify that the patches don't actually break anything critical to our business. They then push the patches out to the rest of the corporate network via a software update service. Usually this happens within just a couple of days after Patch Tuesday.

As a local system admin, the bottom line is that I don't usually need to call out sick to defend my sanity. (or what passes for my sanity).

For that, I have this on my door. (I'm close to winning.)

Part of ad push?

[ericdano]

Is this related the all those feel good Ads Microcrap is putting on the TV now? The one about them making their software more secure. I think that is the funniest ad spot I've seen in a while.

Re:Part of ad push?

Microcrap? CLEVAR!!!!

Re:Part of ad push?

[PFI_Optix]

The Apple Intel CPU ads are far funnier. I must have missed the part where my Intel PC didn't do anything interesting :)

---

Seriously, Microsoft has become far more security conscious than they were. Don't forget that XP is now almost five years old...with all the talking they've done about security over the past several years, doesn't it stand to reason that they've learned quite a bit just from trial and error?

Re:Part of ad push?

The Apple Intel CPU ads are far funnier. I must have missed the part where my Intel PC didn't do anything interesting :)

Off topic: Am I the only one who just can't find it funny? Every time it comes on, I try to tell myself, "it's just a joke, laugh." Except I'm not convinced it is a joke. Instead, it's reinforcing everything that makes me crazy about Apple and its fanbois - the arrogant, holier-than-thou attitude, the egocentrism, the narcissism, the balls-to-the-wall no-apologies elitism, the elevation of form over function. Honestly, of everything on television, that's only thing that consistently gets me worked up.

Re:Part of ad push?

[ericdano]

It's doing DULL little tasks. Like reading Slashdot. Duh!

Please. 5 years, and there is no end to the virus/spyware problem. And now they, Microsoft, are going to provide "protection" for an additional fee. Why should they do that? Why not include it in Windows XP?

If they were smart, they would release a Windows XP 2 edition that has every little update, and includes 5 years of virus protection. They should charge like $75 for it or something. It would be good PR, and an easy way to make some more money.

Re:Part of ad push?

[PFI_Optix]

As I've said several times here before:

I don't have a virus/spyware problem. My XP box has NEVER had a virus or spyware. I don't put a lot of effort into it, it just hasn't picked one up.

Here's what I have:

A NetGear broadband router (buffer against most worms)
Windows Firewall that spends most of its time turned off
AVG Free
AdAware Personal that I scan with irregularly
Spybot and its automatic utilities

AVG, AdAware, and Spybot are almost always the first three things mentioned if you go anywhere on the internet and ask how to secure your XP system. A broadband router is often recommended even by ISPs these days, and provided by SBC DSL as part of the DSL modem (though I use my own because I like it better).

If we flipped Microsoft's market share with Apple or Linux, we'd find out just how many security holes exist in those operating systems. We don't see all the virus and spyware activity for them because there aren't enough in the hands of uneducated users for a virus to propagate. If you want to sell crappy $10 software at Wal-Mart, you write it for the largest number of average users you can. If you want a virus to spread and get noticed, you do the same.

mod this post -1 Unpopular for saying Apple and Linux have security holes :D

Re:Part of ad push?

[und0]

In six or seven years that i'm using it this Debian box has NEVER had a virus or spyware. I don't put a lot of effort into it, it just hasn't picked one up.

Re:Part of ad push?

[IntergalacticWalrus]

I completely agree. I just can't understand what Apple is trying to accomplish with this. This message reads more like an insult than a selling point.

Re:Part of ad push?

[IntergalacticWalrus]

Being "conscious" about it doesn't do jack and shit. Windows security is going nowhere. Microsoft is trying to fix decades of bad security design decisions and failing at it. The fact that most recent Windows software right now STILL won't run correctly without elevated privileges (including games, which are the LAST thing that should need them for fuck's sake) speaks for itself.

Microsoft has always encouraged both developpers and users to ignore basic security measures. That alone is almost impossible to fix.

Note that I'm NOT saying non-Windows systems (ie. OSX, Linux) have flawless security. Far from it! But the general concern for security is there, and has always been. Microsoft has some serious cleaning up to do if they want to reach that level.

Re:Part of ad push?

[mporcheron]

that doesn't mean debian is fool proof, it just means people haven't bothered to target it because it holds such a small minority of the OS market.

timing?

[mctsonic]

Happy VD from Microsoft!

Re:timing?

[gEvil+(beta)]

Crap! I'm getting VD from Microsoft now?!?

Re:timing?

[drinkypoo]

Not from, just because of. Like always.

Re:timing?

[glitch23]

VD? Are they releasing sexual viruses now in addition to Symantec releasing computer viruses?

You FAIL 1t.

empire in decliNe,

Complete solution to Microsoft security holes

I switched to OS X about a year ago (thanks for making a low-cost Mac, Apple).

I hope it's not business as usual...

[bogaboga]

I hope it's not business as usual; in other wards, small sized patches.

Why?

Because on my Windows 2000 system, the size of the patches 33 in number so far, is bigger than the OS itself! And some quaters say 33 is pretty conservative because M$ puts more than one patch in the so called "hot fix" as seen in the Control Panel. I am already afraid, not to mention a patch that might break other software!

Re:I hope it's not business as usual...

[MSFanBoi2]

I just checked, you are not correct.

There have been 27 critical and high level patches released for Windows 2000, since SP4 was released. Which are a total of just over 31 MB in size.

SP4 itself is 132 MB.

The Windows 2000 Server base install is just over 1.3 GB with most of the standard features.

132+31=163, which is far FAR short of 1.3 GB.

FUD possibly?

Re:I hope it's not business as usual...

[bogaboga]

I beg to disagree.

Save for Media Player, Firefox and M$ Office2000, I installed nothing else. I have watched my free hardidsk size reduce every time a patch is installed. I guess some of the hotfixes belong to those other pieces of software on my machine.

Re:I hope it's not business as usual...

[mottie]

Possibly you have system restore turned on? The previous poster is correct about the size of the hotfixes. Since Windows 2000 came out I have never seen a Windows hotfix break a piece of software. Yes I have heard of Service Packs breaking things if you're stupid enough to be an early adopter, but have never seen a hotfix break anything.

Re:I hope it's not business as usual...

[PPGMD]

Hot fixes do cause issues, but it's very very rare. In all I have seen maybe a handful of computers, (three that I can remember off the top of my head) that reacted negatively to a Microsoft hot fix since Windows 2000 was released.

Re:I hope it's not business as usual...

Hi all,

I just re-installed Win2K SP4 + security rollup1 in mid-January with no applications. I happen to have saved a list of the 29 patches that Windows update then wanted me to install:

MS03-008
MS03-011
MS04-028
MS05-025
MS05-026
MS05-027
MS05-030
MS05-032
MS05-036
MS05-037
MS05-038
MS05-039
MS05-040
MS05-042
MS05-043
MS05-044
MS05-045
MS05-046
MS05-047
MS05-048
MS05-049
MS05-050
MS05-051
MS05-052
MS05-053
MS05-054
MS05-055
MS06-001
MS06-002

You're probably wondering about MS03-008 and MS03-011. Service Pack 4 didn't include updates for Microsoft's java runtime or ...hmmm... I think it was the WSH? Something like that...

Well, anyway 29 patches of about 90 MB including rollup1. I saved them all to a CD for the next reload. Since this is the last OS from Microsoft that doesn't require registration with them, you might want to do the same from time to time.

Re:I hope it's not business as usual...

Please, spreading FUD about Microsoft is like setting off a stink bomb in a landfill.

Re:I hope it's not business as usual...

[MSFanBoi2]

So you upgraded to MediaPlayer 9 (10 isn't available for 2000) which is 13.2 MB.
Microsoft Office 2000 Service Patches and hotfixes is only 62 MB which includes the latest SP.

Firefox is tiny.

So even adding in these comes to another 75 MB. Plus the previous 168 MB or so, is still quite a bit less than even 1/4 of a Windows 2000 install.

Re:I hope it's not business as usual...

[Tourney3p0]

Hah, 1.3 gigs. My fresh, default Windows 2000 load comes in at 450 megs. That's Professional, not server.

Re:I hope it's not business as usual...

[Nikker]

Just as an aside in your 2k calculations does that include swapfile? I can easily run an install of 2k (fresh with no temp files,inet files, etc) 800MB

Re:I hope it's not business as usual...

[drsmithy]

I have watched my free hardidsk size reduce every time a patch is installed.

That's because all those hotfixes save backups of the files they replace, so they can be uninstalled.

Windows 2000?

[RyanFenton]

Anyone know when the date is when MS will stop making security patches for Windows 2000?

I've been avoiding getting newer versions of Windows with any of my new machines I've gotten or made for quite a few years now, and have no plans on ever using Windows XP on my home systems. Will I have to look to third parties for future flaws found in the various Windows 2000 bugs that will be discovered?

Re:Windows 2000?

[drinkypoo]

Yes, you can find them at http://www.linux.org./

Seriously though, what's your objection to Windows XP? I mean, it uses a little more memory, but not much... And it has cleartype! I have a stinkpad with 128MB and I'm dying to upgrade the memory so I can run XP just to get that.

Re:Windows 2000?

[MadTinfoilHatter]

Anyone know when the date is when MS will stop making security patches for Windows 2000?

Windows 2000 will be supported for 5 + 5 years since it's an enterprise product. Home level products are supported for 5 + 0 years (except XP Home which got two years more to live.) See http://support.microsoft.com/gp/lifepolicy for details.

Re:Windows 2000?

[jproudfo]

Security updates will be available until Windows 2000 leaves the Extended Support phase of the Microsoft Support Lifecycle. According to http://support.microsoft.com/lifecycle/search/?sor t=PN&alpha=windows+2000, that's in 2010.

Re:Windows 2000?

[dtfinch]

Maybe XP has nothing he wants enough to purchase an upgrade or a new PC. Like many users, I have window themes and cleartype turned off in XP. I can't stand the softness of cleartype. With those disabled it looks and works like 2000 (mine looks more like '95), but a little heavier, with the need to reactivate if I make any substantial hardware replacements. XP is like a Windows 2000 PlaySkool edition.

Re:Windows 2000?

[drinkypoo]

Most of us are using a corporate version of Windows XP. Even if you have a license for XP Pro (I do) there are reasons to use the corporate version of pro, namely the lack of activation. And you definitely don't need a new PC. Anything that Win2k will run on, XP will run on, with the exception that you might need more memory.

Re:Windows 2000?

[MadMidnightBomber]

Anyone know when the date is when MS will stop making security patches for Windows 2000?

I think it's onto extended support now, which means it will get security fixes for another four and a half years or so.

Re:Windows 2000?

[Phillup]

Seriously though, what's your objection to Windows XP?

I don't know about the original poster... but I like to know that 10 years from now I can install the OS and use it in whatever emulater I'm using at that time. (Right now it is VMWare)

Product activation is a HUGE objection for me. (and not just for some time in the future...)

After paying for an OS I really don't think it is anyone's business how many times I reinstall it, as long as I'm not using it on more systems than licensed for.

And I sure as hell ain't gonna ask permission to use it the way I want...

Remotely exploited? Great!

And just when I thought it was safe to set up Office 4.0 on a 386 for grandma. Looks like I'll be busy fixing things for a while. Oh wait, she doesn't have a modem....

Released Early

[ZachPruckowski]

You can get the Windows patch here. And after you do that, the Office patch is right here.

Re:Released Early

[drinkypoo]

Dude, if the imac is the answer, it must have been a pretty stupid question. I don't want to trade one proprietary system (mostly software) for another (mostly hardware.) If I'm going to leave Windows as my desktop OS, then it's not going to be for another vendor that seeks to limit choice. Which is any vendor.

Re:Released Early

[MSFanBoi2]

Never mind the dozens of patches needed to get MacOS X secure and all the money needed to spend to get a computer that runs it.

Re:Released Early

[engagebot]

Pretty funny guy.

News flash: You think the heads-up about security updates is for you, the imac using home user? No. Its for us IT professionals that have to manage 1500+ machine Active Directory networks.

So go ahead with your imac. Have fun with your ipod. But don't expect the rest of the corporate world to be impressed.

Re:Released Early

[the+grand+asdfer]

Hey dumb ass, before you were even born NextStep (MacOS X) had it's own directory authorization system that kicks ass over AD. You can keep your crappy os and feel good about your job because patching windows systems is a full time job! Better pray that corporate IT does not adopt linux/macos or you'll be back at the fast food restaurant looking for a job.

Re:Released Early

[drinkypoo]

Hey dumb ass, before you were even born NextStep (MacOS X) had it's own directory authorization system that kicks ass over AD

Hey dumb ass, before you were even born English (American) used the words "its" for posession and "it's" as a contraction of it is.

NeXTStep is sexy but you if you buy them in any kind of quantity you can get PCs for half what you pay for macs. At least, ones useful for business. The imac is a bitch to even get into (the new one especially) and that's just not supportable if you have more than a handful of machines.

Windows sucks, sure, but I'm not sure OSX on Macintosh is the answer. In fact, I'm pretty sure it isn't.

Re:Released Early

[dustmite]

What if (like the vast majority of people) you don't care if it's proprietary? Then it's just logical that one would choose from the better of two proprietary systems. Then, uh, "dude", the GP post actually makes perfect sense.

Believe it or not some people don't choose OSs based on their openness, but on whether or not they are crap.

Re:Released Early

[drinkypoo]

Yes, but those people are stupid and/or ignorant. They need to consider both criteria to avoid the tyranny of vendor lock-in. The fact that some people are lame does not make me want to be lame.

Remotely exploitable but not neceassarily wormable

There's no cause to panic yet, because this doesn't _necessarily mean a worm can happen (ie, doesnt breach the SP2 firewall, or work in outlook, or IM, or get past HTML filtering in most web email providers). Based on the past, more likely is that they are talking about an IE only exploit. If the remote exploit is just in IE that it means is that if you visit a malicious website .. they can infect your computer. Yes, a danger .. but if you are paranoid and only go to selected websites .. you're reasonably safe.

Microsoft "warned"...?

[Dekortage]

Microsoft warned users...

I don't use Windows systems often, but most of my colleagues and friends do. How exactly has Microsoft warned its users? Pop-up windows? Ads in the local paper? Public service announcements on cable television? Are the requirements for Microsoft repairing computer-disabling software bugs the same as, say, General Motor's obligations for repairing automobile-disabling engineering mistakes (e.g. recalls)?

Re:Microsoft "warned"...?

[flooey]

Are the requirements for Microsoft repairing computer-disabling software bugs the same as, say, General Motor's obligations for repairing automobile-disabling engineering mistakes (e.g. recalls)?

No, they're not. Between current software liability law (or rather, the lack thereof) and EULAs, Microsoft doesn't have any legal obligation to fix anything, let alone let you know that a fix might be available.

Re:Microsoft "warned"...?

How exactly has Microsoft warned its users? Pop-up windows?

Security mailing list for admins. Windows Auotmatic Update for users (you can set it to notify you, notify and download, or notify, download and install).

Say what will you will about MS, but the Windows Update thingy is about as stupid-proof as it could be. Anyone getting rooted because they didn't have an available patch I have no sympathy for. I use SUSE at work and the susewatcher is more like the "Custom" update feature, which I assume most /. Windows users run for more control.

"/. Windows users...." Did I really say that?

Re:Microsoft "warned"...?

[Tim+C]

Between current software liability law (or rather, the lack thereof) and EULAs, Microsoft doesn't have any legal obligation to fix anything, let alone let you know that a fix might be available.

I'm not aware of a single software producer of any kind that admits liability for anything, other than by specially arranged contract. Even the GPL has the "no warranty" clause.

Among those patches

[dtfinch]

is the Kama Sutra remover that's no longer of any use now that they've waited so long to release it. Now they're just kicking those 3 infected users while their down. They're basically saying "Now that it's deleted all your documents, here's that removal tool we decided not to release a couple weeks ago, so you wouldn't be bothered with an unscheduled patch release."

I am the same way, sticking with older versions

I can't say I have really had many problems with sticking with Windows NT 4.0 (and Windows 95 for the occasional game.) I never needed all the bloated crap that the newer OSes install. Without IE, I'm immune to most of the malware / exploits out there, and if I need a critical Windows update (which is quite rare on these OSes), I download and install them manually.

IMO, Windows XP is a disgrace to the NT family. If the time ever comes when I "need" to get off of NT 4.0, I'll be on Linux by then, as I am already gradually converting to it anyway. Linux isn't perfect either (and it's time-consuming to trouble shoot some things), but I'd much rather go that route than to ever go the way of XP.

Re:I am the same way, sticking with older versions

[drinkypoo]

IMO, Windows XP is a disgrace to the NT family

That's like saying George W. Bush is a disgrace to politics in the U.S.

What's so bad about XP? NT 4.0 already made the worst change to NT ever, which was to merge the kernel and GDI memory spaces. If you're going to claim that some older version of NT is somehow better, in my book, you're going to have to go all the way back to NT 3.51. :P

Re:I am the same way, sticking with older versions

[Horatio_Hellpop]

//Windows XP is a disgrace to the NT family ... I'd much rather go that route than to ever go the way of XP.//

Care to delineate why? I've used XP Pro since day of release ... no virii, no worms, *rarely* crashed ... overall fast and stable. This has been done using free software, and simply good computing habits -- which I'm sure you could implement, since you know enough about computers to make Linux work for you.

I tire so, of these "Xp sucks because ... well, it just does!" comments ...

Re:I am the same way, sticking with older versions

[argent]

Half right.

Windows NT 3.51 was pretty solid and reliable, but had lousy device support.
NT4 had slightly better device support, but it was a lot less reliable, and more of a memory hog.
Windows 2000 has been a lot better than NT4, though it's still got a messed up architecture, and it's got good device support.
Windows XP is, well, it's Windows 2000 with a few extra bundled tools (like the Citrix stuff from Terminal Server), and nasty copy protection.

I wouldn't use XP on ANYTHING if I wasn't using a corporate load that doesn't have time-bombs in the kernel ready to lock you out of your own machine if you upgrade the hardware.

Re:I am the same way, sticking with older versions

[drinkypoo]

Well, me neither. But I'm using the corporate version, too. And I'll do the same thing with vista when it comes around, provided it's possible; get myself a license for pro, but run pro corp.

I used to have an NT351 machine under my hand. It was a real trouper and never gave me any trouble. But you're right about device support. 351 supports what, 4GB volumes? But even so, it was way solid, at least compared to any Windows since.

Re:I am the same way, sticking with older versions

[dreemernj]

Similarly I've used WinXP at work for about 3 years now, and Win2K since December of '99. Neither has given me trouble ever. No serious virii or spyware problems, no crashes, very fast...

I definately would not put down XP that much. I prefer 2K because the addons in XP are things that I have not had a need for yet, and the XP I use at work has themes and cleartype turned off (along with a few other things disabled).

Hell, I've even spent quite a bit of time on NT4 without any problems (but I wasn't looking for much hardware support just stability using standard office apps on ancient comps) and it went smoothly.

My favorite is when people make BSOD jokes. I've never gotten one in XP and only ever gotten them in Win2K when I was fiddling around with homebrew device drivers. BSOD meant something back when 9x was the most common home MS OS (aka the dark ages).

So what?

[MSFanBoi2]

I don't see what the big deal is, both Linux and MacOS get patched. Some more often than others...

Re:So what?

[pullmyfinger]

True but the effect of the patches will be on a far great audience suceptable to certain nasty flaws/worms/corrupt media files etc. I'm not saying that Linux/Mac patches aren't important, but the scale to which MS patches effect hundreds of 1000's corporate and home users is a big deal. I personally feel this should be broadcasted with hopes of creating better awareness for patching any OS being used at home/work.

Why is this on the front page of slashdot???

[dynemo]

so all of the linux/OSX fanboys and start flaming Microsoft yet again. Sure, they have vulnerabilities in their product, so does everyone else. If anything, being the security professional that I am, Microsoft has made me MONEY over the last few years. BTW, I use linux ALL of the time.

Re:Why is this on the front page of slashdot???

[MSFanBoi2]

Because if it wasn't this wouldn't be Slashdot. We all know that at least 75% of the people that read slashdot and claim to be massive supporters of Linux, all run home, fire up Windows XP and play WOW all night anyways...

Re:Why is this on the front page of slashdot???

[TerminalWriter]

Hey...I don't play WOW! I play EQ! Thank you very much!

Where's the big news here?

[g253]

I'm not saying this isn't good news, but it's not very big news, is it?
I mean, do we need a frontpage story just because MS releases a patch? Don't they do it more or less regularly?

And besides, why should we care since all of us here use either Linux or BSD?

Re:Where's the big news here?

[Zontar_Thing_From_Ve]

And besides, why should we care since all of us here use either Linux or BSD?

To quote from Monty Python:
Not exactly all of us.

Re:Where's the big news here?

so slashdoters can spit on microsoft.
yet the poster of this news seems to be forgetting...THAT WE DON'T CARE
patches are something we expect to get.
if it's serious or not it's not news worthy.
unless you start posting every update for every other distribution out there.
but then u'll run out of news space pretty damn fast

Microsoft to Release 7 Patches Week after Next

[neonprimetime]

Microsoft to Release 7 Patches Week after Next in order to fix the 7 Patches they will be releasing Next Week.

MS Anti-Virus

[devinoni]

Maybe Microsoft will release updated virus definitions once a month too.

Re:MS Anti-Virus

God I love a profitable business model.

First you create an OS that is so similar to a sieve that it creates (or demands) a whole marketplace full of antivirus security products that are necessary to keep your product running.

Next you wait a while so these antivirus products become accepted as a normal and inevitable requirement of using a computer.

Finally you release your own product to take advantage of the market that you created with your own sloppiness to begin with. Hopefully people will be complacent enough that they won't notice the insanity of it.

The best part is you can control the profitability by having control over the holes that you are protecting in addition to having a competitive advantage by having access to the source code. That way you can easily create a product that the existing products can't match!!!

Re:MS Anti-Virus

Yeah, I thought Linux was perfect. I could keep going on forever. But I won't.

Re:MS Anti-Virus

Hey dopey, I don't work on Linux systems. I am just amused by the stupid assumptions that people make that make things go so very very wrong.

One for each...

[Suspended_Reality]

Let's see, there's one patch for gluttony, because the Windows software is bloated.

There's another patch for lust, so Google Desktop won't track your pr0n habits.

There's supposedly a patch for sloth, but I'm too lazy to see what it does.

There's a patch for wrath, you son-of-a-bitch!

There's a patch for envy, it will nullify Firefox.

There's a patch for pride and that just leaves one patch for greed, but Micro$oft will fix that sooner or later.

Looks like ...

[pilsner.urquell]

Looks like Microsoft is trying to patch there image.

could be hot

[slackaddict]

The posts start out provocatively talking about "hot fixes", "KamaSutra", "fingering", "port scanning"... But I get worried when the conversation moves to "virii" and "worms".

Re:could be hot

viruses you moron.

Oh Great

[aquatone282]

7 reboots.

Lawsuit Patch

[ehaggis]

Is one of the patches for the Access lawsuit which requires you to patch office xp? To bad SCO doesn't sell indemnity insurance for Microsoft products, they're barking up the wrong tree with Linux.

In other news

$VENDOR releases patch for $PRODUCT

Is this what slashdot has been reduced to? what a fucking crock. I've cancelled by account.

Good day gentlemen.

We get to bash MSFT each month! What about Apple?

[I'm+Don+Giovanni]

Microsoft releases security patches once a month every 2nd Tuesday of each month (one month last year required no patches, and occasionally (rarely) a super-critical flaw requires an out-of-cycle patch)), which means that this same story appears on slashdot each month so fanboys can orgasm over the fact that another set of patches is being released.

Of course, according to http://docs.info.apple.com/article.html?artnum=617 98, Apple releases security patches more-or-less monthly as well (not quite as often as MS) yet we see no headline stories on slashdot regarding those patches.

Slashdot at its finest!!

Want reasons why NT is better than XP? Sure thing!

Care to delineate why?

That's easy. I'll just list a few reasons:

1. XP comes with IE embeded into the OS. NT doesn't. LitePC.com allows me to remove IE from all Windows OSes for free, except for XP. I wouldn't even take XP for free, unless I were compensated the amount of money it takes to remove IE and all the other crap it installs.

2. NT gives me more control over processes. I can even kill "critical" tasks if I so choose. Thus, it is very easy to keep the number of processes running in the teens. Let's see that kind of control on XP....

3. XP's explorer.exe is absolute garbage compared to NT's. Right click your desktop for instance. NT brings up the context menu instantly. XP has some delay. Also hover your mouse over the clock. Half the time, the date never comes up. It always comes up in NT. Now press the Windows flag key and E to bring up an explorer window. It's nearly instantaneous even on the slowest of machines on NT. It has horrible delay on XP.

4. More ports are open to attack, out of the box. Sure, NT is typically vulnerable to ports 135, 139, and maybe another port. Now compare to XP. Run netstat -an if you like or run the ShieldsUp test on grc.com. It's no wonder why NT 4 wasn't impacted by Sasser and the likes. A simple batch script on startup can plug most issues on NT without even having a firewall. Try surviving on the 'Net on XP under the same conditions.

I have plenty of other reasons, some of which are personal preferences (such as how XP handles multiple pages on the taskbar compared to NT), but I won't bore everyone with those. Needless to say, XP isn't for everyone. Ordinarily, it wouldn't bother me what OS, browser, and mail client that others use. However, I get tired of getting port scanned by the numerous XP zombies running IE and Outlook that haven't bothered to patch their sorry boxes.

Oh, and don't bother with the USB arguments. Some of us survive just fine without it (even though there are patches to support it on NT / 95 / even 3.1!) If I needed that, I would have "upgraded" to Windows 2000lite / 98lite by now.

Translation

[cpu_fusion]

Translation: Until next week, if you run Windows there are at least seven ways to pwn you.

I disagree.

You've had better laughs this week.

Re:I disagree.

[SleepyHappyDoc]

See, i told you others could disagree.

Do i have to switch channels?

[threedognit3]

CooL...I have automatic updates. Nothing here to see.

They finally patch this!

[Legodude522]

I got that paper clip virus! Oh God help me and send that patch.

So what?

[ross.w]

I'm in the middle of downloading about two dozen patches for Suse 10.0

At least they're issuing patches

Re:Want reasons why NT is better than XP? Sure thi

[Horatio_Hellpop]

// I'll just list a few reasons://

It's easy to answer those objections:

1. Install Firefox, remove access to IE (easy to do with profiles)

2. Upgrade your hardware.

3. Upgrade your hardware.

4. Install kerio or Sygate PFP (about a two-minute download).