Slashdot Mirror
Microsoft Plugs a Record 26 Security Holes
An anonymous reader writes "Microsoft today released ten patches to fix at least 26 separate security holes, including a whopping 16 flaws in Microsoft Office and its constituent apps. According to Washingtonpost.com's Security Fix blog, this is the most number of patches ever released by Redmond outside of a Windows service pack. Also of note, six of today's updates apply to fully patched Windows XP systems, and two of the flaws are actually present in Windows Vista."
Apparently the rumors of the pending IE7 release for today were false?
Who is Senia Sheydvasser? http://www.tevlog.com/senia.thml
Help Fight SPAM today!
It could have been 27!
$action = empty(PHP) ? backToC() : unset(PHP) ; "when the concrete cases are understood, the abstractions are readily
Wouldn't it really make more sense to kick them out the door as soon as they are reasonably sure the patch works, as opposed to saveing them up for a while?
That Vista RC2 still isnt ready. Think it will ever be though...?
09:F9:11:02 - 9D:74:E3:5B - D8:41:56:C5 - 63:56:88:C0
It's how many remain that's important.
And, how many were created in the making of the 26 patches?
-- @rjamestaylor on Ello
I am really annoyed by journalists who pose as experts in whatever they are reporting on.
This guy tries to explain to the average reader/non-geek that Microsoft
He should at least refer to it as a platform, even if the vast majority of the readership won't know the difference.
The problem with socialism is that they always run out of other people's money. - Margaret Thatcher
Fixing Windows, doesn't.
RS
Shoes for Industry. Shoes for the Dead.
Until Microsoft provides a way to update from a fresh install to the latest patched version offline, I consider my Windows box to be already compromised.
microsoft introduces 2-3 holes while fixing one .. if they patch up with that speed from now on, it means ... uh oh ...
Read radical news here
...In other news, Microsoft plans to patch the 17 holes created by these patches sometime by the end of the month.
yada yada
god forbid they take it seriously
Do not try to read the dupe, thats impossible. Instead, only try to realize the truth
What truth?
There is no dupe
the 492 (guess but understated) vulnerabilities in ubuntu
Do not try to read the dupe, thats impossible. Instead, only try to realize the truth
What truth?
There is no dupe
I'll start brewing the coffee. It might be a long night.
Well, there's spam egg sausage and spam, that's not got much spam in it.
The package could have included IE 7, as was rumored yesterday.
From TFA: one of the Word flaws is only present in the version made for Apple Macintosh systems /.?
Is that to say that they aren't concentrating on fixing the Mac software, so as to intentionally make Macs less secure if they run MS software and bolster their argument that Macs are no more secure than Wintels?
Or is it that the people at MS writing Mac software are better at it?
Or is it that Macs are inherently more secure?
Or......a million others. I thought it was highly interesting that there were a high number of flaws in the Windows Office, but only one in the Mac Office. What say you
Other than this text, there is no discernible information contained in this sig.
So, at least Microsoft is fixing them.
Microsoft has bugs, people complain.
Microsoft fixes the bugs, people complain.
Apple releases an incremental update to OS X 10.2 to 10.3 and charge you for it ($129.00), and when they release a MASSIVE update in September, not a peep of complaints...
....i once saw this pr0n where 27 holes.....oh wait thats off-topic
It's a good thing we don't have a policy that requires that patches be thoroughly tested before deployment, or the next few weeks could have been really nasty.
I thought all those studies said that Linux had way more security bugs than Microsoft! The last report had Microsoft at somewhere around 52 security bugs and Linux at several times that.
If I have my math right:
52
-26
-----
26 bugs left!
Microsoft only has to fix them there 26 bugs until Windows is all perfect and flawless!
*Does a happy dance!*
You win this thread.
*waits for people to say how this is nothing like the OSX fixes*
That "Incremental Update" with Apple isn't just a bunch of bug fixes though. From 10.2 to 10.3 there are a significant number of changes to the functionality of the OS, as well as the obligatory bug fixes and other patches. Whether it is worth $129, well, probably not...Then again, I don't own a Mac, so I can't quite say for sure whether it's worth it or not.
I don't think anyone feels that Windows is security hole free. I've not seen a security hole free OS. Does today's "news" not perhaps mean that Microsoft is spending more R&D on resolving this issues?
Given Microsoft's history of only fixing security holes when real exploit code is known to exist, should we assume the worst?
It's good to see that new protein gel being tested so quickly.
LOLZ!1!!one!!
...didn't slashdot just decide a couple of days ago that the security companies like Symantec and McAfee were whiners for complaining that MS was making it difficult for their products to work with Vista? Hopefully something like this will make people realize that you can't trust Microsoft to guard their own henhouse. If they were truly a company that was serious about security, the number of "security holes" would be decreasing, not increasing.
Maybe we misread it when they said they were serious about security. Maybe the original message was "We are serious about security holes", but the word "holes" made some of the test audience giggle.
The story is that only 26 were patched.
I think a difference is that to the best of people's knowledge, the holes in Apple's OS weren't being exploited in the wild prior to the patch. Apple is fixing the problems before they're exploited, not a week or two after.
Time will tell though.
... in a row?
(I think the AC meant to say his girlfriend found thirty-seven as a reference to Dante Hick's girlfirend in "Clerks"
The story is that only 26 were patched.
If an automaker and its unhappy vict^H^H^H^Hcustomers keep finding major safety issues and design flaws in a line of cars, flaws that required fix after repair after parts replacement, all of which fail to correct the underlying problem(s), I think the manufacturer would be forced to recall the cars. Certainly lemon laws would apply in many states!
How about a recall on Microsoft Windows XP? Microsoft could probably weasel its way into exchanging the clearly defective copies of XP for copies of Vista, which it can and does claim is better in every way. I doubt it. But that would let Microsoft postpone the bitter end, when it is forced to admit it can't deliver a good, stable, secure OS and has development teams bogged down in a morass consisting of their own icky code.
"You're young, you're drunk, you're in bed, you have knives; shit happens." -- Angelina Jolie
and no factor more effective.
maybe almost 70% of the internet users do not know what a "browser" is, and there are other browsers out there.
This is because microsoft easily pushes its own browser as a "os feature".
majority of casual computer users by then were, now the majority of the casual internet users, those who are not interested in doing something else than using mail, going to a few sites, chatting with some friends and playing some backgammon around the net, are not in a level, proficiency, or desirous to research and explore the intricacies of what they are using.
They are just buying a computer, windows comes installed within, there are stuff there, and they use it.
THIS was the way microsoft have villainishly monopolized the browser arena, and nothing more. Not security, not features, not the "mis-schedule" of netscape releases and nothing more. And certainly, definitely not the "far-sight" or "visionary genius" of bill gates and his memos.
They used the power of market reach, to "sell" something to people who didnt know if any alternatives existed.
Read radical news here
That "incremental update," as you ignorantly call it (nice nick, by the way), was a major version release with a whole new version of OS X, new features, and new technologies. It wasn't some minor service pack.
And that massive update in September isn't so massive when you point out that it's the most we'll see all year. Meanwhile, Microsoft released an IE patch, then released a patch to fix the patch, then released a patch to fix THAT patch. And you wonder why people complain about Microsoft?
"Sufferin' succotash."
Why do I always get this picture of Bill Gates dressed like the little Dutch Boy?
Of course they charged for 10.3. It was an entire new release of the system. Oh, I get it, this is one of those M$ trolls where you ignore the hundreds of new features, new version of BSD subsystem (synced to FreeBSD 5), new technologies like Bindings and Expose, and new interfaces like the Finder, and so on, all in some lame attempt to portray it as not worth charging $129 for even though XP Pro still retails for $250 and is the same crap from six years ago. I bet you think new versions of OS X are the same as "service packs," right? Maybe there wasn't a peep of complaint because your initial judgement is flat-out wrong, but hey, go back over to the Channel9 forums and obsess over technology that's been out for five years in Apple products, won't you?
Uh, it's not. That's the most we'll see from Apple all year. The 26 from Microsoft just beats the previous Patch Tuesday record. Every friggin' month is more and more patches from Microsoft, including patches to fix PAST patches! It's been hundreds this year alone, while Apple's were all minor flaws in various third-party OSS.
.NET is some amazing innovation when it's absolutely nothing more than a Microsoft rip-off of Java, right down to the syntax. Windows is so bad that its own developers call it overly complicated and want to just start over with a rewrite. And this is the OS they want you to spend $400 on and trust your data! Not to mention all that wonderful DRM hell.
I forgot, you're super-hip and enlightened if you try to attack from the other side like that. The pro-MS contingent on Slashdot strikes again! Anything to distract from the hilarity that Vista isn't even out yet and is already seeing flaws. So much for "winning this thread." It's sad you had to log in as AC and reply supportively to your own comment. But hey, you poor Windows users are stuck with the ancient Win32 codebase of Vista and its 15% slower gaming (as stated by Microsoft). But wowee, the window borders are see-through! Thanks for that innovation, Microsoft.
The story isn't that 26 were patched. It's that ONLY 26 were patched. Windows is a sinking Titanic of an operating system with an abortion of an interface that only blinded fanboys defend these days who think
Do you get that? Microsoft fanbois FREAK OUT over charging $120 for a major OS release and yet happily accepting waiting six years to get no updates at all only to end up spending $400 on the "ultimate edition" of an OS X rip-off. Awesome.
Windows--for playing videogames, like The Sims.
Macs--for getting real work done.
This makes me REALLY wonder how many more there are.....
Somewhere in a bar, an IT guy is betting on next patch tuesday's holes plugged
"Hello 911? I just tried to toast some bread, and the toaster grew an arm and stabbed me in the face!"
Microsoft plugs a record 26 security holes; Other 26,000 security holes wanted for questioning.
what would this...
;)
http://bugs.debian.org/release-critical/
look like for windows?
Insightful?
Charges for incremental updates, like Windows 5.0 to Windows 5.1?
The cost for that upgrade is about the same as a 5 pack of 10.3-10.4
someone mind telling me how many of these. 26 patches were for stuff that had already been exploited? For all you know it was foresight on MS's part to patch these up right away. Other than the WebViewfolderIcon Activex Control and Windows XML parser, none of them seem to have been the wild for long. And dont forget only 6 'flaws' were labelled as critical(Note: I mentioned flaws not patches). BTW any word on the snafu that prevented us from gettin the updates for so long?
Select SigText from Signatures where Len(SigText) > 120 Order By Len(SigText) desc
... if they snuck ie 7 in with the "securithy fixes?"
I don't care why you're posting AC
As a Microsoft customer, I'm glad to see that they are releasing a whole slew of patches. As strange as it seems, I'm actually glad and feel MORE secure that they're releasing a lot of them. It gives the impression (however naive it may be) that they really are getting serious about finding bugs and patching holes. I know it's fun to bash on Microsoft but seriously, they aren't going through anything all that different than what the *nix world when through in the late 80s and early 90s. When a company has the most widely used network operating system in the world, and there are people storing sensitive and lucrative data on that system, you have to expect that people are going to be looking to actively exploit it. Sure, home machines get pwnt all the time. However I have yet to see properly patched and firewalled file server owned. With all of the gateway AV, client side AV, IDS' and IE alternatives out there these days, you have to be a pretty incompetent idiot to have your box owned.
For what it's worth, my home XP box downloaded 7 of the possible 26 patches. That's 19 patches that I didn't even need. Not too bad. And much better than having download the updated ftpd, or httpd, or [insert exploited daemon here] source and manually compile it.
It took them some time to get it right, but eventually IE took over.
You mean M$ is going to make security in windows as good as they made their browser. Now this is what scares the shit out of me. Until now M$'s security was well almost non existant, now its going to be a big bloated mess which will be forced on you.
Here's to 26 more patches to fix the 26 patches that plugged 26 security holes to open up 26 more! Yippee!
But next month there'll be 27 patches, 26 of which close newly-created security holes, and 1 recently discovered hole. But we're not going to hear about the new holes until the next press release/security patch announcement. Forget about being proactive, or finding work-arounds. Just leave those holes open, and wait for your software company to spoon-feed you the latest "security release", so that you're "more secure".
Open-source may consist of a bunch of cretins, but at least most project have some semblance of a community. It's like "Hey Jimbo, I just found a hole in TheBucket 2.0!" "Hot Damn, Billy Ray! Let me check wit' th' naybors to see if anyone's got sum solder, or duct tape, or sumpin' while we wait 'ntill Ma' gits a new vershun."
Well, that was a bit of a tirade. Just my 26 cents and 1 peso.
Spork.
P.S. Spork.
Apple releases an incremental update to OS X 10.2 to 10.3 and charge you for it ($129.00), and when they release a MASSIVE update in September, not a peep of complaints...
They re-did the entire PPC emulation layer (or at least heavily modified it). On my Mac Pro (Intel) it was 200+ MB, but my iBook ran to about 30ish MB. So it's pretty clear that about 160-180 MBs of that update was a Rosetta overhaul for speed and scientific apps. That wasn't 200 MBs of security updates, that was like 30 MBs of security updates.
Too bad you broke the patching mechanism in the process!
that's one BIG FRAKKIN' cabbage patch, komrade.... big ole FRAKKIN' pile of spaghetti hairdo. With all the FRAKKIN' chairs that must be flying around and skulls being cracked in board rooms, I suppose ms is investing heavily in the:
2 28.shtml
Protein Gel Quickly Stops Bleeding
http://science.slashdot.org/science/06/10/10/2024
research....
You can't FRAKIN' KILL ms employees (but, you CAN frak and frazzle them up a bit); you resu-frakin-rrect them... (gotta find and destroy that FRAKKIN' ms resurrection ship hiding somewhere...)
FRAK!
Previously: "Linux... Toward the Sunrise..." Now: "Linux... Toward the-- No, now, part of Every Sunrise"
"So which OS are you thinking of that _wouldn't_ be classified as a 'lemon' ?"
Almost any OS that is free... After all, it is hard to argue that Ubuntu (for example), should be flawless when it costs nothing and is in fact shipped out at someone else's expense if one asks for a few sets of the install discs. I run Ubuntu and although I've used Red Hat back when it (as opposed to Fedora) was free, I never really got into Linux. Ubuntu I am working to learn well enough that I never have to infect any of my own systems with the buggy bloatware known as Windows again, at least not at my expense.
The good thing about the news surrounding the impending spread of Vista is that it isn't likely to happen as fast as Microsoft wants or would have the general public believe. Why waste money on a bigger, slower, pile of crapware from Microsoft when it offers nothing substantial in the way of practical improvements over the mess that is XP? What I'm reading these days is that the Vista release is being given the yawn treatment by many IT professionals.
As far as I can tell, since I don't care about cutesy but useless special effects (read: the Aero interface), there is nothing I want to do with an MS OS that XP doesn't do about as well as Vista is likely to, with much less risk of new bugs and security holes. The risk to my wallet is virtually nil with Ubuntu. There are other free Linuxes available and there is much better and affordable support for them than there is from Microsoft for Windows.
Also, XP has been given the acid test for a few years now and a lot of serious problems with it have been corrected to a large degree with the numerous patches and service packs MS has deigned to release for it. In fact, I'm worried that security will be much worse on Vista than it is on XP since 3rd party security vendors are being prevented by Microsoft from hooking in at the level their code needs to run at to be most effective. I don't trust Microsoft to handle security issues. It has a pathetic track record. The programmers at MS clearly don't understand their own code.
My copies of Ubuntu were delivered to me upon request, cost me nothing, installed and are updated easily, and work quite well. I run OpenOffice and use a lot of GNU programs as well as other FOSS.
The only vista I see on my OS horizon is Ubuntu.
"You're young, you're drunk, you're in bed, you have knives; shit happens." -- Angelina Jolie
And with SP1 no longer supported, with all these fixes (granted, some are Office) people will feel even more forced to use SP2.. yey for Microsnot.
It doesn't just happen when I send but when I receive one. It is a pain to tell someone they have to rename a file's extension simply to receive it. Far easier to use a web based email address for that stuff. Ever try to explain to a secretary how to change the extension of a file when Microsoft's Windows Explorer defaults to hiding the extension?
B.
This is a sig. This is only a sig. Had this been an actual sig you would have been informed where to tune for more sigs.
That "incremental update," as you ignorantly call it (nice nick, by the way), was a major version release with a whole new version of OS X
If it was a major version release, it would've been 11. Going from 10.x to 10.y is by definition a point release, not a major release.
Now to be fair, MS do the same thing - Win2k is NT 5.0, XP is NT 5.1. That doesn't change the fact that if Apple want me to think that 10.3 is "a major version release" they should name it as such.
It's official. Most of you are morons.
Yeah but you're saying something that could be seen as favourable for MS en unfavourable for Apple.
So someone has to go and call you ignorant, and most of the time you get modded down....
Too bad tho
They already announced that they were dropping SP1...
Meta will eat itself
I use my car every day. It's an excellent car. Ten years old, low miles, runs like a dream. I take care of it. I change the oil, I lube the joints, etc. The engine under the hood was engineered by the best at General Motors, and its quality is obvious every time I start the vehicle. It performs well, it gets good mileage, and it works on all the roads in the country. I've got a couple gripes about the design, and the anti theft system is a joke, and wiring the stereo was a bitch, but in the end, I paid $5,000 for that vehicle. It was worth every penny.
I use Windows XP every day. It's an excellent operating system. Five years old, two service packs, runs like a dream. I take care of my computer. I defrag the hard drive, I make backups, I vacuum out the dust. The kernel was engineered by the best at Microsoft, the OS is silky smooth and it's obvious every time I boot my computer. It's extremely stable, and boasts uptimes that can turn heads. My games run well and my web browsing is rather snappy. I've got a couple gripes about the interface, but in the end, I paid $100 for that operating system. It was worth every penny.
No one should ever bitch about anti-piracy mechanisms in an operating system. If you don't steal it, they don't bother you.
Boot Windows, Linux, and ESX over the network for free.
Is that the most quality of writing ?
Religion is what happens when nature strikes and groupthink goes wrong.
Comment removed based on user account deletion
What about the 1735265 other Windows flaws that remain unpatched?
when they pulled IE for Mac claiming that they could not compete with a browser that came with the operating system.
Hey, you could have let the users download it...
Funny that you mention that, since actually Microsoft is helping Firefox developers with Vista.
The AACS key is NOT 0xF606EEFD628B1CA427BEA93A9CA9773F
Wow, a piece of software (In this case the WGA servers) had a glitch, I am totally amazed. When are we going to finally get software that never ever screws up and affects a large amount of people and companies? This never happens with F/OSS! There are plenty of bugs that are hunted and eliminated on a daily basis in many projects. I'm not saying Linux or F/OSS sucks, because quite frankly I'm eagerly awaiting my next purchase of a hard drive so I can get my Gentoo installed again (Maybe even take a look at the latest Slackware since it's been a while, but probably Gentoo). I'm just saying you can't expect software to be perfect. In Microsoft's case though, if they don't patch bugs people bitch. If they do patch bugs people bitch even more. Bart Simpson said it best, " Well... You're damned if you do and you're damned if you don't.".
As an aside, people running rolling distributions like Gentoo that don't have as tight a security/stability screening process that, say, Debian does, are at even greater risk than most other Linux users of royally screwing their computer if they end up getting bit by a nasty bug in some random piece of software. I always tell people looking for filesystem choice advice, for example, to avoid finding their answers in something like the Gentoo Forums (Great for many other things though), since it's pretty easy to FUBAR things when you think you're a hotshot putting all your critical data on bleeding edge code, then calling a project crap because you got cut.
By and large, though, if you don't steal, the measures don't bother you. And if you do steal, the measures don't bother you, unless you are noobcake.
"We invented personal computing." - Bill Gates
According to Washingtonpost.com's Security Fix blog, this is the most number of patches ever released by Redmond outside of a Windows service pack.
Well, there's a record that won't stand long!
You are assuming that they got the internet "right" this time. IE 4 and 5 were good, from a user's point of view, IE 6 was OK for a while but then that other company came out with something that was so usable, so secure, so extendable, friendly...
By analogy, you're saying they're going to give it a good long coding session, get that security on the line, get it out there, spread the news that Vista is the securest windows to date (no kidding, this is news?) and then let it slide into oblivion just as they did with IE. How long has 6 been out now? When will 7 come out? Will it take them as long to update any security they come up with? So, code it, then sit back and rake it in.
So yes, if you were saying that, I totally agree with you.
"I remember when Windows 95 came out, with its weak, obviously-an-afterthought "web browser" (IE 3.0)", ronkronk
.
It wasn't an afterthought it was a renamed Spyglass browser which they subsequently 'gave away' with Windows so as they wouldn't have to pay royaltees. After failing to buyout Netscape and get an exclusive deal from NCSA they settled with Spyglass.
"It took them some time to get it right, but eventually IE took over", ronkronk
IE took over by billg strong arming the OEMs to take Netscape off the desktop. Can't you remember what the MS AOL court case was all about.
"AOL's March 12 and October 28, 1996 agreements with Microsoft also guaranteed that, for all practical purposes, Internet Explorer would be AOL's browser of choice"
"Compaq was the only one to fully commit itself to Microsoft's terms for distributing and promoting Internet Explorer to the exclusion of Navigator"
"now it's becoming more and more obvious that they're taking security every bit as seriously as they once took the Internet", ronkronk
Like as an after thought.
"within a few years, we're going to see some really damn secure stuff coming out of Microsoft", ronkronk
I've heard exactly the same kind of thing when NT came out.
"In the meantime, Firefox exploits are cropping up at a seemingly greater pace. This worries me. It looks like a repeat of 1997, when Netscape lost huge amounts of ground to IE by producing a product that wasn't as good as the competition.", ronkronk
Netcape was never inferior to IE. As this test proves. The MS stratagy at the time was to make it a jolting experience for the enduser. Why are you trolling slashdot with patently false pro-MS propaganda.
"We will bind the (Windows) shell to the Internet Explorer, so that running any other browser is a jolting experience"
Firefox running on a more secure OS as standard user are not as serious as bugs in IE running on WinVista. You see as MS embedded the browser directly into the OS so as it couldn't be removed.
Secondly Netscape lost ground because of backroom shenagenans by billg an Co. After threatening to withold technical information, they offered to carve up the market between them or else they would cut off Netscapes oxygen supply.
`The delay in turn forced Netscape to postpone the release of its Windows 95 browser until substantially after the release of Windows 95 (and Internet Explorer) in August 1995. As a result, Netscape was excluded from most of the holiday selling season.'
"Microsoft representative J. Allard had told Barksdale that the way in which the two companies concluded the meeting would determine whether Netscape received the RNA API immediately or in three months.'"
`After Netscape refused Microsoft's offer to divide the browser market, Microsoft embarked on a predatory campaign to eliminate the browser threat'
`In subsequent meetings in the Fall of 1995, Microsoft explained to Intel that its strategy would be to kill Netscape and control Internet standards'
`in exchange for steering clear of the Windows browser segment Netscape would be made a preferred Microsoft partner'
"I'll be telling clients to go with Microsoft products, because they're more secure than F/OSS. And I don't want to see that happen.", ronkronk
I'm really an Open Source advocate except for bla, bla, bla
http://www.usdoj.gov/atr/cases/f2600/2613-1.htm
http://www.theregister.co.u
davecb5620@gmail.com
Come on man, don't be stingy, share those drugs.
That's mainly because nobody is going to bother wasting the time exploiting something that only 3.8% of people actually use.
I'll bite...
If a system is "fully patched," how do you apply an update? Doesn't the need for an update require that a system is, by definition, not fully patched?
Government's idea of a balanced budget: take money from the right pocket to balance...oh who am I kidding?
I'd like to see you cite enough instances of a patch's patch needing a patch to believe that any of yesterdays will under go this.
...In other news, Microsoft plans to patch the 17 holes created by these patches sometime by the end of the month.
The end of which month? That does sound like an evasive Ballmerism, after all.
"You're young, you're drunk, you're in bed, you have knives; shit happens." -- Angelina Jolie
Grammer Nazis - I mod you "troll" unless you actually add something on-topic. Yes, I know I have mispellings in my sig.
When it comes to secuirty it isn't how many patches a company released, it's more importantly is the product more secure and how long it takes to push out the critical patches. And since MS has not been moving quickly on this, it looks like Apple is getting a little riper.
Microsoft went to a hacker convention a little while back to find out what they had to fix.n line/5413792.stm
http://newsvote.bbc.co.uk/2/hi/programmes/click_o
Wrong. A major version update includes a major point release.
So all it will take to make you think that is bumping a number? Simply examining the changes yourself isn't enough? Take a visit to Arstechnica and read Siracusa's reviews sometime.
"Sufferin' succotash."
That's the most concise and eloquent explanation I've seen.
Now all we need to worry about is the newest vulnurabilities.
The Gospel according to lolcat
and that works for pretty much any application that uses the standard Open dialog.
As was pointed out above, OSX is regularly patched with "Security Updates", and last month's Security Update fixed 24 holes and was 200MB in size. Not much different than the 26 holes that MS is patching this month (except the MS patch is much smaller, and included patches for Office).
In 2005 OSX received security patches nearly every month (there were two months it didn't , but there were two other months that had 2 security updates, so it evens out). OSX security updates for 2006 haven't been as frequent, but there have been months with multiple Security Updates:
See Apple Security Updates
Why not a "recall" for OSX?
-- "I never gave these stories much credence." - HAL 9000
hundreds of patches? oh wait your counting both OS and Office (application patches)
the OS: new XP SP2 install, according to windows update: 79 patches. SP2 was not released this year. And the CD I am using is just slipstreamed with XP sp2 no other updates. No hundreds of patches there. And SP2 was released what was it two years ago now? I am not counting MS driver updates ( I trust the maker of the hardware over MS) but I am installing all the critical and 'you should updates these too' patches.
Office upadates are a non issue for me (I don't use MS Office) so I cannot speak on the number of MS Office patches. I reinstalled the OS due to a hard drive failing.
if you need MS office, and MS office is full of holes maybe MS office is not what you should be getting away from.
That report is about bugs, not necessarily security issues. But I agree -- the Vista list, were it made available, would undoubtedly be much longer.
I'm shocked?
On my pc I have removed office 2003 and replaced it with 2007 release candide 1--yet at least two office 2003 patches were successfully installed, according to the MS dialogue? I saw no mention of vulnerabilities in the beta suite, yet it seems it was patched on the sly.
CadWizard