Microsoft Takes a 'Patch Tuesday' Break

Phill0 submitted a ZD story about Microsoft's week off which says "Microsoft has no new security updates planned for Tuesday, despite at least five zero-day vulnerabilities that are waiting to be fixed. The patch break could be a welcome respite for IT managers still busy testing the dozen fixes Microsoft released last month. Also, many IT pros may be occupied with the switch to daylight saving time, which at the behest of Congress, is happening three weeks earlier this year. "

DST

[Chicken04GTO]

Stupid congress and their DST. How much energy do they think we will save by moving up DST 3 weeks? How much economic loss will be caused by companies all over the place busting their ass trying to get all kinds of systems pathced and working right...?

Idiot congresspeople.

Re:DST

[Billosaur]

How much energy do they think we will save by moving up DST 3 weeks?

It has nothing to do with saving energy. It's about Congress and the Administration wanting to look like they're doing something about our dependence on foreign oil. There's very little energy savings to be had: these new weeks come in the heart of winter, where a few extra hours of daylight in the evening won't matter because who's going outside when it freezing, and more importantly, people will still have to be heating their homes and offices regardless. And since it will be darker in the morning, when people get up to go to work, any evening savings will be offset by morning usage.

They would have been better off writing a bill to increase tax credits for alternative energy sources and trying to encourage more fuel efficiency in cars and an increase in mass transit. Instead, we get window dressing.

Re:DST

[The_Wilschon]

In a significant and large portion of the country, March is the heart of spring. I saw people studying out under trees yesterday because the weather was beautiful. It is 64F right now. I turned on my air conditioning briefly because my apartment got uncomfortably hot yesterday.

If you don't live in Maine, this makes a heck of a lot more of a difference than you apparently realize. (Yes, restricting to only Maine is an exaggeration, too. Deal with it. You know what I mean by it anyway.)

Re:DST

[sconeu]

The economic loss is grossly exagerated like the w2k bug that NEVER hAPENNED

Which Windows 2000 bug was that?

Oh, you meant Y2K? Yeah, it "never happened" because thousands of dedicated professionals worked for years to fix and upgrade old systems.

What about when they realize it was stupid?

[PornMaster]

Are we going to have to re-patch everything in a year or two when they change it back?

On the good side, we found out what doesn't come back up automatically after a reboot on the Sun systems that needed the libc patch, too.

Re:What about when they realize it was stupid?

[Ctrl-Z]

If people were smart about it, they would have implemented the change to be adjustable so we wouldn't have to re-patch everything. How likely is that though?

Don't bust Congress' chops...

[narftrek]

Hey I can agree that Congress does alot of messed up crap and I would also agree that it may not help much but you should really put blame where it is due: Microsoft. Why? Well mainly because they decided to HARDCODE it into Windows. That is about as silly as when the clock chip makers hardcoded the calendars into the chips for the Y2K incident. Anything that could POSSIBLY change should be treated like the variable it is and make some register for it to be changed in...even things in science we call constants get changed every once in a blue moon so simply making them variables would have made this switch so much easier for everyone. I know when I was in programming 101 my professor would mark my programs into oblivion when I didn't have my variable declarations for everything possible and then initialize them. Somehow or another though Microsoft didn't have such a structure for their coders and now we are left with this mess. I'm sure another instance will arise in the future as well. I hope the coding behind Vista is better. I know alot of people enjoy blaming M$ for alot of crap and usually it is unfounded but this time I think we can all razz them for screwing the pooch on this one.

Re:Zero Day

[operagost]

"Zero-day vulnerability" is totally meaningless. Even the proper "zero-day exploit" makes no sense after zero-day. Totally useless garbage speak, just the marketroids and talking heads who make up words like "factoid" because somehow the word "fact" is not descriptive enough.

DST fiasco

[Vexler]

They had since August 2005 to address this, but the software patch only came out in early February of 2007. Then, they had the gall to change the instructions no less than four times while I was preparing to upgrade (KB930879 was updated three times while I was reading it two Thursdays ago), along with a new version of the upgrade tool that were substantially different from what the instructions said. Even the consulting firm we hired only got it to work this past Sunday night.

Microsoft blew it, folks. This is not to say that OSS does it much better, although Red Hat and FreeBSD (two other OSs we use) nailed the patch months ago. But when you are a $50B company and could only produce the detritus that is the DST patch, there is no excuse for it.

Re:DST fiasco

[kiwimate]

No, really not, actually. I agree 100%, and I work with Microsoft products for a living and will often defend them against the more egregious slurs posted on Slashdot.

But in this case they've blown it. We called them a year ago to ask them about their plans for the change to DST and they asked "what change?". They only really started to come out with patches a couple of months ago.

CRM? Don't get me started...they kept on finding new components to be patched, server and client, said they'd release the patches in early March (!), finally promised to release on February 28th, and then two days before release date came out and said they'd found some problems and the release would be delayed for another few days. And by the way, if you have more CRM clients to be patched than can be easily handled manually and you don't run your users as local admins, then you're in trouble because it's nigh impossible to get CRM patches distributed over SMS.

The Exchange/Outlook tools are a nightmare. The rebasing tool causes all appointments set in the three week period between new DST time and old DST time to be sent out again so all our users came in to work one morning to find their inboxes filled with dozens of appointments which had been resent. And the whole dismal complicated procedure is so complex we've been told it'll achieve perhaps a 90% success rate and there will be problems that we have to fix manually.

No, ordinarily I'll at least be able to defend Microsoft against Linux zealots and fans, but this time they messed up. Big. That the people we talked to didn't even know this was coming a year ago until we alerted them is just wrong, and it has very plainly been downhill from there.

Re:Zero Day

If you're so damn busy, how do you have time to write a book to post on /.? Cry me a river r-tard

Re:Useless and intentional waste.

[jb.hl.com]

The testing, of course, is required. It's the patch that's useless. It should be obvious by now that patching will never fix Windows security problems. The whole exercise is a waste of time and that may be intentional.

Patching will never fix *any* security problems in *any* system on desktop use. Most, if not all software, has vulnerabilities of some kind. You can't just dismiss Windows because it has holes in it, when there are holes in open source software as well.