Microsoft Takes a 'Patch Tuesday' Break

Phill0 submitted a ZD story about Microsoft's week off which says "Microsoft has no new security updates planned for Tuesday, despite at least five zero-day vulnerabilities that are waiting to be fixed. The patch break could be a welcome respite for IT managers still busy testing the dozen fixes Microsoft released last month. Also, many IT pros may be occupied with the switch to daylight saving time, which at the behest of Congress, is happening three weeks earlier this year. "

"Patch Tuesday" Break?

[instantkamera]

So they were allowed an extension to their "Avoid Releasing Decent Software" Decade vacation?

A positive note!

[FredDC]

At least they can't break anything new this week!

DST

[Chicken04GTO]

Stupid congress and their DST. How much energy do they think we will save by moving up DST 3 weeks? How much economic loss will be caused by companies all over the place busting their ass trying to get all kinds of systems pathced and working right...?

Idiot congresspeople.

Re:DST

[The_Wilschon]

In a significant and large portion of the country, March is the heart of spring. I saw people studying out under trees yesterday because the weather was beautiful. It is 64F right now. I turned on my air conditioning briefly because my apartment got uncomfortably hot yesterday.

If you don't live in Maine, this makes a heck of a lot more of a difference than you apparently realize. (Yes, restricting to only Maine is an exaggeration, too. Deal with it. You know what I mean by it anyway.)

Re:DST

[sconeu]

The economic loss is grossly exagerated like the w2k bug that NEVER hAPENNED

Which Windows 2000 bug was that?

Oh, you meant Y2K? Yeah, it "never happened" because thousands of dedicated professionals worked for years to fix and upgrade old systems.

What about when they realize it was stupid?

[PornMaster]

Are we going to have to re-patch everything in a year or two when they change it back?

On the good side, we found out what doesn't come back up automatically after a reboot on the Sun systems that needed the libc patch, too.

Re:What about when they realize it was stupid?

[Ctrl-Z]

If people were smart about it, they would have implemented the change to be adjustable so we wouldn't have to re-patch everything. How likely is that though?

Re:That's one of the reasons I use OpenSource

[lostwars]

Linux has to to be patched as well for DST.

maybe

[mastershake_phd]

Maybe nothing needs patching!? Ya, that must be it.

Re:Zero Day

[SilentChris]

You obviously don't work in an enterprise.

These last 2 weeks have been crazy. Monstrous. Patches for Windows, patches for Exchange, patches for Outlook, patches for Java, patches for Oracle, patches for Act, patches for Blackberries, patches for Treos, patches for that weird-ass cell the COO uses and no one else does. Patches to replace patches. Patches to undo the damage other patches have made. I firmly place blame on the software companies for waiting this long to sort things out, but this says it all: http://support.microsoft.com/kb/914387 NINETEEN REVISIONS. That's the most for an MS KB article ever.

Yes, there are zero-day vulnerabilities out there. However, considering the potential trainwreck that's going to happen Monday, no admin in their right mind would install new patches on Tuesday. No admin worth their salt would do so anyway: usually you wait a few days for the early adopters to fish out the bugs and MS to release any new versions. You let your security hardware and software (which has barely needed to be patched) deal with any potential problems. That's just smart business sense.

For those of you admining a handful of servers, serving basic stuff like webpages, laughing at the work some people have to do for this, that's great. Enjoy yourselves. For the rest of us with a real workload: hundreds of servers and tens of thousands of desktops, all with software on top of software that may or may not be compatible with each other patchwise, this last few weeks have been a living hell. A couple people getting their Word documents hosed is nothing compared to payroll systems not working, trade systems coughing up blood, etc. I'll hand that responsibility off to Symantec and friends -- I've got more important stuff to worry about.

Re:Zero Day

[operagost]

"Zero-day vulnerability" is totally meaningless. Even the proper "zero-day exploit" makes no sense after zero-day. Totally useless garbage speak, just the marketroids and talking heads who make up words like "factoid" because somehow the word "fact" is not descriptive enough.

DST fiasco

[Vexler]

They had since August 2005 to address this, but the software patch only came out in early February of 2007. Then, they had the gall to change the instructions no less than four times while I was preparing to upgrade (KB930879 was updated three times while I was reading it two Thursdays ago), along with a new version of the upgrade tool that were substantially different from what the instructions said. Even the consulting firm we hired only got it to work this past Sunday night.

Microsoft blew it, folks. This is not to say that OSS does it much better, although Red Hat and FreeBSD (two other OSs we use) nailed the patch months ago. But when you are a $50B company and could only produce the detritus that is the DST patch, there is no excuse for it.

Re:Zero Day

[wordsnyc]

http://www.word-detective.com/101800.html#factoid

Blame it on CNN -- they started the whole ruckus by taking a perfectly good word and twisting it.

"Factoid" is one of those rare words that were undeniably invented by an identifiable individual, in this case Norman Mailer, in his book "Marilyn," published in 1973. The Oxford Dictionary of New Words defines "factoid" thus: "A spurious or questionable fact; especially something that is supposed to be true because it has been reported (and often repeated) in the media, but is actually based on speculation or even fabrication." Norman Mailer himself defined "factoids" as "facts which have no existence before appearing in a magazine or newspaper, creations which are not so much lies as a product to manipulate emotion in the Silent Majority."

Mailer invented the word by combining "fact" with "oid," a scientific suffix meaning "resembling or having the form of, but not identical to." Needless to say, "factoids" in Mailer's sense are the antithesis of serious reporting, and to accuse a journalist of trafficking in "factoids" was a grave insult, at least until CNN came along.

Re:Why not just fudge the timezones permanently?

[mandelbr0t]

I don't get why we don't just push all the U.S. time zones forward an hour and leave them there, and get rid of this fall/spring switching. Because you share them with Canada, and we really need the spring-forward/fall-back. If we stuck with summer time, the sun would set at 3:30pm in mid-winter. If we stuck with winter time, the sun would rise at 4:30am in mid-summer. Either way, I'm glad the clock changes back and forth. That being said, I don't think there's anything to be gained by moving only 3 weeks, except to put some money in IT consultants' pockets.

Jedi Mind Trick

[RancidMilk]

Microsoft: "These are not the flaws you are looking for"
Customer: "These are not the flaws I was looking for"
Microsoft: "Go home and rethink your life"
Customer: "I will go home and rethink my operating system decision"
Microsoft: "What??? No! Your Life! Rethink your Life!"
Customer: "Rethink my li.... nux. I need Linux."