Slashdot Mirror
Microsoft Plans Largest-Ever Patch Tuesday
CWmike writes "Microsoft said it will deliver its largest-ever number of security updates on Tuesday to fix 13 flaws in every version of Windows, as well as Internet Explorer (IE), Office, SQL Server, important developer tools and Forefront Security client software. Among the updates will be the first for the final, or release to manufacturing, code of Windows 7, Microsoft's newest operating system. The 13 updates slated for next week, eight of them pegged 'critical,' beat the previous record of 12 updates shipped in February 2007 and again in October 2008." Update Reader Kurt Seifried writes to correct the math a bit, pointing to Microsoft's Advance Notification page for the release, which says that rather than 13 flaws, this Patch Tuesday involves "13 bulletins (eight critical and five important), addressing 34 vulnerabilities ... Most of these updates require a restart so please factor that into your deployment planning."
How do people forget a password in three days?
Because people are stupid. A person is smart, but people are stupid.
One of the most strangely insightful comments in Men in Black from memory.
Moved to http://soylentnews.org/. You are invited to join us too!
I'd like to see a comparison between the number of patches to Linux vs. Windows. :)
For just the kernel, or for a whole average distro? Which distro's kernel and which variant (e.g. SMP vs. uniprocessor) and which arch? (x86 vs. say, PPC or ARM)? Do we count all the optional modules, and what about the stuff that is out there which could be compiled-in, but usually isn't (e.g. Win4Lin extensions)? Are patches counted as individual diffs checked in to a CVS/SVN/BK repo source tree, or counted only if distributed .rpm/.apt packages by a vendor?
Otherwise, yeah, I can see your POV. :)
Quo usque tandem abutere, Nimbus, patientia nostra?
Nope, that doesn't require a patch; it was built into the original release ...
Yup. The hard drive with ME installation will jump out from the chasis, climb the refrigerator and rub itself all over the magnets.
Face your daemons!
I was about to bitch about the submitter/moderator not RTFA, but it turns out, the article doesn't mention it either, so I'll clarify instead: thirteen updates are being released which together address thirty-four security vulnerabilities of varying severity across varying products (ten of which are targetted at Windows). So, that's NOT thirteen flaws (plenty more actually), just thirteen updates, some of which (all?) address multiple flaws in the particular system they are targetted at. Of course, this is just the advance notification, so full details about how many vulnerabilities each update addresses and the general information on them won't be released until the patches are next Tuesday. I think it's also worth nothing (although the summary of course neglects to mention it) that the good aspect of these updates are both major zero-day exploits (targetting IIS & SMB 2.0) are patched with these updates.
And while I'm posting, why does Slashdot insist on linking to shitty tech magazine articles (poorly) summarising the raw and accurate data straight from Microsoft? Seriously, I'm not sure if it's some sort of aversion to linking to MS, but they're the ones doing the patching, so it follows that they have the best, newest, most accurate data on them, and they'll likely be the first to provide updates on their content. These articles are just summarising what Microsoft has published on their various web-sites, and being a summary, they provide a lot more information and raw data:
Microsoft Security Bulletin Advance Notification for October 2009
October 2009 Bulletin Release Advance Notification
I built my system myself which means that I'm more than capable of grabbing a bootleg copy of Windows online. Instead I chose to pay for a copy of WinXP because the OS is a MAJOR part of my system and as such was worth the asking price. (And also because I'm not a thieving schmuck. If you don't want to pay use Linux.)
Ever since I've been hounded by WGA. I just want my system patched. Microsoft wants to verify "something", god knows what, every time I try to access patches. Their checker needs updating quite often. I don't know what it does. I don't know what info it sends them. I just know it's an annoyance, maybe a personal security risk. I can't patch without it. (Officially that is. I'm aware of "alternate" patch sources but how secure is that? Seriously now, come on...)
This is the thanks I get for dropping money on their product. I passed on Vista. I'll pass on Win7. Once this system has aged to the point of uselessness (translation: can't game any more) I'm going to Linux full time. Why? BECAUSE THEY ACT AS IF THEY OWN MY MACHINE, NOT ME. THAT pisses me off.
So f--- them. I'm done.
Does it fix the problems with Windows 7? After reading this review of a pre-release download, I'm a bit hesitant to use it.
Comment forecast: Bits of genius surrounded by a sea of mediocrity.
Kernel issues still require a reboot.
I run both Linux and FreeBSD in the server room, and have for about 15 years - but in terms of managing, reporting on, and distributing updates to hundreds of desktops, there's nothing off the shelf for *nix that comes close.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
Coming from someone whose ID is Tumbleweed?
You bet. Arizona's so bad the plants evolved to get outta there!