No Patch On Tuesday For Internet Explorer Hole

An anonymous reader writes "Right on schedule, Microsoft on Thursday announced its usual advance notification for the upcoming Patch Tuesday. While the company is planning to release seven bulletins (two Critical and five Important) which address 12 vulnerabilities, there is one that is notably missing: a bulletin for the new IE vulnerability discovered on Saturday. For those who didn't see the news on the weekend, criminals started using a new IE security hole to attack Windows computers in targeted attacks. While IE9 and IE10 are not affected, versions IE6, IE7, and IE8 are."

There is a fix

[AmiMoJo]

Upgrade from XP and install IE9/10. What other manufacturer provides quick fixes for a decade old OS that is now three versions out of date?

Re:There is a fix

The difference is, most other companies don't charge you several hundred dollars for an operating system upgrade just to patch important software vulnerabilities. In fact, most other operating system distributors don't even charge a penny for such a basic service.

Which operating system distributors would that be? Not Apple; they haven't supported System 9 for years. Not Red Hat; they don't support any of their 2.0 kernel based releases either.

Re:There is a fix

[bunratty]

The latest versions of every other browser run on Windows XP: Chrome, Firefox, Safari, Opera, and so on. Those latest versions also contain no publicly known security vulnerabilities according to Secunia. So I guess the answer is everyone but Microsoft provides quick fixes for that decade-old OS.

Re:There is a fix

[jon3k]

So Microsoft has publicly ended support for IE8 and doesn't offer anymore updates? If so, then paying for an update would be a reasonable expectation (they should have already known to upgrade). If it's still under support, then this isn't a very reasonable option.

FixIt

They did release a FixIt, but yeah no real patch its looking like until Feb.

It is still a supported OS

[Sycraft-fu]

MS provides long support lifecycles, 10 years from release minimum and subject to extension, which XP has been. XP will continue to get updates until mid 2014.

I'm sure they intend to fix it, they just haven't gotten the fix tested yet. MS can't just go and bash out a fix and release it and hope nothing goes wrong, they have to regression test their fixes and it is not a fast process.

Ya they do

[Sycraft-fu]

Apple generally charges $100 per upgrade and they only do fixes for 2 versions old, so they'll update 10.6 now, but not 10.5. At the rate they release, you have to update every few years to keep getting patches. RedHat charges $350-8600 per year depending on the options you want ($350 is for self support 2 socket x86, $8600 is for premium support 4 socket POWER). Oracle charges a retarded amount of Solaris support, it is kinda a hardware/software combo support and is thousands a year, and you have to uninstall any updates if you stop paying for support.

If you pay for the software, you pay for updates at some point. MS is pretty good in that regard. 10 years from the date of release, sometimes extended. So Windows Server 2012, for example, will be supported until 1/10/2023 at a minimum.

Even in the world of free software, updates are still required for support after a time. Canoical supports a Ubutnu release for a max of 5 years (for LTS, regular is 2 years). After that, you have to get the new version. It is free, but you still have to get the new version.

Also, Windows isn't "several hundred dollars" unless you are talking Windows Server, and even then only new usually.

Re:Ya they do

[UltraZelda64]

Not to mention, Red Hat's business model is based pretty much completely on support... their source is open; nothing is stopping you from downloading the patches is source form and applying them yourself, or just using one of the clones (CentOS, Scientific Linux, etc.)

I don't know about actual Solaris support costs, but I do know that Oracle is one company I will never give a penny to, so to me it doesn't really matter.

Not a fix. Forced obsolescence

[tuppe666]

Upgrade from XP and install IE9/10. What other manufacturer provides quick fixes for a decade old OS that is now three versions out of date?

I am astonished that anyone sane would measure from the start of the XP cycle which was unnaturally long from extensive problems as Microsoft not the user. That means that 2007 when Vista was released is a much more reasonable time....If it was any good. It wasn't it ran badly on most (all) of the machines at the time which lest many people waiting windows 2007. I have four machines in my house...only one supports Windows 7, Windows 8 is quite but none have a touch screen...making Windows 8 a no no for me.

The reality is that scenario is not unusual currently 35% of people (1 in every three) currently run XP(Vista has already dropped to 5%)

Microsoft wthout the monopoly

[tuppe666]

Even if you take into account every single device running Linux, it's still nothing compared to the number of devices running Windows.

Windows PC is hovering around 1.25 Billion...and shrinking a little bit, Android had hit only 625Million End of last quarter with activations hitting 1.3million daily...the number people are quoting now is 1.5miillion(ignoring the Christmas spikes). Android is expected to pass Windows this year.

Its kind of sad really. At least with Secure boot they can establish a few more years of lock-in, Go out like you came in I say.