Critical Security Updates Coming To Windows XP, 8, RT & Server

← Back to Stories (view on slashdot.org)

Critical Security Updates Coming To Windows XP, 8, RT & Server

Posted by samzenpus on Sunday July 7, 2013 @06:57AM from the protect-ya-neck dept.

SmartAboutThings writes "On the upcoming Patch Tuesday on July 9, Microsoft is going to bring some notable security updates, that will mostly deal with fixing issues in remote code execution vulnerabilities, which allow attackers to breach in. The security updates will be applied to all Windows versions Microsoft is still supporting (from XP to Windows 8.1)"

17 of 289 comments (clear)

Why? by Corona+Extra · 2013-07-07 06:57 · Score: 5, Funny

I haven't noticed any security problems with Windows. Why do they release this?
1. Re:Why? by jellomizer · 2013-07-07 07:02 · Score: 3, Insightful
  
  OSS groups release security fixes, they are applauded for caring about people's safety and security.
  Microsoft releases security fixes, they are appaled that they would let such a problem exist.
  
  --
  If something is so important that you feel the need to post it on the internet... It probably isn't that important.
2. Re:Why? by hairyfeet · 2013-07-07 08:27 · Score: 3, Insightful
  
  In case you ain't figured it out so far Windows has always run on the "Star Trek Rule" with the first in a transition being shit followed by the next being decent, at least on the home front (personally I found both NT 4 and Win2K to be pretty solid) such as Win95 crap, Win98 great, WinME crap, WinXP great, Vista crap,Win 7 great, and so on.
  But the advantage you get with Windows, that really makes a difference if you are using the PC for work and which you just don't get with Linux, is the ability to completely skip one or more releases WITHOUT suddenly being stuck on an OS without updates that can't run the latest software. Heck other than the testbed at the shop I skipped TWO releases, I skipped WinXP for the most part (Finally ended up with an XP netbox at the shop late in the game) and I skipped Vista, going from Win2K to WinXP X64 (which was just 2K3 Workstation with a different skin) and I stayed patched and able to run the latest software the entire time, in fact most software runs on XP and X64 right now without hassle.
  So to me THAT right there is one of the big differences that takes Linux out of the running (well that and the piss poor driver model, but that is another rant) because if you don't stay pretty God damned close to the bleeding edge with most mainstream Linux? You are FUCKED with a capital F. You try skipping releases and suddenly the latest software won't run because it requires kernel X+3 and you have kernel X, it makes it a royal PITA and means that even if the devs go some way you don't want to go, like the mess that was Pulse Audio or the shit that was early KDE 4 and Gnome 3? Too bad, fuck you, you update or its shit time for you.
  Meanwhile I've avoided Windows "LOL I Iz a Cellphone, Buy my appstorez LOL" 8 and if the fat bastard doesn't change course I'll avoid Win 8.1 just as easily and I will STILL be able to run all the latest software and games without issue, it'll "just work". Oh and in all my years I have NEVER seen Windows shit all over one of my drivers with an update, Linux has shit on the wireless and sound more times than I care to count, if its volunteers doing the QA and QC somebody needs to fire their stoner asses because they royally suck. Anybody who shits all over Realtek sound? Ought to be fucking ashamed of themselves, no excuse on screwing up the most popular sound chip on the planet, no excuses.
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
3. Re:Why? by devent · 2013-07-07 08:53 · Score: 4, Informative
  
  Sorry that is just not true.
  First, the kernel developers have a strict policy for not breaking API or ABI with applications.
  See for example: Linus Chews Up Kernel Maintainer For Introducing Userspace Bug "Userspace" means applications.
  Secondly, the developers of low level stuff like GUI toolkids (Qt, KDE, GDK+, PluseAudio, etc) are also very strict about breaking compatibility.
  On the plus side, Linux don't costs you anything. It's not like you have to pay 80 or 100 Euro to update from Debian Lenny to Debian Squeeze. When Debian Squeeze was finished you just download it and update your system. Costs you maybe half a hour time.
  
  --
  http://www.mueller-public.de - My site http://www.anr-institute.com/ - Advanced Natural Research Institute
4. Re:Why? by the_B0fh · 2013-07-07 09:16 · Score: 4, Informative
  
  So to me THAT right there is one of the big differences that takes Linux out of the running (well that and the piss poor driver model, but that is another rant) because if you don't stay pretty God damned close to the bleeding edge with most mainstream Linux? You are FUCKED with a capital F. You try skipping releases and suddenly the latest software won't run because it requires kernel X+3 and you have kernel X, it makes it a royal PITA and means that even if the devs go some way you don't want to go, like the mess that was Pulse Audio or the shit that was early KDE 4 and Gnome 3? Too bad, fuck you, you update or its shit time for you.
  You really based your arguments on what you read on blogs rather than personal experience? Plenty of people still run kernel 2.2 which is about 15 years old now, or 2.4 which is about 10 years old now. And if you run something like debian, it's as simple as "apt-get distupgrade" and editing a few config files.
  Or... you know, just not upgrade.
  Seriously. Get over it.
It has been a busy month by gmuslera · 2013-07-07 07:05 · Score: 4, Funny

A lot of systems that had to be compromised by the NSA and associates before this patch could finally be released.
So... by SCPRedMage · 2013-07-07 07:09 · Score: 5, Insightful

...it's a normal Patch Tuesday? How the hell is this news?

--
My sig can beat up your sig.
A request... by Anachragnome · 2013-07-07 07:15 · Score: 4, Interesting

I do not have the ability to do so, but could someone that is able to do so please make a close comparison before/after changes?
They might be trying to cover their tracks in terms NSA backdoors--hide the evidence to minimize the coverage--and the changes they make with updates might shed some light on those backdoors.
1. Re:A request... by xiando · 2013-07-07 09:36 · Score: 3, Interesting
  
  All I am asking is that people here be aware that there are many methods to stifle dissent, and that social media (Slashdot included) is now a powerful tool to both monitor and shape public opinion.
  I first noticed that some subjects and opinions are silently removed from Slashdot back in 2004. Glad you're finally catching on. Using a site with a high number of visitors? Expect this sort of thing.
  
  --
  9/11: Never forget it was a false-flag operation
Day 16 in Linux Mint by SuperCharlie · 2013-07-07 07:57 · Score: 3, Insightful

While I know it wont make me invisible, I voted with my OS and have taken the Linux plunge. I am quite happy and comfortable in Mint. I have found all the tools I need and if nothing else, maybe it will take a few more cycles to keep me under the NSA thumb.
Re:Well by AbrasiveCat · 2013-07-07 08:02 · Score: 5, Informative

Deleting all those NSA backdoors is a helluva job.
No, No, you don't get it. These are installing the new backdoors.
This is news? by JDG1980 · 2013-07-07 08:38 · Score: 5, Interesting

Doesn't Microsoft patch these kind of security holes every Patch Tuesday? How is this one special?
their patches can no longer be trusted by 0111+1110 · 2013-07-07 08:57 · Score: 4, Interesting

All joking aside, can any of us trust their patches now that it has been comfirmed that Microsoft is effectively a branch of the NSA? What percentage of these updates were sponsored and ordered by the NSA? Are only 30% of the changes for the benefit of the NSA? 70%? There is no way to know.

--
Quite an experience to live in fear, isn't it? That's what it is to be a slave.
1. Re:their patches can no longer be trusted by Anachragnome · 2013-07-07 09:52 · Score: 4, Insightful
  
  "All joking aside, can any of us trust their patches now that it has been comfirmed that Microsoft is effectively a branch of the NSA?"
  All joking aside. Excellent idea.
  How many of you folks are squirming right now, wondering if any of your code managed to end up inadvertently being used in the Prism program? How many of you are wondering how this will impact your job? How many of you are wondering what you might have said in the past, things that you are afraid might be exposed by this? How many Microsoft employees are now worrying about their social life, now that everyone knows Microsoft is neck-deep in NSA spying? Will they be ostracized? What about Google employees? Might they become targets for recriminations? Have you been hiding your affiliations with implicated companies? Will that one friend you confided in turn on you, out you to others that they know will shun you as a result? How much more do we NOT know about? What will the next leaked document reveal? How many of you even care (or dare to care openly)?
  See where I am going with this?
  Fear. I see it between the lines in forum posts (not just here on Slashdot), I see it in the public pronouncements from public officials around the world, I see it amongst the world's journalists (some fear not the personal costs, but the costs to the entire idea of journalism). I see it coming from the NSA themselves.
  This is East Germany, all over again--the NSA literally has us spying on each other, inadvertently or not. Secrecy=Fear=the need for secrecy. Both sides of the equation are feeling it. Did you just hesitate before you sent that email? Have you resigned yourself to the fact that privacy is now dead? Do you fear the repercussions of standing up for your rights?
  Do you fear doing nothing?
2. Re:their patches can no longer be trusted by mysidia · 2013-07-07 10:44 · Score: 5, Insightful
  
  All joking aside, can any of us trust their patches now that it has been comfirmed that Microsoft is effectively a branch of the NSA?
  No you cannot; HOWEVER, you can trust not patching even less. Because Microsoft have been known to share vulnerabilities with the NSA, before they even share the fact of their existence to the public.
  The NSA has loads of cash available, and all the research and engineering resources required to work on developing reported vulnerabilities into exploits, to add to "surveillance malware deployment packages".
Uptime isn't important, lack of downtime is by dutchwhizzman · 2013-07-07 10:54 · Score: 4, Insightful

.How long your computer hasn't rebooted isn't the important bit. What is important, that it will be available when you need it to be and that it won't reboot or crash without your explicit permission. Even though I have set my permissions such that MicroSoft should never ever update without my consent, let alone reboot my machines, it has happened on several occasions that they pushed an update without prior warning and rebooted XP computers.
On any critical infrastructure I'd want to have total control over when something happens and what happens then. Some vendor autonomously deciding to reboot my heart/lung controller during a heart transplant will not do. The same applies to (air) traffic control (ILS in San Francisco anyone?), hight voltage control, nuclear power plants and whatnot. Hell, I don't even want them to reboot my music player if I'm listening to it.
I don't mind having to do regular scheduled maintenance in maintenance windows if I know in advance, during the design phase of the platform. That way, I can decide which exact OS will be the most useful and beneficial for the exact purpose I intend it to have. Any rogue OS that decides to reboot "on it's own" will never ever get a place in any important infrastructure I have, no matter how long uptime some dude on a forum achieves on it.
Any down time outside of service windows is a major issue, regular windows are not only a minor nuisance compared to an incident during production hours, they are also "job security" if you look at it. I don't care how long uptime you get. I just don't want any downtime for myself.

--
I was promised a flying car. Where is my flying car?
1. Re:Uptime isn't important, lack of downtime is by Spad · 2013-07-07 18:04 · Score: 3, Informative
  
  If your "critical infrastructure" isn't hooked up to a WSUS (Free) or SCCM (Not) server for updates then you're asking for trouble; you're saying to Microsoft "I don't want to manage my own update deployment, please do it for me".
  That said, I've never had a machine set not to use Automatic Updates reboot itself for an update without my intervention.