Critical Security Updates Coming To Windows XP, 8, RT & Server

SmartAboutThings writes "On the upcoming Patch Tuesday on July 9, Microsoft is going to bring some notable security updates, that will mostly deal with fixing issues in remote code execution vulnerabilities, which allow attackers to breach in. The security updates will be applied to all Windows versions Microsoft is still supporting (from XP to Windows 8.1)"

Why?

[Corona+Extra]

I haven't noticed any security problems with Windows. Why do they release this?

Re:Why?

[devent]

Sorry that is just not true.

First, the kernel developers have a strict policy for not breaking API or ABI with applications.
See for example: Linus Chews Up Kernel Maintainer For Introducing Userspace Bug "Userspace" means applications.
Secondly, the developers of low level stuff like GUI toolkids (Qt, KDE, GDK+, PluseAudio, etc) are also very strict about breaking compatibility.

On the plus side, Linux don't costs you anything. It's not like you have to pay 80 or 100 Euro to update from Debian Lenny to Debian Squeeze. When Debian Squeeze was finished you just download it and update your system. Costs you maybe half a hour time.

Re:Why?

[the_B0fh]

So to me THAT right there is one of the big differences that takes Linux out of the running (well that and the piss poor driver model, but that is another rant) because if you don't stay pretty God damned close to the bleeding edge with most mainstream Linux? You are FUCKED with a capital F. You try skipping releases and suddenly the latest software won't run because it requires kernel X+3 and you have kernel X, it makes it a royal PITA and means that even if the devs go some way you don't want to go, like the mess that was Pulse Audio or the shit that was early KDE 4 and Gnome 3? Too bad, fuck you, you update or its shit time for you.

You really based your arguments on what you read on blogs rather than personal experience? Plenty of people still run kernel 2.2 which is about 15 years old now, or 2.4 which is about 10 years old now. And if you run something like debian, it's as simple as "apt-get distupgrade" and editing a few config files.

Or... you know, just not upgrade.

Seriously. Get over it.

It has been a busy month

[gmuslera]

A lot of systems that had to be compromised by the NSA and associates before this patch could finally be released.

So...

[SCPRedMage]

...it's a normal Patch Tuesday? How the hell is this news?

A request...

[Anachragnome]

I do not have the ability to do so, but could someone that is able to do so please make a close comparison before/after changes?

They might be trying to cover their tracks in terms NSA backdoors--hide the evidence to minimize the coverage--and the changes they make with updates might shed some light on those backdoors.

Re:Well

[AbrasiveCat]

Deleting all those NSA backdoors is a helluva job.

No, No, you don't get it. These are installing the new backdoors.

This is news?

[JDG1980]

Doesn't Microsoft patch these kind of security holes every Patch Tuesday? How is this one special?

their patches can no longer be trusted

[0111+1110]

All joking aside, can any of us trust their patches now that it has been comfirmed that Microsoft is effectively a branch of the NSA? What percentage of these updates were sponsored and ordered by the NSA? Are only 30% of the changes for the benefit of the NSA? 70%? There is no way to know.

Re:their patches can no longer be trusted

[Anachragnome]

"All joking aside, can any of us trust their patches now that it has been comfirmed that Microsoft is effectively a branch of the NSA?"

All joking aside. Excellent idea.

How many of you folks are squirming right now, wondering if any of your code managed to end up inadvertently being used in the Prism program? How many of you are wondering how this will impact your job? How many of you are wondering what you might have said in the past, things that you are afraid might be exposed by this? How many Microsoft employees are now worrying about their social life, now that everyone knows Microsoft is neck-deep in NSA spying? Will they be ostracized? What about Google employees? Might they become targets for recriminations? Have you been hiding your affiliations with implicated companies? Will that one friend you confided in turn on you, out you to others that they know will shun you as a result? How much more do we NOT know about? What will the next leaked document reveal? How many of you even care (or dare to care openly)?

See where I am going with this?

Fear. I see it between the lines in forum posts (not just here on Slashdot), I see it in the public pronouncements from public officials around the world, I see it amongst the world's journalists (some fear not the personal costs, but the costs to the entire idea of journalism). I see it coming from the NSA themselves.

This is East Germany, all over again--the NSA literally has us spying on each other, inadvertently or not. Secrecy=Fear=the need for secrecy. Both sides of the equation are feeling it. Did you just hesitate before you sent that email? Have you resigned yourself to the fact that privacy is now dead? Do you fear the repercussions of standing up for your rights?

Do you fear doing nothing?

Re:their patches can no longer be trusted

[mysidia]

All joking aside, can any of us trust their patches now that it has been comfirmed that Microsoft is effectively a branch of the NSA?

No you cannot; HOWEVER, you can trust not patching even less. Because Microsoft have been known to share vulnerabilities with the NSA, before they even share the fact of their existence to the public.

The NSA has loads of cash available, and all the research and engineering resources required to work on developing reported vulnerabilities into exploits, to add to "surveillance malware deployment packages".

Uptime isn't important, lack of downtime is

[dutchwhizzman]

.How long your computer hasn't rebooted isn't the important bit. What is important, that it will be available when you need it to be and that it won't reboot or crash without your explicit permission. Even though I have set my permissions such that MicroSoft should never ever update without my consent, let alone reboot my machines, it has happened on several occasions that they pushed an update without prior warning and rebooted XP computers.

On any critical infrastructure I'd want to have total control over when something happens and what happens then. Some vendor autonomously deciding to reboot my heart/lung controller during a heart transplant will not do. The same applies to (air) traffic control (ILS in San Francisco anyone?), hight voltage control, nuclear power plants and whatnot. Hell, I don't even want them to reboot my music player if I'm listening to it.

I don't mind having to do regular scheduled maintenance in maintenance windows if I know in advance, during the design phase of the platform. That way, I can decide which exact OS will be the most useful and beneficial for the exact purpose I intend it to have. Any rogue OS that decides to reboot "on it's own" will never ever get a place in any important infrastructure I have, no matter how long uptime some dude on a forum achieves on it.

Any down time outside of service windows is a major issue, regular windows are not only a minor nuisance compared to an incident during production hours, they are also "job security" if you look at it. I don't care how long uptime you get. I just don't want any downtime for myself.