Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows Users, Get Ready For a Bigger-Than-Usual Patch Tuesday

Posted by timothy on from the why-I-tell-my-mom-no-windows dept.

dibdublin (981416) writes with a report from The Register: October is stacking up to be a bumper Patch Tuesday update with nine bulletins lined up for delivery — three rated critical. Cloud security firm Qualys estimates two of the lesser "important" bulletins are just as bad however, as they would also allow malicious code injection onto vulnerable systems. Top of the critical list is an update for Internet Explorer that affects all currently supported versions 6 to 11, on all operating system including Windows RT. Vulnerabilities discovered in most versions of Windows Server, Windows 7 and 8, and the .NET framework are covered in the other pair of critical bulletins.

63 comments

  1. IE 6? by TWX · · Score: 0

    Does that mean that if I have an ancient Windows 98 install going somewhere, it'll get a rare update in the wild?

    --
    Do not look into laser with remaining eye.
    1. Re:IE 6? by Anonymous Coward · · Score: 0

      Doubt it.... this is an update for *current* OS, which may have IE 6, which is why the fix is included. Win 98 is no longer maintained.

    2. Re:IE 6? by Anonymous Coward · · Score: 0

      I wonder if this bug goes even farther back? At least I don't feel so bad about bash anymore, but I'm still a little ticked over heartbleed.

    3. Re:IE 6? by Anonymous Coward · · Score: 0

      Does that mean that if I have an ancient Windows 98 install going somewhere, it'll get a rare update in the wild?

      It if for IE 61, but then they realized that the "6" would capture old versions of IE 6. They are bumping the revision number to '21', because "19" would capture IE "X", "XI", etc.

    4. Re: IE 6? by Anonymous Coward · · Score: 0

      It's funny how people blow up on here when a few bugs are in Linux so they can defend winblows. But winblows has 10000000000 exploitable bugs

    5. Re:IE 6? by Snotnose · · Score: 1

      Yeah, my old XP laptop is in the closet, should I pull it out tuesday and let it upgrade?

    6. Re:IE 6? by CaptainDork · · Score: 1

      Google how to make it think it's an ATM and fire it up.

      --
      It little behooves the best of us to comment on the rest of us.
    7. Re:IE 6? by bondsbw · · Score: 2

      IE 6 should be illegal.

      --
      All my liberal friends think I'm a conservative, all my conservative friends think I'm a liberal.
    8. Re: IE 6? by Anonymous Coward · · Score: 0

      Not really, that's how tolerance works. Linux doesn't have enough bugs for tolerance to bugs to really set in. What we need is to hire more MS developers to work on Linux so that there'll be enough bugs that nobody cares about any particular one. Thereby granting a sort of immunity and lack of opportunity for any one bug to attract a huge following.

    9. Re: IE 6? by Anonymous Coward · · Score: 0

      That won't address the bug problem, IMO. Linux, as a community of developers, is far larger than Microsoft, which, collectively enable more stable code, as there's more QA going on. Adding more developers would only improve stability, not make it worse.

    10. Re:IE 6? by ericloewe · · Score: 2

      Noy unless it's running Windows XP embedded or PoS or Server 2003.

    11. Re:IE 6? by Billly+Gates · · Score: 1

      Why?

      It makes webmasters who charge by the hour very rich

      --
      http://saveie6.com/
    12. Re:IE 6? by TWX · · Score: 2, Funny

      Windows XP POS? Isn't that being redundant?

      --
      Do not look into laser with remaining eye.
    13. Re: IE 6? by Anonymous Coward · · Score: 0

      Adding more developers would only improve stability, not make it worse.

      Some would disagree: Brook's law

    14. Re: IE 6? by gbjbaanb · · Score: 4, Insightful

      the difference is: when Linux has a critical bug, its front-page news; when Windows has a critical bug, its just another Tuesday.

    15. Re:IE 6? by ericloewe · · Score: 1

      Yes, all points of sale are pieces of shit.

    16. Re: IE 6? by Noah+Haders · · Score: 1, Flamebait

      I was thinking about something similar. For windows, what's an "acceptable" number of critical flaw patches? If you really think about it, the only possible answer is zero. Any answer greater than zero must be unacceptable. So why do people put up with it?

      A similar topic comes up when people talk about pedestrian deaths. What's an acceptable number of pedestrian deaths in a year? If you're intellectually honest with yourself the only acceptable number can be none.

    17. Re: IE 6? by Anonymous Coward · · Score: 1

      people still use windows ?

    18. Re:IE 6? by MrDoh! · · Score: 1

      Checking our weblogs, I'm still amazed how many people out in the wild are using ie6, and have avoided windows update. Ok, it's only a few % out of the full amount but still a few thousand machines that must be malware heaven.

      --
      Waiting for an amusing sig.
    19. Re:IE 6? by Anonymous Coward · · Score: 0

      Or (many periods that I can't post because of slashdot's stupid junk character filter) people using a user agent changer so webpages look better.

    20. Re: IE 6? by Anonymous Coward · · Score: 0

      Kind of interesting how roles have changed in that. In the past it was always serious Windows vulnerabilities that made the headlines.

    21. Re: IE 6? by kmoser · · Score: 1

      Even worse, with M$ it's any day of the week. You just have to wait until Tuesday to get a patch--if one even exists.

  2. Business as usual by Anonymous Coward · · Score: 0

    Nine updates isn't anything special. I had a quick look at my installed updates and last month there were 11 updates for this Windows 8.1 machine.

  3. Don't mean to sound callous, but... by Anonymous Coward · · Score: 0

    Let someone else beta test it.

    1. Re:Don't mean to sound callous, but... by CaptainDork · · Score: 0

      Damn right. This last batch was a bitch. It was a bitch batch. HaHaHa ...

      Sorry.

      --
      It little behooves the best of us to comment on the rest of us.
  4. I need some comparisons by SuiteSisterMary · · Score: 1

    Would these the more, less, or about as impactful as heartbleed and shellshock? What was the time frame between the introduction of the bugs being fixed, the discovery of the bugs being fixed, and the fixes?

    --
    Vintage computer games and RPG books available. Email me if you're interested.
    1. Re:I need some comparisons by Anonymous Coward · · Score: 0

      Far less than either of these. Just a normal batch of updates, I don't understand the summary's tone. (of course the register is a rag, so that's probably part of it)

  5. Early estimates pf the patch size are... by Anonymous Coward · · Score: 0

    around 2.75TB.
    Yeah, it's big, all right. God, it's gonna take forever to download, let alone I'm only on an i3,
    that is an i386. I'm already pretty bummed out about Intel's FSIN instruction, fortunately
    I don't need more than 11bits of accuracy. :)

  6. Windows Users, Get Ready For a Bigger-Than-Usual by Anonymous Coward · · Score: 1

    Windows Users, Get Ready For a Bigger-Than-Usual Patch Tuesday
    Not something you expect to hear from a name like Micro Soft.
    Once you go Microsoft, you never go back, because lock-in.

  7. Re:Windows Users, Get Ready For a Bigger-Than-Usua by Teresita · · Score: 4, Insightful

    The only time I use IE is just after a clean install, to download Chrome or the Fox, because I don't have the ftp command to do it from a console memorized. And never get your patches on Patch Tuesday. Go get 'em on Thursday after they fix 'em.

  8. Re:Windows Users, Get Ready For a Bigger-Than-Usua by Anonymous Coward · · Score: 0

    Please, its time for the *nix world to stop pretending their crap (and code) don't stink.

    The latest vulnerabilities have been around for YEARS shellshock and heartbleed both, and were just recently discovered. Open Source has many advantages, however perfect code isn't one of them. Neither is vulnerability catching, or these would have been found years ago.

  9. Meh by the+eric+conspiracy · · Score: 1

    Sounds like everything I don't use in Windows is getting patched.

  10. I always knew there was something wrong with .Net! by jschmerge · · Score: 1

    ...as Microsoft patches the shellshock vulnerability in the bash interpreter underlying all of .net :P

  11. Re:Windows Users, Get Ready For a Bigger-Than-Usua by Anonymous Coward · · Score: 0

    Meanwhile, we have this IE vulnerability that has been in Windows since IE6 was first released.

  12. about time for windows 7 SP2 and 2008r2 sp2 by Joe_Dragon · · Score: 1

    Is should not take hours / need to install 150+ updates on fresh systems + the update rollup. It needs to be easier / take less time.

    1. Re:about time for windows 7 SP2 and 2008r2 sp2 by Billly+Gates · · Score: 0

      Is should not take hours / need to install 150+ updates on fresh systems + the update rollup. It needs to be easier / take less time.

      Boy only if there was an OS that had updates every year and was shiny new and made for tablets. Then this problem would go away. See go use the latest if you do not want +200 updates and you will get all your work done with the newest blinding white office too with no distractions which is hipster certified

      I am sure MS would never do that nor go to my local best buy and pay them to destroy copies of Windows 7 and office 2010 in the trash compactor so the only option is 8 and 2013 nahh wouldn't happen

      --
      http://saveie6.com/
    2. Re:about time for windows 7 SP2 and 2008r2 sp2 by Anonymous Coward · · Score: 0

      Integrate the updates into your Windows 7 ISO. I think you have a technet article on how to do that.

    3. Re:about time for windows 7 SP2 and 2008r2 sp2 by Mashiki · · Score: 1

      Why don't you just make a slipstream CD/DVD with all the updates on it? It sure doesn't take that long to do and at this point in time if you're re-doing it on more than one machine per month you should have one anyway. If you don't know how this will give you the basic primer on it.

      --
      Om, nomnomnom...
    4. Re:about time for windows 7 SP2 and 2008r2 sp2 by NJRoadfan · · Score: 1

      The link leads to directions for XP. Windows Vista and up use an image based system on install media.

    5. Re:about time for windows 7 SP2 and 2008r2 sp2 by Anonymous Coward · · Score: 0

      If they release an SP2, they are obligated by their own guidelines to support said service pack for X years; it's not gonna happen.

  13. .net updates take time + gigs of ram to install by Joe_Dragon · · Score: 1

    .net updates take time + gigs of ram to install.

  14. Re:Windows Users, Get Ready For a Bigger-Than-Usua by RobertLTux · · Score: 2

    yah know ninite can solve that for you (and if you deal with a number of systems Ninite Pro is CHEAP and INCLUDES FLASH)

    --
    Any person using FTFY or editing my postings agrees to a US$50.00 charge
  15. remote exploits - how many patched this time? by Anonymous Coward · · Score: 0

    ///nomnomnom

  16. Re:Windows Users, Get Ready For a Bigger-Than-Usua by Anonymous Coward · · Score: 0

    The word you are searching for is "compatibility".

  17. The Song Remains the Same by Anonymous Coward · · Score: 0

    {With apologies to Led Zeppelin}

    Every months we get anothe load of patches to IE. I have to ask how much of the original code is still left? Not a lot I'll bet.
    Also given the numbert of patches it must now be a rast arse nest of crap code. It must be getting really hard to maintain the codebase.

    It has to be getting close to the time for MS to either
    - Call time on IE - ship with a basic browser that is used to D/L another (eg Kirefoc.Chrome etc) and then deletes itself.
    - Totally separate it from anything even remotely related to or connected to the Kernel.
    Make it totally userspace and sandboxed away from everything.

    Personally it is a POS and refuse to use it.

  18. Re:Windows Users, Get Ready For a Bigger-Than-Usua by AmiMoJo · · Score: 1

    It's easier to just copy the latest installer into a flash drive from another machine. If you bake it in with Ninite it will be out of date in one month.

    --
    const int one = 65536; (Silvermoon, Texture.cs)
    SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  19. Re:Windows Users, Get Ready For a Bigger-Than-Usua by E-Rock · · Score: 2

    Chrome and Firefox also have regular updates patching security problems. We just don't get a note about it each month, it just shows up.

  20. Any standard source for reliable info on updates? by Anonymous+Brave+Guy · · Score: 1

    Does anyone know of a site or mailing list specifically dedicated to checking out the new updates and rating how safe and reliable they are to install? I've had far too many stability and performance problems after installing recommend updates to trust Microsoft's "Install this update to make {some important but unspecified change} to Windows" messages any more. However, life's too short to keep running a search on every update ID every month to see which ones are getting red flagged.

    --
    If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
  21. Re:Any standard source for reliable info on update by CaptainDork · · Score: 1

    I share your pain. What I do is wait a week. Early adopters make good canaries.

    --
    It little behooves the best of us to comment on the rest of us.
  22. What happened to the "no support for XP/IE6"? by jonwil · · Score: 1

    I thought Microsoft had dropped all support for Internet Explorer 6 and Windows XP?
    If not, they should and force people still stuck on IE6 to upgrade.

    1. Re:What happened to the "no support for XP/IE6"? by Anonymous Coward · · Score: 1

      I thought Microsoft had dropped all support for Internet Explorer 6 and Windows XP?

      Yes, unless you're running XP embedded, or you pay microsoft for ongoing XP support.

      IE6 is still supported on windows server 2003, so there will be patches.

    2. Re:What happened to the "no support for XP/IE6"? by Billly+Gates · · Score: 1

      Many businesses who are suffering with a MUST HAVE IE 6 app which is so tied to their business process that it would go under without it (like firing people and replacing them with software that uses IE 6) use Windows Server in a VM session with Citrix or a thin client.

      Pretty pathetic and crazy but some will just not upgrade their apps as that would cost money. Sometimes it is cheaper to keep using IE 6 through server 2003 in a client.

      --
      http://saveie6.com/
    3. Re:What happened to the "no support for XP/IE6"? by tlhIngan · · Score: 1

      Many businesses who are suffering with a MUST HAVE IE 6 app which is so tied to their business process that it would go under without it (like firing people and replacing them with software that uses IE 6) use Windows Server in a VM session with Citrix or a thin client.

      Pretty pathetic and crazy but some will just not upgrade their apps as that would cost money. Sometimes it is cheaper to keep using IE 6 through server 2003 in a client.

      Well, sometimes the apps aren't upgradeable. Like the developers who wrote it have gone under, or been acquired or other such things common in software, and not only is your bespoke application no longer supported, no one has the source code anymore.

      So to upgrade it basically means rewrite. And everyone knows rewrites go swimmingly well, where no one spends $150M only to get squat or something that works worse than the old creaky software.

      I'm fairly certain a lot of companies have tried, but big enterprises probably are still trying to replace it, 5 years on.

      Oh yeah, did I mention there's probably a lot of it that uses 3rd party libraries that are also impossible to get to run on modern systems and have to be developed?

      Big workflows are tricky. And rewrites trickier still - minor features that get chopped seemingly turn out to be major features used by some business division forcing that division to suddenly have to come up with alternative ways (which due to issues means they find a way to make the system do something it wasn't supposed to do, etc. etc. etc.).

      Hell, you can bet COBOL powers a lot of it as well.

  23. Re:Windows Users, Get Ready For a Bigger-Than-Usua by Anonymous Coward · · Score: 0

    If you used FTP, better hope there is no firewall. The windows command line client does not support passive mode.

  24. Forced Hidden Updates by Anonymous Coward · · Score: 0

    Microsoft, you do not have my permission to force hidden updates or any updates of any kind into my computers. You blew any trust I ever had with you when you screwed us out of XP.

  25. Re:Any standard source for reliable info on update by CaptQuark · · Score: 1

    Try Windows Secrets Patch Watch http://windowssecrets.com/cate...

    Windows Secrets is a great site and the Patch Watch is invaluable in tracking patch conflicts and problems.

    ~~~
    Think before swallowing Microsoft's blue pill.

  26. Fool me once... by Anonymous Coward · · Score: 0

    I will never do Windows Update on the day the patches are released.

    Let the fools take the plunge and be the BSOD lab test rats.

  27. Re:Windows Users, Get Ready For a Bigger-Than-Usua by Anonymous Coward · · Score: 0

    You're misunderstanding how Ninite works. It's not only used for INSTALLING software.

    Just rerun the Ninite installer and it will UPDATE programs.

  28. Re:Any standard source for reliable info on update by Anonymous+Brave+Guy · · Score: 1

    Thanks. I hadn't come across that site before, and it looks useful.

    --
    If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
  29. Re:Windows Users, Get Ready For a Bigger-Than-Usua by Anonymous Coward · · Score: 0

    Yeah and shellshock affects every version of bash released since 1992, long before NT or IE were even released.

  30. Re:Windows Users, Get Ready For a Bigger-Than-Usua by Anonymous Coward · · Score: 0

    Uh you're a moron:

    Microsoft Windows [Version 6.3.9600]

    (c) 2013 Microsoft Corporation. All rights reserved.

    C:\Users\Me>ftp ftp.kernel.org

    Connected to ftp.all.kernel.org.

    220 Welcome to kernel.org

    User (ftp.all.kernel.org:(none)): anonymous

    331 Please specify the password.

    Password:

    230 Login successful.

    ftp> quote pasv

    227 Entering Passive Mode

    ftp>