Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows Users, Get Ready For a Bigger-Than-Usual Patch Tuesday

Posted by timothy on from the why-I-tell-my-mom-no-windows dept.

dibdublin (981416) writes with a report from The Register: October is stacking up to be a bumper Patch Tuesday update with nine bulletins lined up for delivery — three rated critical. Cloud security firm Qualys estimates two of the lesser "important" bulletins are just as bad however, as they would also allow malicious code injection onto vulnerable systems. Top of the critical list is an update for Internet Explorer that affects all currently supported versions 6 to 11, on all operating system including Windows RT. Vulnerabilities discovered in most versions of Windows Server, Windows 7 and 8, and the .NET framework are covered in the other pair of critical bulletins.

32 of 63 comments (clear)

  1. Re:IE 6? by Snotnose · · Score: 1

    Yeah, my old XP laptop is in the closet, should I pull it out tuesday and let it upgrade?

  2. Re:IE 6? by CaptainDork · · Score: 1

    Google how to make it think it's an ATM and fire it up.

    --
    It little behooves the best of us to comment on the rest of us.
  3. I need some comparisons by SuiteSisterMary · · Score: 1

    Would these the more, less, or about as impactful as heartbleed and shellshock? What was the time frame between the introduction of the bugs being fixed, the discovery of the bugs being fixed, and the fixes?

    --
    Vintage computer games and RPG books available. Email me if you're interested.
  4. Re:IE 6? by bondsbw · · Score: 2

    IE 6 should be illegal.

    --
    All my liberal friends think I'm a conservative, all my conservative friends think I'm a liberal.
  5. Windows Users, Get Ready For a Bigger-Than-Usual by Anonymous Coward · · Score: 1

    Windows Users, Get Ready For a Bigger-Than-Usual Patch Tuesday
    Not something you expect to hear from a name like Micro Soft.
    Once you go Microsoft, you never go back, because lock-in.

  6. Re:Windows Users, Get Ready For a Bigger-Than-Usua by Teresita · · Score: 4, Insightful

    The only time I use IE is just after a clean install, to download Chrome or the Fox, because I don't have the ftp command to do it from a console memorized. And never get your patches on Patch Tuesday. Go get 'em on Thursday after they fix 'em.

  7. Re:IE 6? by ericloewe · · Score: 2

    Noy unless it's running Windows XP embedded or PoS or Server 2003.

  8. Meh by the+eric+conspiracy · · Score: 1

    Sounds like everything I don't use in Windows is getting patched.

  9. I always knew there was something wrong with .Net! by jschmerge · · Score: 1

    ...as Microsoft patches the shellshock vulnerability in the bash interpreter underlying all of .net :P

  10. about time for windows 7 SP2 and 2008r2 sp2 by Joe_Dragon · · Score: 1

    Is should not take hours / need to install 150+ updates on fresh systems + the update rollup. It needs to be easier / take less time.

    1. Re:about time for windows 7 SP2 and 2008r2 sp2 by Mashiki · · Score: 1

      Why don't you just make a slipstream CD/DVD with all the updates on it? It sure doesn't take that long to do and at this point in time if you're re-doing it on more than one machine per month you should have one anyway. If you don't know how this will give you the basic primer on it.

      --
      Om, nomnomnom...
    2. Re:about time for windows 7 SP2 and 2008r2 sp2 by NJRoadfan · · Score: 1

      The link leads to directions for XP. Windows Vista and up use an image based system on install media.

  11. .net updates take time + gigs of ram to install by Joe_Dragon · · Score: 1

    .net updates take time + gigs of ram to install.

  12. Re:Windows Users, Get Ready For a Bigger-Than-Usua by RobertLTux · · Score: 2

    yah know ninite can solve that for you (and if you deal with a number of systems Ninite Pro is CHEAP and INCLUDES FLASH)

    --
    Any person using FTFY or editing my postings agrees to a US$50.00 charge
  13. Re:IE 6? by Billly+Gates · · Score: 1

    Why?

    It makes webmasters who charge by the hour very rich

    --
    http://saveie6.com/
  14. Re:IE 6? by TWX · · Score: 2, Funny

    Windows XP POS? Isn't that being redundant?

    --
    Do not look into laser with remaining eye.
  15. Re: IE 6? by gbjbaanb · · Score: 4, Insightful

    the difference is: when Linux has a critical bug, its front-page news; when Windows has a critical bug, its just another Tuesday.

  16. Re:IE 6? by ericloewe · · Score: 1

    Yes, all points of sale are pieces of shit.

  17. Re: IE 6? by Noah+Haders · · Score: 1, Flamebait

    I was thinking about something similar. For windows, what's an "acceptable" number of critical flaw patches? If you really think about it, the only possible answer is zero. Any answer greater than zero must be unacceptable. So why do people put up with it?

    A similar topic comes up when people talk about pedestrian deaths. What's an acceptable number of pedestrian deaths in a year? If you're intellectually honest with yourself the only acceptable number can be none.

  18. Re:Windows Users, Get Ready For a Bigger-Than-Usua by AmiMoJo · · Score: 1

    It's easier to just copy the latest installer into a flash drive from another machine. If you bake it in with Ninite it will be out of date in one month.

    --
    const int one = 65536; (Silvermoon, Texture.cs)
    SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  19. Re:Windows Users, Get Ready For a Bigger-Than-Usua by E-Rock · · Score: 2

    Chrome and Firefox also have regular updates patching security problems. We just don't get a note about it each month, it just shows up.

  20. Any standard source for reliable info on updates? by Anonymous+Brave+Guy · · Score: 1

    Does anyone know of a site or mailing list specifically dedicated to checking out the new updates and rating how safe and reliable they are to install? I've had far too many stability and performance problems after installing recommend updates to trust Microsoft's "Install this update to make {some important but unspecified change} to Windows" messages any more. However, life's too short to keep running a search on every update ID every month to see which ones are getting red flagged.

    --
    If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
  21. Re:Any standard source for reliable info on update by CaptainDork · · Score: 1

    I share your pain. What I do is wait a week. Early adopters make good canaries.

    --
    It little behooves the best of us to comment on the rest of us.
  22. Re: IE 6? by Anonymous Coward · · Score: 1

    people still use windows ?

  23. Re:IE 6? by MrDoh! · · Score: 1

    Checking our weblogs, I'm still amazed how many people out in the wild are using ie6, and have avoided windows update. Ok, it's only a few % out of the full amount but still a few thousand machines that must be malware heaven.

    --
    Waiting for an amusing sig.
  24. What happened to the "no support for XP/IE6"? by jonwil · · Score: 1

    I thought Microsoft had dropped all support for Internet Explorer 6 and Windows XP?
    If not, they should and force people still stuck on IE6 to upgrade.

    1. Re:What happened to the "no support for XP/IE6"? by Anonymous Coward · · Score: 1

      I thought Microsoft had dropped all support for Internet Explorer 6 and Windows XP?

      Yes, unless you're running XP embedded, or you pay microsoft for ongoing XP support.

      IE6 is still supported on windows server 2003, so there will be patches.

    2. Re:What happened to the "no support for XP/IE6"? by Billly+Gates · · Score: 1

      Many businesses who are suffering with a MUST HAVE IE 6 app which is so tied to their business process that it would go under without it (like firing people and replacing them with software that uses IE 6) use Windows Server in a VM session with Citrix or a thin client.

      Pretty pathetic and crazy but some will just not upgrade their apps as that would cost money. Sometimes it is cheaper to keep using IE 6 through server 2003 in a client.

      --
      http://saveie6.com/
    3. Re:What happened to the "no support for XP/IE6"? by tlhIngan · · Score: 1

      Many businesses who are suffering with a MUST HAVE IE 6 app which is so tied to their business process that it would go under without it (like firing people and replacing them with software that uses IE 6) use Windows Server in a VM session with Citrix or a thin client.

      Pretty pathetic and crazy but some will just not upgrade their apps as that would cost money. Sometimes it is cheaper to keep using IE 6 through server 2003 in a client.

      Well, sometimes the apps aren't upgradeable. Like the developers who wrote it have gone under, or been acquired or other such things common in software, and not only is your bespoke application no longer supported, no one has the source code anymore.

      So to upgrade it basically means rewrite. And everyone knows rewrites go swimmingly well, where no one spends $150M only to get squat or something that works worse than the old creaky software.

      I'm fairly certain a lot of companies have tried, but big enterprises probably are still trying to replace it, 5 years on.

      Oh yeah, did I mention there's probably a lot of it that uses 3rd party libraries that are also impossible to get to run on modern systems and have to be developed?

      Big workflows are tricky. And rewrites trickier still - minor features that get chopped seemingly turn out to be major features used by some business division forcing that division to suddenly have to come up with alternative ways (which due to issues means they find a way to make the system do something it wasn't supposed to do, etc. etc. etc.).

      Hell, you can bet COBOL powers a lot of it as well.

  25. Re:Any standard source for reliable info on update by CaptQuark · · Score: 1

    Try Windows Secrets Patch Watch http://windowssecrets.com/cate...

    Windows Secrets is a great site and the Patch Watch is invaluable in tracking patch conflicts and problems.

    ~~~
    Think before swallowing Microsoft's blue pill.

  26. Re:Any standard source for reliable info on update by Anonymous+Brave+Guy · · Score: 1

    Thanks. I hadn't come across that site before, and it looks useful.

    --
    If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
  27. Re: IE 6? by kmoser · · Score: 1

    Even worse, with M$ it's any day of the week. You just have to wait until Tuesday to get a patch--if one even exists.