Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Releases Out-of-Band Security Patch For Windows

Posted by timothy on from the as-circumstances-warrant dept.

mrspoonsi writes Microsoft has announced that they will be pushing an out-of-band security patch today. The patch, which affects nearly all of the company's major platforms, is rated 'critical' and it is recommended that you install the patch immediately. The patch is rated 'critical' because it allows for elevation of privileges and will require a restart. The platforms that are affected include: Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows 8 and 8.1, Windows Server 2012 and Windows Server 2012 R2, Windows RT and Windows RT 8.1. Windows 10 Technical Preview customers are affected, too.

2 of 178 comments (clear)

  1. Not for Windows 8 or 8.1 by ifdef · · Score: 5, Informative

    For Windows 8 and Windows 8.1, the Windows Update web site says "Severity ratings do not apply for this operating system because the vulnerability addressed in this bulletin is not present. This update provides additional defense-in-depth hardening that does not fix any known vulnerability." For all the other systems, the update is rated Critical.

    Am I looking at the wrong thing?

  2. Re:Better go kick WSUS into a sync... by sexconker · · Score: 5, Informative

    Any worthwhile testing would take weeks to perform.
    Enjoy being exposed to known and active vulnerabilities while you're busy testing each patch individually against a dozen or more hardware configs across dozens of applications across hundreds of workloads and 99.99% of the time you'll find no problems that justify holding the patch back. And you'll STILL have Jerry from Accounting call you up after you deploy it because it broke the medieval torture device he calls an "ergonomic" keyboard.
    You (or some peon) will then be dispatched to his desk to investigate Brenda's ticket of "Jerry's computer frozen please advise.", and you'll be forced to awkwardly use that shitty keyboard while you troubleshoot (you didn't bring your own because you forgot he fucking had the damned thing).

    Here's the testing you need to do in the real world:
    Install all the patches on your machine.
    Reboot.
    Launch IE, FF, Chrome, Outlook, Word, and Excel.
    Launch any applications mentioned in the bulletin.
    If nothing crashed, deploy the patch to everyone.
    If something crashed, search "Patch Tuesday Breaks " and look for recent shit.