Slashdot Mirror
Microsoft Releases Out-of-Band Security Patch For Windows
mrspoonsi writes Microsoft has announced that they will be pushing an out-of-band security patch today. The patch, which affects nearly all of the company's major platforms, is rated 'critical' and it is recommended that you install the patch immediately. The patch is rated 'critical' because it allows for elevation of privileges and will require a restart. The platforms that are affected include: Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows 8 and 8.1, Windows Server 2012 and Windows Server 2012 R2, Windows RT and Windows RT 8.1. Windows 10 Technical Preview customers are affected, too.
For Windows 8 and Windows 8.1, the Windows Update web site says "Severity ratings do not apply for this operating system because the vulnerability addressed in this bulletin is not present. This update provides additional defense-in-depth hardening that does not fix any known vulnerability." For all the other systems, the update is rated Critical.
Am I looking at the wrong thing?
If you roll out your patches the moment they come in, you are a retard ... do you enjoy running around like a headless chicken when theres a compatibility conflict?
If only security were so binary - in the real world it's a constant process of risk/reward calculations.
Is this the vulnerability the boards have been buzzing about that gives a remote code exploit by merely visiting a malicious TLS server? If so, having all your end-user machines pwned inside the firewall is not better than the risk of a compatibility conflict. One cripples an organization, the other, at worst, breaks one app.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
THIS! Richard obviously works in a nice posh fortune 500 org where such resources are available to HIM. Meanwhile back int he real world for everyone else (Small Medium Business), rolling the dice is only option. As you said, it's all a risk/reward calculation as to when and where to be proactive with the expendature of resources.
I find the lambasting of "should do this retard" to be quite insulting. As employees, we don't always get that option to do what is theoretically in the best interests of the company we work for.
Life is not for the lazy.
Any worthwhile testing would take weeks to perform.
Enjoy being exposed to known and active vulnerabilities while you're busy testing each patch individually against a dozen or more hardware configs across dozens of applications across hundreds of workloads and 99.99% of the time you'll find no problems that justify holding the patch back. And you'll STILL have Jerry from Accounting call you up after you deploy it because it broke the medieval torture device he calls an "ergonomic" keyboard.
You (or some peon) will then be dispatched to his desk to investigate Brenda's ticket of "Jerry's computer frozen please advise.", and you'll be forced to awkwardly use that shitty keyboard while you troubleshoot (you didn't bring your own because you forgot he fucking had the damned thing).
Here's the testing you need to do in the real world:
Install all the patches on your machine.
Reboot.
Launch IE, FF, Chrome, Outlook, Word, and Excel.
Launch any applications mentioned in the bulletin.
If nothing crashed, deploy the patch to everyone.
If something crashed, search "Patch Tuesday Breaks " and look for recent shit.
I'm more annoyed by the architecture of Windows that requires reboots for a ridiculous amount of updates. Why haven't they figured out how to stop a service, update it, and then start it again? Why does everything require a reboot?
I understand kernel-level updates will require a reboot, and do on every OS out there. But there are far more reboots in patching Windows than any other platform.
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
Now Microsoft trying to be more open. Should we be a bit more welcoming to Microsoft?
Embrace, Extend, Extinguish.
What you view as "trying to be more open" strikes me as being "Embrace".