Slashdot Mirror
Microsoft Kills Many Critical Flaws, Some 0-Days, Un-Trusts One Wildcard Cert
An anonymous reader writes: For this December Patch Tuesday, Microsoft has released twelve security bulletins, eight of which have been rated critical. Those refer to the cumulative security updates for Internet Explorer, Microsoft Edge, JScript and VBScript, and updates for Microsoft Windows DNS, Microsoft Graphics Component, Silverlight, Microsoft Office, and Microsoft Uniscribe. Microsoft also released a security advisory announcing the removal of a digital certificate from the Certificate Trust list (CTL).
What's new? I'm sure there are many more lurking to be found...
... err, I mean, Windows 10.
In other news Microsoft also released another 14 updates that increase telemetry, attempt to forcibly install Win 10, beat your children and do unspeakable things to the cat!
I have Windows Update on a pure as-needed basis and glad I do after hearing about the supremely unethical 'Hey! Upgrade to Windows 10! Hey!' nag that came in some updates.
On another front a friend was having trouble with his boot drive and as we were shutting it down Windows jumped in to install a bunch of updates - that finished corrupting the boot drive and many, many hours were dedicated to recovery and repair.
I'll give these patches a look but want no shady behavior out of the Redmond Mob.
A feeling of having made the same mistake before: Deja Foobar
Saw that there were several "important" updates available to me last night. I've disabled Automatic Updates, since I can't really trust Microsoft to not try and install Windows 10 behind my back, and instead have Windows Updates a startup item now so I can stay on top of new updates more easily.
Haven't had a chance to go through what's listed there -- doesn't anyone know if there are any I need to be hiding from this batch?
Warning, they are trying to sneak in yet another update to chuck Windows 10 down your throat. KB3112343 enables support for additional upgrade scenarios from Windows 7 to Windows 10.
How can any of us trust that when Microsoft puts out patches they're not also saying "fuck it, while we're here we'll just tinker with a few things and add stuff we've wanted for a while"?
Microsoft are being such bastards about shoving Windows 10 up our collective asses I'm afraid at this point Microsoft has to be treated as a hostile and un-trusted entity -- they've pretty much decided that furthering their own interests is compatible with the update system which is supposed to provide us security.
We don't trust you didn't write something horribly insecure, we don't trust that you aren't sneaking something in unrelated to security, and quire frankly we don't trust that you're going to do a good job of fixing these problems.
Lost at C:>. Found at C.
.
This extreme slowness is a recent thing, occurring only for the last three four four months. I really takes the fun out of running Windows Update.
Ever heard of Patch Tuesday? It's the second Tuesday of every month.
It's the Wimpy security remediation model -- "I'll gladly fix on Tuesday that security vulnerability you found today..."
http://www.infoworld.com/article/3013219/microsoft-windows/microsoft-pulls-botched-patch-kb-3114409-that-triggered-problems-with-outlook-2010.html
For once you're right. If they wanted to fix security flaws they'd tell people to install Linux.
It's know as "Metro" or "Modern". Until MS kills it and goes back to the UI people WANT, without additional spyware, forced installs and all the rest, they will continue to see people migrate away from their software and services.
Strictly speaking, sending a computer with Debian into a singularity would only cause apt-get to appear as slow as windows updates to outside observers. From the frame of reference of the user it would still run as fast as it always does.
It almost seems that Microsoft has intentionally slowed updates for Windows 7. It's been taking 30 to 60 minutes to check and get a repsonse using Windows update on our Windows 7 machines. Windows 10, on the other hand, is rapid, but buggy with more than one failed update that required running a script in an elevated command prompt to get it removed, when not needed, or installed. Having experienced annoying and on one PC serious issues with Windows 10, our Windows 7 PC's are staying with Windows 7, with automatic updates disabled. I manually check now, with recommended updates turned off, since I lost all trust in Microsoft in the past few months thanks to sloppy work and buggy updates. I have been installing GWX Control Panel in most of our customer computers that are still running Windows 7 or 8.1, with their blessings and often at their request since they like their PC the way it is.
I've noticed any machines not going with the Win 10 forced upgrade are having their video drivers nuked.
Every PC you do that too is another PC that will slip through your hands, Darth MSFT.
-- Tigger warning: This post may contain tiggers! --
I think Microsoft is driven to shove tiles down people throats for no reason other than they doubled down on Ballmer's betting the company on Windows 8's schizophrenic dual GUI by bundling it into Windows 10 start menu with Candy Crush and other shit.
Wouldn't that just be a cop-out?
Microsoft has gone so far with Modern UI already that I don't think they are coming back. It's like wishing for Linux to get rid of SystemD.
when you did not have to worry about windows updates, just click on everything, now you have to read every single fucking thing to the point my linux box is easier to update than this aids infested windows update system. They should call it windows africa or something, So much computer aids in one place
Congratulations on signing up for Slashdot yesterday.
I mean, you are completely new here, yes? I mean, otherwise, you wouldn't possibly not comprehend that these whorish fucks have been typing dollar signs instead of an s for well over a decade while insisting it's the year of Linux on the Desktop because their grandma (who doesn't even fucking use a computer) is running Gentoo and setting her own compiler flags.
You may be surprised to learn it's only the second Tuesday of the month ("Patch Tuesday"), and not every Tuesday.
It's actually a sensible policy that allows corporations to plan on regular updates. A large company can't simply accept patches without a lot of testing to make sure they don't accidentally bring down every computer in the business because of some issue with their mission-critical software. That sort of little mistake can cost many millions of dollars. By regularly scheduling the patches, the IT staff can plan a regular test and integration cycle.
On the development side, these fixes have to go through a huge battery of tests before they can be deployed. This can take quite a while to do. I'd imagine it's much easier for MS if they can perform these compatibility tests on an entire batch of fixes, rather than doing it for each single patch. You can argue it's likely more damaging to have a badly-tested patch bring down a large number of machines than whatever was being patched in the first place.
In the event of issues that are time sensitive (critical zero-day issues), MS has been known to push out-of-band patches. Most patches though, especially anything not already found in the wild, are not nearly that time-sensitive. Keep in mind many of these flaws have existed for years, possibly even decades, before being discovered.
Irony: Agile development has too much intertia to be abandoned now.
1. Don't install it.
2. If you ignored step 1, then uninstall it.
Microsoft, Apple, Google, Amazon what's the difference? All steal money from devs and control with walled gardens.
... clearly none of you have even tested a build of win10 because you are still whining about non-existent issues.
As someone who has a Windows 10 box, I'll agree that it's not a dream OS for stability, but it still has a large number of issues that people keep hammering. Not convinced? Here are a few articles about Windows 10 data collection from PC Mag and ComputerWorld. How to regain some privacy at Polygon and Techtimes. Finally, that Microsoft doesn't see (or care) about the privacy risk for all this data collection. Nor have they explained what is being collected, for what purpose, how it is being stored, and who has access to it. I had to add rules to my home router to block traffic to MS's servers, something I doubt the typical user would do.
On top of that, there's plenty of issues even with games. MS took down GFWL in favor of their store. However, older GFWL games will install the old software automatically, and give you some interesting crashes (SSF4:AE and SFxTekken both crashed miserably and forced a reboot). Other games require reinstallation or reacquiring of assets through Steam (Saints Row 4 is one). Some are unable to play fullscreen (Xeodrifter is one example). Some will simply only run when the planets are aligned (DmC: Devil May Cry starts as a service for some stupid reason... I rarely get the actual game).
This isn't a bunch of fanboyism. As for assuming, you are assuming that statements made are based on assumption. I have had many dealings with 10 and EVERY single one has been negative. I have had customers that their systems have been trashed to the point that totally restoring to factory was the only fix. Forcing 10 on people is not the way to keep customers. There are too many systems that are not compatible with 10 that break during the upgrade. If people want it, and you are giving it away, they will take it. If they don't want it, and you try to force it on them anyway, you are going to alienate them.
I have done Windows dev work for years. Their attitude is making me switch my model for development.
Funny, the prove yourself for this was awakened.
Its cute ... you guys have warped 0-day into something utterly meaningless.
The term was always stupid, you mean 'undisclosed'. It stopped being 0 day 24 hours after it was first discovered, regardless of when you found out about it.
The reality is, unless someone on slashdot was actually writing it, its pretty unlikely you've EVER seen a 0 day exploit.
You guys now days have no experience or clue about what words mean so you just start making shit up and using them in utterly stupid ways.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
If there is a really serious security issue they'll sometimes release out of band.
It's know as "Metro" or "Modern". Until MS kills it and goes back to the UI people WANT, without additional spyware, forced installs and all the rest, they will continue to see people migrate away from their software and services.
I hate thing, therefore everyone hates thing!
It's know as "Metro" or "Modern". Until MS kills it and goes back to the UI people WANT, without additional spyware, forced installs and all the rest, they will continue to see people migrate away from their software and services.
Which UI is that? The one in Windows 7? The one people coming from XP also bitched about?
Shouldn't Internet Explorer be an optional removable application, since Microsoft now wants to push Edge as the default browser? I'm fine w/ that, b'cos I use a combination of Edge, Chrome and Palemoon. On the laptop, it's not a big deal, but on my Winbook tablet that has limited storage, I'd like to remove things like IE
Don't forget the ads in Solitaire! Unless, of course, you pay $1.50 a MONTH to remove them. Making FUCKING SOLITAIRE more expensive than the actual cost to upgrade the OS after three years!
There is no reason at all to ever run it. Your system will be perfectly safe. Worse IT professionals actually believe this??!
Glad mine are turned on
http://saveie6.com/
Specifically KB3114409 was intended to prevent safe mode from deploying unless a registry value was changed, but on some machines (seems like 32 bit machines, maybe, from my experience,) it ends up forcing safe mode.
http://www.infoworld.com/article/3013219/microsoft-windows/microsoft-pulls-botched-patch-kb-3114409-that-triggered-problems-with-outlook-2010.html
Yeah, I took heaps of acid in the 80's and 90's too. What's that noise?
...installing this comprehensive necessary patch DOES actually also install Win10 automatically.
Sorry.*
-MS
*not really.
-Styopa
So why does everyone else need to follow the schedule of a bunch of slow-ass corporations? That's now a month of time where your systems are wide-open to hacking. This may surprise you to find out, but not everyone is a corporation: there's actually people who use computers at home!
Microsoft's "Critical Update" screwed up my iPhone 5S's update to IOS 9.2 to the point where it almost bricked the phone.
I ended up spending 15 minutes with Apple Support trying to get the phone back using a Mac when ... the Mac announced it had an update to El Capitan and Xcode.
Maybe it's time that manufacturers set aside unique days (of the month) for releasing their updates so that they all don't collide?
Sorry, just bitching because I really didn't need to lose an hour on an iPhone update which is normally transparent to me.
Mimetics Inc. Twitter
It would be great if the patches could be released sooner than at one month intervals, but everything has a trade-off. Fast patches mean sloppy patches or buggy code (remember the Stagefright patches?), especially when you're talking about a billion machine in nearly that many unique configurations. Keep in mind that non-corporate customers still needs the benefit of QA to ensure things don't break on our computer. It's probably even more important for us, because unlike at a corporation, we don't first install the patches on test machines to see if things are broken, since we probably only have one or two machines to begin with.
There's another issue here as well: patches have to be released at the same time for everyone. The release of the patch itself, oddly enough, tends to generate more immediate exploits shortly after. This is because patches are analyzed to discover what exactly was fixed, and those exploits tend to be added to kits rather quickly. So, it's not really practical to push out consumer patches ad-hoc, because it would essentially force everyone to begin the testing and integration cycle over for each new patch.
I completely understand not liking the idea of patches being held back for a time because of a release schedule, but MS has to balance the needs of all its customers here.
Irony: Agile development has too much intertia to be abandoned now.
Which UI is that? The one in Windows 7? The one people coming from XP also bitched about?
I took great pains to make my Win7 desktop look like XP!
I hate "metro" and "Live Tiles" (that never really worked properly) and all of the other MS bullshit that was designed to give MS more control over distribution of software on the PC I own. I also object, in the strongest possible way, to their attempts to force upgrades on people who don't want them, and their "telemetry" spyware.
If you don't hate Windows, you just aren't paying attention.
If you use Chrome, free solitaire! It's in their app store, or... http://offlinebrowsergames.appspot.com/index.html
I thought Microsoft Edge was elimated all the defects in the Microsoft browser?
I don't actually use Windows but I have it on good authority that there are quite a few free versions that don't have ads right in the store and available with the same search query.
"So long and thanks for all the fish."
Every time I start it up, its layout gets resetted. So annoying!
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
Instead of juggling batch files like I was I switched to using Spybot Anti Beacon
https://www.safer-networking.o...