Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Kills Many Critical Flaws, Some 0-Days, Un-Trusts One Wildcard Cert

Posted by samzenpus on from the protect-ya-neck dept.

An anonymous reader writes: For this December Patch Tuesday, Microsoft has released twelve security bulletins, eight of which have been rated critical. Those refer to the cumulative security updates for Internet Explorer, Microsoft Edge, JScript and VBScript, and updates for Microsoft Windows DNS, Microsoft Graphics Component, Silverlight, Microsoft Office, and Microsoft Uniscribe. Microsoft also released a security advisory announcing the removal of a digital certificate from the Certificate Trust list (CTL).

15 of 103 comments (clear)

  1. Any spyware in this batch? by SeaFox · · Score: 3, Interesting

    Saw that there were several "important" updates available to me last night. I've disabled Automatic Updates, since I can't really trust Microsoft to not try and install Windows 10 behind my back, and instead have Windows Updates a startup item now so I can stay on top of new updates more easily.

    Haven't had a chance to go through what's listed there -- doesn't anyone know if there are any I need to be hiding from this batch?

    1. Re:Any spyware in this batch? by QuietLagoon · · Score: 2
      I followed the links to the KB for the updates. One of the updates went to a blank page in the KnowledgeBase. So I didn't install that one.

      .
      There were also a couple of optional updates that looked as if Microsoft was trying to hide something in their KB description. So I didn't install them either.

  2. KB3112343 by Anonymous Coward · · Score: 4, Informative

    Warning, they are trying to sneak in yet another update to chuck Windows 10 down your throat. KB3112343 enables support for additional upgrade scenarios from Windows 7 to Windows 10.

    1. Re:KB3112343 by hairyfeet · · Score: 4, Informative

      Well lucky for me and my customers I didn't see that one thanks to GWX Control Panel which I HIGHLY recommend, it allows you to set customers updates back to automatic without worry about getting "Win 10'd" as it kills Windows upgrades dead WITHOUT touching the critical security patches that aren't backdoor attempts at "Win 10'ing" the system.

      BTW for those that need a very easy and simple way to remove all that backported telemetry shit (funny they can't backport DX12 but they can all the Win 10 spyware) here is a handy .BAT file that wiull scan for any of the telemetry or Win 10 shit and remove it. Its updated every month to keep up with the MSFT bullshit parade so just grab a new copy about a week after patch Tuesday and you're golden.

      Its fucking sad that they took what COULD have been a good OS and filled it so damned full of malware that we have to treat Windows Update as a malware vector and I really hope they get sued for this shit. I can't believe I'm saying this but....can we have Ballmer back? At least all he was doing was trying to (poorly) ape Apple and with something like Classic Shell it was easy enough to just remove the candyfloss, but I have yet to see anybody be able to show with a traffic analysis a way to 100% kill the spyware in Windows 10. Its so nasty I'm having to...gag, wretch...recommend Windows 8 as at least you can get it cheap, upgrade to 8.1, then get the GUI back with Classic Shell and use the .BAT to kill the spying, with Windows 10 its so baked in I seriously doubt anybody is gonna be able to wrench it out and leave a functional OS.

      --
      ACs don't waste your time replying, your posts are never seen by me.
  3. And now that we've un-trusted Microsoft ... by gstoddart · · Score: 4, Insightful

    How can any of us trust that when Microsoft puts out patches they're not also saying "fuck it, while we're here we'll just tinker with a few things and add stuff we've wanted for a while"?

    Microsoft are being such bastards about shoving Windows 10 up our collective asses I'm afraid at this point Microsoft has to be treated as a hostile and un-trusted entity -- they've pretty much decided that furthering their own interests is compatible with the update system which is supposed to provide us security.

    We don't trust you didn't write something horribly insecure, we don't trust that you aren't sneaking something in unrelated to security, and quire frankly we don't trust that you're going to do a good job of fixing these problems.

    --
    Lost at C:>. Found at C.
  4. Windows Update took about an hour to scan by QuietLagoon · · Score: 4, Insightful
    Windows Update took about an hour to scan for what updates I needed on each of the three PCs I updated yesterday.

    .
    This extreme slowness is a recent thing, occurring only for the last three four four months. I really takes the fun out of running Windows Update.

    1. Re:Windows Update took about an hour to scan by QuietLagoon · · Score: 2

      Meanwhile, Microsoft's hacked update system is stealing more than half of my CPU time as it spins its wheels trying to figure out what to do.

  5. Re:Yay updates by XXongo · · Score: 2

    In other news Microsoft also released another 14 updates that increase telemetry, attempt to forcibly install Win 10, beat your children and do unspeakable things to the cat!

    Oh, noes! Not the cat!

    KITTEH!

  6. Re:Tuesday? by Anonymous Coward · · Score: 5, Funny

    It's the Wimpy security remediation model -- "I'll gladly fix on Tuesday that security vulnerability you found today..."

  7. Re:Win-10 Nag included in the deal? by U2xhc2hkb3QgU3Vja3M · · Score: 4, Insightful

    I want to punch the idiot at Microsoft who decided that "shutdown" means "the user can leave the PC running for hours".

    That guy never brought his PC to a LAN gaming session.

  8. Windows 7 updates slow these days by ITRambo · · Score: 4, Interesting

    It almost seems that Microsoft has intentionally slowed updates for Windows 7. It's been taking 30 to 60 minutes to check and get a repsonse using Windows update on our Windows 7 machines. Windows 10, on the other hand, is rapid, but buggy with more than one failed update that required running a script in an elevated command prompt to get it removed, when not needed, or installed. Having experienced annoying and on one PC serious issues with Windows 10, our Windows 7 PC's are staying with Windows 7, with automatic updates disabled. I manually check now, with recommended updates turned off, since I lost all trust in Microsoft in the past few months thanks to sloppy work and buggy updates. I have been installing GWX Control Panel in most of our customer computers that are still running Windows 7 or 8.1, with their blessings and often at their request since they like their PC the way it is.

    1. Re:Windows 7 updates slow these days by QuietLagoon · · Score: 4, Interesting

      It almost seems that Microsoft has intentionally slowed updates for Windows 7...

      I wonder if it has something to do with Microsoft no longer doing service packs.

      .
      Nowadays, the Windows 7 windows update client has to pour through everything since SP1 to find the dependencies and omissions, in order to determine what updates need to be installed. It is almost as if the service pack team didn't tell the windows update team that service packs would be discontinued, so now the windows update process is basically flopping around in a dependency tree so large that is is falling over on itself. If Microsoft were to issue a SP2 for Windows 7, then the dependency tree would be small again and windows update would move more quickly.

      .
      Windows 10 doesn't have the slowness problem (yet) because the dependency tree is much smaller on the newer OS.

      Or, it could be just as you say, Microsoft is intentionally slowing down the update process for Windows 7, trying to put a hurt on the customer experience.

  9. Re:Win-10 Nag included in the deal? by gstoddart · · Score: 2, Insightful

    Oh, sorry, Microsoft has decided it is their computer, and you may only use it according to how they see fit.

    They don't give a crap about what you want here, they're just going to automate this stuff to take away all the scary bits.

    Apparently you're not qualified to concern yourself with such things.

    --
    Lost at C:>. Found at C.
  10. Re:Tuesday? by Dutch+Gun · · Score: 2

    You may be surprised to learn it's only the second Tuesday of the month ("Patch Tuesday"), and not every Tuesday.

    It's actually a sensible policy that allows corporations to plan on regular updates. A large company can't simply accept patches without a lot of testing to make sure they don't accidentally bring down every computer in the business because of some issue with their mission-critical software. That sort of little mistake can cost many millions of dollars. By regularly scheduling the patches, the IT staff can plan a regular test and integration cycle.

    On the development side, these fixes have to go through a huge battery of tests before they can be deployed. This can take quite a while to do. I'd imagine it's much easier for MS if they can perform these compatibility tests on an entire batch of fixes, rather than doing it for each single patch. You can argue it's likely more damaging to have a badly-tested patch bring down a large number of machines than whatever was being patched in the first place.

    In the event of issues that are time sensitive (critical zero-day issues), MS has been known to push out-of-band patches. Most patches though, especially anything not already found in the wild, are not nearly that time-sensitive. Keep in mind many of these flaws have existed for years, possibly even decades, before being discovered.

    --
    Irony: Agile development has too much intertia to be abandoned now.
  11. Re:Win-10 Nag included in the deal? by mythosaz · · Score: 2

    ...you mean, other than just letting your "office" machines get their patches directly from the internet instead of WSUS or SCCM?