Slashdot Mirror
Microsoft Kills Off Security Bulletins (computerworld.com)
Microsoft has officially retired the security bulletins this week, which were issued to detail "each month's slate of vulnerabilities and accompanying patches for customers -- especially administrators responsible for companies' IT operations," writes Gregg Keizer via Computerworld. "The move to a bulletin-less Patch Tuesday brought an end to months of Microsoft talk about killing the bulletins that included an aborted attempt to toss them." From the report: Microsoft announced the demise of bulletins in November, saying then that the last would be posted with January's Patch Tuesday, and that the new process would debut Feb. 14. A searchable database of support documents would replace the bulletins. Accessed through the "Security Updates Guide" (SUG) portal, the database's content can be sorted and filtered by the affected software, the patch's release date, its CVE (Common Vulnerabilities and Exposures) identifier, and the numerical label of the KB, or "knowledge base" support document. SUG's forerunners were the web-based bulletins that have been part of Microsoft's patch disclosure policies since at least 1998. Microsoft did such a good job turning out those bulletins that they were considered the aspirational benchmark for all software vendors.In February Microsoft canceled that month's Patch Tuesday just hours before the security updates were to reach customers, making the bulletins' planned demise moot. Microsoft kept the bulletins the following month as well, saying it wanted to give users more time to prepare for the change to SUG. Finally, when Microsoft yesterday shipped cumulative security updates for Windows, Internet Explorer, Office and other products, it omitted the usual bulletins.
Fuck Microsoft.
Burn the motherfucker down.
Consulting for several large companies, I'd always done my work on Windows. Recently however, a top online investment firm asked us to do some work using Linux. The concept of having access to source code was very appealing to us, as we'd be able to modify the kernel to meet our exacting standards which we're unable to do with Microsoft's products.
Although we met several technical challenges along the way (specifically, Linux's lack of support for some things and the fact that we were unable to defrag some stuff), all in all the process went smoothly. Everyone was very pleased with Linux, and we were considering using it for a great deal of future internal projects.
So you can imagine our suprise when we were informed by a lawyer that we would be required to publish our source code for others to use. It was brought to our attention that Linux is copyrighted under something called the GPL, or the Gnu Protective License. Part of this license states that any changes to the kernel are to be made freely available. Unfortunately for us, this meant that the great deal of time and money we spent "touching up" Linux to work for this investment firm would now be available at no cost to our competitors.
Furthermore, after reviewing this GPL our lawyers advised us that any products compiled with GPL'ed tools - such as gcc - would also have to its source code released. This was simply unacceptable.
Although we had planned for no one outside of this company to ever use, let alone see the source code, we were now put in a difficult position. We could either give away our hard work, or come up with another solution. Although it was tought to do, there really was no option: We had to rewrite the code, from scratch, for Windows 10.
I think the biggest thing keeping Linux from being truly competitive with Microsoft is this GPL. Its draconian requirements virtually guarentee that no business will ever be able to use it. After my experience with Linux, I won't be recommending it to any of my associates. I may reconsider if Linux switches its license to something a little more fair, then maybe. Until then its attempts to socialize the software market will insure it remains only a bit player.
Thank you for your time my friends.
They're not really gone, they've just moved them into a searchable "security guidance" website. You can still find them and read through all the technical details.
RARE FACT. There is a secret parallel set of advisories still for various invited parties. Historically this is a small set of institutions, and large companies. All sworn to secrecy. But I will divulge one long time member.. the US Navy. I know other members.
The problem with the early info is that diffs could be made from a patch's results to reveal the actual exploit BEFORE a Patch Tuesday. Essentially a white hat zero day source. Thus the very limited nature of invitees to this pre patch security list program.
I bet the inner sanctum still will get advisories and not have to blindly hunt a database constantly. I'd bet and be correct!
This fact above will get left at 0 or buried at -1 because slashdot readers never scan and moderate correctly for anons as they ought to.
We fix everything that's important. We log everything that's important. We come on every computer you own by default. Why do you not trust us and accept your fate?
Related link: "To Serve Man". There's also a book if your attention span is over 24 minutes.
Microsoft = Job Security
same thing with all the patch descriptions available on the windows update client. absolutely no details. even kb articles are often lacking.
then came "rollups" that don't say a damn thing about themselves or their contents, either, unless you go look for the info
and now we have monthly 'catch all' updates, again NO FUCKING INFO AVAILABLE.. and more often than not, even when you go looking for the details, still nothing.
combine that with now obscuring security announcements
and the force feeding of updates (even non security non bugfix varieties)
and windows ecosystem, as 'supported' by microsoft, is absolute and total shit. whereas before it was just trash. but at least it was trash you could pick through to find the bits and pieces you actually wanted.
"Security" Bulletins
there, fixed that there for you...
This is why windows SUGs O.o
RARE FACT
Do not spread!
Big customers get perks, go figure. Those big contracts allow M$ to hire people to publish and manage the security info.
-- I have a private email server in my basement.
Facts are not allowed on slashdot! Get out of here you menace!
Why does Microsoft hate its user base so much?
Really, if this isn't one of the most anti-user things they've done (besides Windows 10) then I don't know what is.
It seems like every week they find a new way to say "Fuck you!" to their users.
Just cruising through this digital world at 33 1/3 rpm...
It is like a DeLorean pulled by the Pony Express finally reached zig heil MpH somewhere to remind us of events in the past from not repeating in the future.
But the postage wasnt paid, and my secretary didnt receive dictation correctly while listening to the radio. Oh and Archive DOT Org will go thevway of LinuxGames or HappyPenguin...and MySpace, and soon /.
-Dr. Clawwwqgg
This fact above will get left at 0 or buried at -1 because slashdot readers never scan and moderate correctly for anons as they ought to.
Fucking racists.
I would mod you up - but then your a anon___coward, good post though.
Get up!
What's the point of this?
To hide vulnerabilities from hackers, so that people who simply refuse to update Windows can't be targets?
Is that it?
READY.
PRINT ""+-0
Hooray, yet another EULA I have to sign.
Lot of people complain about stuff they never used anyway. I hardly ready the bulletins even when Microsoft published them. Of course my complaint is not about what is in a security update but its the crap Microsoft is placing in Windows updates that is not security or function related of the operating system. Microsoft seems to take advantage of Windows update these days to push whatever it wants through that conduit. This is more concerning than not being able to read a security bulletin.
The reason is quite simple: these are no longer security patches.
Remember the IE11 vulnerability patch on Windows 7 that turned out to also nag you to update to Windows 10? Expect more of those . Or the recent case when Win7 and Win8.1 users were purposefully blocked out of updates on AMD Ryzen and Intel Kaby Lake (if I remember the right lake) computers with a "security" update? Expect more of these sabotages. I won't even detail the part where the QC is so disgustingly bad they also blocked out the legit and should-be-supported AMD Charrizo users with said patch. Expect more bugs and failures.
Been reading it for 10 years, but just recently the quality of comments has gone right down. I'd say 80% of the above comments were just trolling each other. And its like that for most stories I read recently. Wise up or this place is going the same way as Digg.
I have excellent Karma and I am not afraid to Troll it.
Cue the brainless Microsoft apologists who will try to spin this into something other than yet another reason to stop using Microsoft software.
So you poor sheep that *still* use Windows are getting further ass-raped.. No more information as to WHAT is actually *in* the updates they force on you... Kinda like MS saying "You'll take what we send you and you'll LIKE it.. You don't NEED to know whats *in* the package we send you..."
Soooooooooooooo damn glad I no longer deal with MS issues.. I did that for 20 years and when I retired, I decided my systems would be 100% Linux.. Couldn't be happier...
THANK YOU, Edward Snowden!! Americans owe you a debt of gratitude (whether they know it or not..)
only leases for entry, not yet admissable in a court of law (or the modern tribunal of commerce).
In Other Related News, there are no trees on flat Earth.
A searchable database is much more useful than a collection of individual bulletins that, at best, cross-reference each other.
It looks like a some people are getting angry about the headline without realizing that it is being replaced with a modern, searchable interface.
On a related note, the headline sucks. I guarantee 99% of people associate "killing off" with complete elimination of the functionality, compared to words like updating, reworking, or revamping---which imply the functionality remains in a new form. I do expect editors to understand the nuances of the words they use.
---
According to the latest ruleset, this post should be modded as Vorpal Flamebait +5.
Microsoft has offered pre-release patches and even Windows source code to enterprises for years. I assume these organizations will get patch notes as they always have.
It is not available to anyone, but I imagine the US government qualifies. You generally need to be large enough that the accompanying NDA will hurt a lot if you disclose their code or vulnerabilities.
Your comment confuses the issues and deserves to sit at 0 or -1.
---
According to the latest ruleset, this post should be modded as Vorpal Flamebait +5.