back to article MS Patch Tuesday to include trio of 'critical' fixes

Next week's Patch Tuesday will see Microsoft issue three updates that fix "critical" security vulnerabilities in Windows, Office and the .Net framework. The critical designation is Microsoft's most severe rating and usually applies to flaws that can allow a computer to be hijacked with little or no interaction on the part of the …

COMMENTS

This topic is closed for new posts.
  1. Thomas Martin

    I would switch to Linux in a minute !!

    Give it up Micro$oft !! Your product is so full of holes it's like Swiss cheese! Even your new flagship, VistA is full of holes and now you have more to patch.

    If Linux would ever get a full line of drivers and popular applications would port over to Linux, I would switch in a moment and say "byb-bye Micro$oft".

    T.

  2. Andy Bright

    Hurrah

    Three new presents to open this Patch Tuesday Day...

    Wonder if I'll be able to get to sleep on Patch Tuesday Eve, waiting for Santa Microsoft to automatically deliver my gifts.

    What do you guys eat on Patch Tuesday Day? We generally go for wings and philly cheese steak sarnies - but each country to its own.

    "Well I wish it could be Patch Tuesday every day..

    When the software downloads and the computer begins to play.."

    "I wish you a merry Patch Day, I wish you a merry Patch Day, and a non-BSD You Must Reset to Apply These Changes.."

  3. Anonymous Coward
    Anonymous Coward

    MS Patch Gripes

    Why the Gripes at patching? It says something, does it not, that 90% of the computers in the world today, run MS of somekind. Forget whinging on about software compatability meaning that everyone is tied to XP, or that driver compatability cause people to have to use MS products. It's fact that 5 years on, its slightly (well, very), crap that MS are still patching their OS, but, to be honest, its still an amazing product.

    Yes, when Linux and the alternatives get there act together, then they can start sniping. But come on, MS is actually a good piece of software - i'm sorry, but if you were hardcore against them, you would just switch. Stop complaining, grow up, and realise that if you were serious about what you were saying, you would do something about it.

  4. Don Mitchell

    Fixing Bugs

    It is not humanly possible to produce a program as complex as a modern operating system without bugs. If Microsoft is releasing patches, it means they are working to fix and improve their product continuously.

    Don't people install patches for Linux? If not, then I guarantee you it is not because Linux is without bugs. It just means you aren't fixing them, or nobody knows what they are.

  5. Shannon Jacobs

    Switch to Linux? What's stopping you?

    Well, at home, nothing much is stopping me. There was one MS-centric website, but I finally got the workaround. Now I can pretty much do everything I want to do at home using Ubuntu (though I really started switching about a year ago).

    Unfortunately, at work I still have to use Windows about 70% of the time. In particular, the main corporate email system...

  6. Corrine

    I hate to break it to you but...

    Microsoft has an even worse line of drivers and applications than Linux does. Outside a few expensive things like office, and a couple free ones like Outlook Express, Microsoft does nothing at all besides create a platform from which to run *other* companies programs using *other* companies drivers.

    You can't even get online without 3rd party drivers. (thus the woes MS has had with trying to get 64-bit going). Microsoft's strength is not Microsoft's code, it's the monopoly they have that gets other people to program for them as if 'PC' and 'Windows' was synonymous. (Microsoft doesn't get all the blame either of course, The rampant third party drivers are a big part of Window's stability issues as well, I see a lot of crashes caused by shoddy manufacturer code.)

    That said, you shouldn't be complaining about the patches you're getting, but instead about the ones you aren't. (I see no patches for the critical JavaScript vulnerability in IE that was reported earlier this month that lets websites install software on your system for example.) Most of the security patches I've done for OSS over the years has been within a couple weeks of somebody pointing out the flaw.

  7. Daniel

    El reg and its common sense readers

    Thank the higher power we have some users of common sense.

    i'm not saying that MS is our saviour, but thankfully MS TELLS us its patches are of the serious nature..

    Last "Automatic" update I received on my bsd box (ya ya ya), it just said it resolves important buffer overflow issues in "select" situations. I dug a bit deaper, and it had to do with a root exploit during some sql read ops. Was not even that hard to reproduce either, assuming I dont use a firewall.

    Now, going to bash a MAC real quick too, still getting "important" updates eh? Tell me when your software is perfect...then I'll find another bug.

    No matter WHAT software you use, there is ALWAYS going to be one more bug.

  8. Nathanael Bastone

    Typeing this from a mac

    need I say more?

  9. Sceptical Bastard

    The good, the bad and the ...

    Quote: "But come on, MS is actually a good piece of software..."

    Excuse me? What, pray tell, is your definition of 'good'? Closed source is 'good'? Overpriced is 'good'? Security features available but defaulted to their most insecure settings is 'good'? Unnecessarily resource-hungry is 'good'? Snap-ins and a management console that are a sysadmin's nightware is 'good'?

    I shudder to think what you consider 'bad' software.

  10. Anonymous Coward
    Anonymous Coward

    The Internet...

    ...make it very easy for Microsoft / Apple / Linux (and other types of software) to distribute patches for their products.

    So instead of making sure it is 99.9% working before release, they seem to have this attitute of releasing the product first and fixing it later. Let the paying public "test" it for them.

  11. amanfromMars Silver badge

    Running Scared....

    "the main corporate email system..." The Key AI Key which unlocks the Value in Operating Systems.

    And all the pussies are frightened of using IT in Fear of what might be contained therein.

    However, Words with the Power of Dreams will always Vanquish Nightmare Scenarios

  12. Remy Redert

    Compatibility

    The issue here are people like mister Thomas Martin, who, instead of just sitting there and waiting, should install linux (Perhaps dual boot to it) and use it as much as possible.

    It's not the amount of people that want to use linux, it's the amount of people that actaully do use linux that determines wether or not software producers will start to port their software to linux.

    Linux is not without bugs, which is why there are regularly patches for all manner of programs as well as occassional kernel patches. The stable kernel, however, has very few known bugs and bugs that are found tend to get weeded out quite rapidly, because of its open source nature.

  13. Ralph Jolly

    Patching, what's wrong with patching?

    I have a couple of MS Windows and Linux boxes, ALL need patches applied from time to time. In fact I'd argue my Linux boxes ask for more patching than the MS ones. It's the way with computing, we understand things aren't perfect and we live with patching as a result. I don't like it but I live with it. To say that switching to Linux will solve your patching woes is both deluded and some other word I can't think of at the moment but I'm sure there is another one.

    The grass is not always greener, just a different shade.

  14. David Shaw

    switch to Linux

    I have the only Mac in a multi-thousand M$ machine environment, actually that's not true, it was true in 2001 - when I had to keep a small box of WindowsNT for doing the corporate stuff, now I reckon we've a score or so Macbook Pro's and even an X-serve cluster seems to be growing nicely.

    I found an ancient (actually it seems to be both ancient and current in a special M$ way) piece of M$ software, "Microsoft(R) Remote Desktop Connection Client for Mac version 1.0.3 (C)1998-2002" which runs perfectly on the Macbook Pro , allows me to virtually appear on something called a Windows 2003 Server, and do my ten minutes a day of corporate Dilbert-duty.

    Whilst browsing the Web for the free Microsoft Remote Desktop Client for Linux, which I still haven't found - but may be out there somewhere - I was able to get an open source version from http://vcl.ncsu.edu/site/pages/help/linux-rdp-instructions.

    having a distant virtual corporate windows box connected to my preferred Mac or Linux client would seem to free me from Patch Tuesday and the Zero-Day Hack Wednesday that might follow.

    I don't think we need *really* need M$ on the desktop, do we?

  15. Ned Fowden

    it's all about how you use it

    to be very honest with you, very few of these critical updates affect me to any great length.

    i've just bought a new laptop with windows vista basic, and it's too packed with items that i don't need or use.

    I try to strip all the extra's out and install all the tried and trusted applications i've used on XP.

    i've had to upgrade one or 2 to be compatible with vista but that's a small price to pay for the security i know i'm getting and a safe & stable system.

    and thats the same for all my machines, whether at work or home.

    get it running and secure to your own peace of mind and let the techno geeks whine on about critical updates and the perceived vulnerabilities.

    i'm happy in ther knowledge that i'm safe & secure through my own actions.

    i don't worry about others and i've been fine for a long old time :)

  16. Anonymous Coward
    Anonymous Coward

    Spelchek

    Nathanael Bastone: "Typeing this from a mac - need I say more?"

    erm no, but you may want to turn on the spellchecker if your JobsBox has one.

  17. Kevin Hall

    Patches are a fact of life

    All this MS bashing is a bit pointless as I have never used an OS that didn't need patches, whether it was Windows, Solaris, VMS, Netware or Linux. About four months ago I installed Ubuntu 6.06 and it downloaded about 600MB of patches after installing. I don't regard that as "bad" more a case of that's as good as software is. The main problem I find with Linux distros is they come with so much software the requirement for patching can be significant. To be honest the worst patching experience I have ever known is with Oracle Applications where patching can be incredibly time consuming and very difficult to do. No one has a magic bullet for this problem.

  18. Doug Bird

    Why is MS overpriced?

    Why do I hear people throw out that Windows is overpriced? As I recall, MS made its inroads in all the places it has near-monopoly power by offering software at deep discounts compared to competitors. This was the case for Windows, and Office as I recall. Granted, Office isn't the cheapest anymore. But what is cheaper than Windows?

    Mac OS X and their constant parade of pricey feline upgrades dont seem any cheaper. If you can use only Linux on your desktop and not rip out your hair on a near daily basis (and still be in contact with the outside world).. that's just lovely and I'd love to meet you to learn the secrets. I tried it for 3 years and finally went back to windows. Boy have I spent much less time downloading upgrades and strange "packages" for various distros of Linux, and actually USING my computer.

  19. Mike Arthur

    Here we go again

    It's MS bashing time...

    Let's face it for the vast majority of non IT literate users Windows of whatever shade is undoubtedly the way to go. Simple, easy to use, easily the best supported, widest range of software etc...

    The big machine builders, Dell, HP etc ship windows on the bulk of the machines they sell, why? because that's what the public want.

    The majority of readers of the Reg are IT literate, working in IT somewhere, so are more likely to use other OSs and therefore able to point out flaws, compare between different OSs etc. This doesn't mean that Windows isn't the 'right' choice for Joe Public.

    I work with Windows, solaris, various *ix but use windows at home, why? I like to game a lot and if that's your boat, you cannot use anything other than windows.

  20. Lloyd

    Well

    I'd install it but the last critical patches Microsoft released crashed my XP box on 8 or so occasions when I tried to install them which is pretty shit seeing as I'd only rebuilt the box 3 months beforehand. So anyway, can't see myself installing these any time soon.

  21. Fenwar

    good patch / bad patch

    As others have said, patches are unavoidable, whatever OS you're using, someone will always find another bug.

    What I don't like about Windows update is the feeling that each patch is just as likely to disable some function that I was capable of using perfectly safely (e.g. active content on CDs), embed some horrible Digital Restrictions Management to quietly poison my media files, or just straight up install spyware like WGA.

    Whereas with patches to a free, open source OS, you know that it's just going to fix the bug or plug the hole - and you can even go and check the diffs for yourself if you want.

    Worse still are the scare tactics Windows throws at you, should you have the bare-faced cheek to *choose* when/whether you update your computer - leading to a false sense of security for those who do turn it on. "Your computer may be at risk!" - but that risk magically goes away if you're patched?

  22. M Howlign

    RE: David Shaw

    I am very very surprised your system admins let you remote desktop into one of the servers. There is no way I would let any of our users do such a risky thing. And besides which you'd still be subject to the Patch Tuesday, just on the remote machine. In actual fact it would be more likely that the server wouldn't get patched (at least not immediately) as it is far harder to patch a server as 80% of the patches require a reboot. Which if you've got an in demand server, is a bit of a no no. We have to roll up the patches and come in on a weekend in order to install them one a low usage day.

  23. Anthony Mingus

    Switch? I already did!

    I found that most of what I do on the computer is web based, so I really can live without M$. When I had M$ I was using Open Source software anyway. Open Office, Firefox and Thunderbird.

    Yippee, the chains are free.

  24. Andy Bright

    Commodore Mac Linux A500

    Is Linux a better OS? Yes. Is the Mac a better made computer than your average PC? Of course.

    So why not switch? Well mostly because we can't.

    Many of the every day functions you carry out on a computer are more easily and better done on both those options, but usually there's several underlying reasons why we can't change - and thinking Microsoft is great isn't one of them.

    For my place of work one reason is the necessity to run industry compatible CAD software. You can get CAD on both these platforms, but not the certified applications or more importantly, the specialty addons that come with AutoCAD or Microstation. When designing buildings, roads, bridges and other government mandated civil engineering projects, we have to use the software they use, and we have to produce the graphics they have certified. A simple example would be road signs, which have to be produced with a certified application - despite the fact its only a drawing, and one the sign producing company will never view. Crazy stuff right?

    Other people no doubt have other requirements that also can't be met with the software available on either of these platforms.

    Then you have the ultimate reason - the most frustration problem almost everyone in corporate or government IT deals with on a daily basis.

    Mandated standards.

    We have absolutely no choice in the software, hardware or the configuration of either.

    Usually we're stuck with one supplier, one hardware producer and Microsoft.

    Why? Because the only people that aren't in the decision making process for those standards are those with any sort of background in IT. None whatsoever. Touched a computer in a vaguely professional way and you're about as likely to be included in that process as your neighbour's dog.

    I work for State Government in the US. This means the IT bidder with the best lobbyist, the most palm greasing funds and whatever the kid who lives next door to the Governor said at a barbecue decides the computer systems I use. Dell is actually a four letter word, count them.

    Should I go work for the local Mac Store or try to start my own business selling Linux desktops? I could, but once you get past the frustration of having to use certain products, the rest of the job is actually quite interesting.

    How bored would you be if you never had to deal with malware or badly configured firewalls? If you guys got your way and there were Macs on every desk, the only thing I'd have to do would be software installs and word processor training. No thanks, that's worse than not being able to choose my own kit.

    I like having money too, it pays for my WoW subscription (which I play on a Mac).

  25. Jim Coe

    Some Patches

    I too have a new Core 2 Duo laptop which, instead of being a powerful machine, has been reduced to a juddering hulk by Vista Home -Premium(?) OEM, which latter is not even a complete OS!

    I can work for 95% on Linux, and if Tesco would only recognise Firefox it would be 97 1/2%.

    If I was a blt younger and could find a decent programming course , I would

    write my own patches like many Linux users do,tell the original author,and post them on the Net.

  26. James Penketh

    eltiT

    ". If you can use only Linux on your desktop and not rip out your hair on a near daily basis (and still be in contact with the outside world).. that's just lovely and I'd love to meet you to learn the secrets. I tried it for 3 years and finally went back to windows."

    I use only Linux on my desktop, I'm still in contact with the outside world (well, the parts of the outside world that are worth talking to).

    I don't tear my hair out on a daily basis. It's actually easier and quicker for me.

    Now, back on topic (as it were), the number of patches is nothing.

    The most important think about a software patch is that the ones that fix the most dangerous problems are the patches send out the fastest.

    Would you rather have that a patch to fix a potential exploit that allows a malicious cracker to take over your PC be kept waiting until a patch that solved a slightly mis-coloured font in a rarely used app. was released?

    Thought not.

  27. Anonymous Coward
    Anonymous Coward

    Small correction... re: Patches are a fact of life

    I'd just like to comment on this... "About four months ago I installed Ubuntu 6.06 and it downloaded about 600MB of patches after installing." ...I actually installed Ubuntu 6.06 over XP this very day for a computer illiterate friend because she's sick of viruses and malware and I've spent enough time cleaning it up already. After installation there were 142 updates totalling 127 MB. Bare in mind ALL installed software is automatically updated when new versions are available (with new features as well as fixes), it's not just OS security patches.

  28. fon

    wot??? me no patch!!!! :) :)

    It may surprise some people here, that I use an OS that is STILL totally unpatched, gets no problems, still works great with all the media formats out there..

    Windows98SE is still better for general internet & documents, with win2000 still good.. My hardware firewall stops most, AVG the rest...

    It may be because I *never* upgaded IE from the original, never use outlook, never bothered with any SP, and only use OPERA & FF.. oh and free media players from free-codecs.com...

    The sad but true story is, you either pay someone to do the work on making a good OS (MS or Apple) or you get it almost free, and spend alot of your time and expertise to get Linux, etc, going as good...

    The plus part about Linux is that it will usually find the right drivers for almost *all* your equipment at first install!! :) so it is just the other stuff like mediaplayers that are the problem.. yes, special MS formats giving the problems...

    can anyone say that XP or vista will do this, without even asking for an install disc??? ie get Hires video working, screen working, sound working... and then also load the bluetooth software 'just like that'??

    The next thing about linux is, as a linux website said.. "the problem is us" .. there are so many flavours and parts of linux, each with its own idisyncracies, that the normal person is confused, and is frightened off... It will take a much better 'unity' to improve it hold on the market...

This topic is closed for new posts.

Other stories you might like