Feeds

back to article MS preps four critical updates for September

Microsoft plans to release four security bulletins next Tuesday as part of the September edition of its monthly Patch Tuesday update cycle. The four slated updates - all described by Redmond as critical - covering remote code injection risks affecting Media Player, Windows Media Encoder, Office, and Windows. All supported …

COMMENTS

This topic is closed for new posts.
Anonymous Coward

So let me get this straight

They do an update only once a month, second tuesday of the month, and they call it patch tuesday.

Surely it is second truesday of the month patch.

Boy, and people pay for this, so not only do they mislead, the actual time period is massive between patches. Cor, I bet their OS is insecure.

Don't most operating system patch when there is a problem, here you will be exposed on average 15 days, but of course the exploits will be released on the second wednesday of the month, so on generally about 30 days, ouch.

0
0
Stop

@AC: Most vulns are mitigatable, and AV software is worse

Microsoft seems to have this habit of calling patches in user-level code "Critical" because too many idiots use said code while logged on to Windows with full admin. Running the same unpatched code as a non-admin reduces the threat a vuln presents to "Negligible."

By comparison, an "Important" vuln that permits privilege escalation is "Critical" to me.

I don't worry about these kinds of vulns. Hell, if I had my way, I'd approve updates only once every six months, and I do. Machines under my care can't run unauthorized code. And yes, I check. This leaves Java and Flash, and while Flash isn't as picky about security, IE7 is regarding plugin behaviour, and Java's even more so.

Contrast to typical anti-virus software. This requires patching once every single day, and in Sophos' case they're demanding you apply patches once every hour. And AV will fail to catch a new piece of malware unless you do this. And yes, I call this patching.

I trust Microsoft over Symantec any day. At least with MS I'm paying once every five years for a new OS, compared to paying Symantec every year for the same old AV.

Now if only I could write an automated bot to post to El Reg's Patch Tuesday articles each month...

0
0

@AC

Because of the massive number of patches that Windows requires, Microsoft came out with patch Tuesday so sysadmins would only have to restart every Windows computer once a month for patching.

Of course, sysadmins still have to restart every Windows computer 20 times a month for crashing.

0
0
Unhappy

@@AC

20 times a month?

Are you running Windows for Workgroups?

Haven't seen a crash here since. hmmm, can't remember.

Have had to downtime for software installs but crashes?

Me thinks you may need to review what the cause is because while I'm a linux fan at home our office systems are MS by request of management and are stable, albeit inefficient.

0
0
Happy

update its malicious software removal tool

... is the CERN computer online?

0
0
Heart

@Pinwizard

Shockingly, I agree with you. All windows environments are stable. We do have a 'flakey' server, but that's been attributed to hardware.

0
0
Gates Halo

quality issues?

Delayed due to "Last minute quality issues"?

Since when did that stop them before?

0
0

Try running your own WSUS server !.

3 Weeks ago i built up a Microsoft WSUS for an organisation with a few offices. Single domain, WAN connected.

I set up WSUS to pull in Patches, Security updates etc... only for the Software they use. Just a typical office, and pretty standard Servers.

After a full Sync, the WSUS server needed to pull in 82, yes 82GB worth of updates !!, covering some 3,128 updates.

INSANE.

Their small DSL link is still pegged out now downloading.....

0
0
This topic is closed for new posts.