Feeds

back to article Microsoft plans biggest ever Patch Tuesday

Microsoft plans to push out a bumper crop of 16 bulletins - four critical - as part of the October edition of Patch Tuesday next week. The updates represent Microsoft's largest ever Patch Tuesday. The patches will collectively grapple with 49 vulnerabilities. The four critical bulletins impact all supported versions of Windows …

COMMENTS

This topic is closed for new posts.
Silver badge
WTF?

Updates

And this is the company that recently slagged off its users for not having enough security?

And how is it that there isn't enough security with Windows so we have to go elswhere to find adequate protection?

4
7
Linux

get used to it

I've just applied the openssl updates on my Ubuntu workstation. A popup window, a description of the problem, and a password prompt because I had to authorise the fix before it applied. No reboot needed on this one, as it wasn't a kernel update so I just kept on working. Come to think about it it's a month or so since I did reboot it.

Any useful desktop operating system contains so many million lines of code (MLOC) that at any given time some of these will be risky, and the rate of discovery of faults and fixes in these seems to increase in proportion to the MLOC count. Alas a proportion of these faults will be zero day vulnerabilities which are not widely known about or patched yet, but your computer is vulnerable to a much greater number of attackers the longer you delay patching after these faults are discovered and published and fixes made available.

So go elsewhere by all means as I have, and you may find things less bad as I have, but don't expect to find perfection elsewhere because you won't, and whichever system you use you do need to keep up with the patches. But you are likely to find things better than what you are used to. Much of the trouble on the Net comes from compromised computers belonging to people using cracked and unlicensed versions of Windows, for which Microsoft has no obligation or incentive to provide patches and updates. That and the fact that most Windows users need to obtain software from 3rd party sites to get basic stuff done, where there is no integrated supply-chain quality-assurance and integrity verification of the kind you get with an open-source/free software Linux distribution repository and package management system.

8
0
Anonymous Coward

Re: get used to it

"I've just applied the openssl updates on my Ubuntu workstation. A popup window, a description of the problem, and a password prompt because I had to authorise the fix before it applied. No reboot needed on this one, as it wasn't a kernel update so I just kept on working. Come to think about it it's a month or so since I did reboot it."

This comment is interesting to me because I received the same prompt to update openssl, yet after installing it Ubuntu asked for a reboot. Should I have ignored this request? If so, I have to say this kind of behaviour is not very helpful for someone unfamiliar with Linux.

Incidentally, it's the second time *this month* I've installed Ubuntu updates that have requested a reboot.

1
0
Pint

The title is required, and must contain letters and/or digits

It might be more worthwhile if Microsoft did, as a public service, release security updates to all. That way compromised botnets could be reduced as vulnerabilities are patched. Think of it as vaccination to improve herd immunity.

Trouble is its a bit of an arms race out there, so ultimately all bets are off

0
0
Linux

@ac Monday 11th October 2010 08:15 GMT

"Incidentally, it's the second time *this month* I've installed Ubuntu updates that have requested a reboot"

We are likely to be on different Ubuntu versions or variants running different kernels. The openssl bugs would have applied across various security-supported versions, and these of themselves shouldn't require a reboot. But maybe your kernel updated as well at the same time and mine didn't. You'll probably find that Ubuntu needs to reboot fewer times than Windows for automated security related patches. Also depending upon the kernel problems fixed, the extent to which you understand these and your relative degree of firewalling and the services you are running and providing, not all kernel updates require an immediate reboot. But if you don't understand what a kernel fix was for, you are better off rebooting than not when the update system suggests this course of action. If you daily shutdown and restart your system there is probably no need to worry about this, as your kernel patches will be effective within 24 hours anyway.

0
2
Anonymous Coward

How many?

And here's me with a broken WSUS. Ah, well each workstation manually then it must be.

Better patched than not patched.

1
0

Depends

Have these been tested before you have rolled them out?

0
0
Gates Halo

Try...

downloading update installers from microsoft, writing a simple batch script running these in quiet unattended mode logging successes/failures to a text file, using psexec to run it on all computers and then perhaps manually updating those where your log file indicates any failures. Should be quicker if you got more than 5-6 computers to update.

0
0
Anonymous Coward

Be quicker

For me to get WSUS fixed than to learn and implement what you just described.

0
0
Bod

Non-story

I recall many occasions where a batch of Fedora updates would run into that number or more, most of which were security related.

Big deal.

1
2
Gates Horns

Yes, Big Deal

The entire world isn't locked into running on Fedora.

2
1
Linux

Locked?

"The entire world isn't locked into running on Fedora."

I'm not saying that freedom is easy, but it is available.

1
0
Silver badge

Re : Yes, Big Deal →

Neither am I, I must point out - I use SUSE

0
0

This post has been deleted by its author

Silver badge
Coat

It sure is a good thing we've moved past Windows XP

and onto The Most Secure Windows Ever! (TM)

1
1
Anonymous Coward

I thought Microsoft wanted

everyone to move on from IE6 and weren't supporting it any more so why the patch?

0
0
Anonymous Coward

Whoopie shit

I don't care how many patches are to be released or what OS everyone runs, I just appreciate the fact software can never be perfect and value the effort MS etc go to in providing us with the ongoing support and patches. Thanks, bye.

3
1
Unhappy

ugh, not again....

Dear El Reg....

Next time you post a story regarding Microsoft (tm) windows (tm) updates, do you think it would be possible to copy and paste the comments from previous stories regarding Microsoft (tm) windows (tm) updates to save everyone the effort of posting the exact same posts time and time again.

Its getting silly now...

yes, windows gets a new batch of updates....

0
1
Unhappy

re: Whoopie shit

"I just appreciate the fact software can never be perfect and value the effort MS etc go to in providing us with the ongoing support and patches. Thanks,"

I just ran software update on a customers Mac mini and really appreciate the effort Apple went to in providing the 900Mb update that has left the machine unable to boot!!!!!!!!!!!!!!!!!!!!!!!!

/sarcasm, no offence to OP

0
0
Happy

re: Whoopie shit → #

"I just appreciate the fact software can never be perfect and value the effort MS etc go to in providing us with the ongoing support and patches. Thanks,"

I just ran software update on a customers Mac mini and really appreciate the effort Apple went to in providing the 900Mb update that has left both my machines working perfectly.

/sarcasm, no offence to OP

0
0
FAIL

Just goes to show

You don't have much experience with a mac....900mb update. Never encountered one that size so what exactly were you updating.

The largest combo updater I've encountered on OSX was less than half that size. I bet your customer has never, repaired permissions, which do change through everyday use.

As any fool knows, don't use software update to update software. Manually dl and install locally, making sure you have a bootable back up, just in case. IT!!

0
1
Linux

Windows including Windows 7 and 2008R2.

So, are Microstuffed themselves now trying to gloss over the turd that was 'Vista' by referring to it as"2008R2"

Almost as big a joke as one of the world's biggest petrochemical companies opting for Vista globally.

Mind you, up until this, they were still using NT/2000...

1
0
IT Angle

RE: Windows including Windows 7 and 2008R2.

I think by 2008R2 they are referring to SERVER 2008R2.......

0
0
Silver badge
FAIL

No, they aren't

2008R2 is shorthand for Windows Server 2008R2 (Release 2, presumably, but I CBF to check).

Which, as I understand the roadmap, is the server version of Windows 7. Although the server version of Vista, Server 2008, was pretty good anyway, as the real cock-up in Vista was the front end, not the kernel, as such.

GJC

0
0
Alert

What was it this week, then?

XP has had some patches this week (2 for one system here, 3 for another). Can anyone enlighten me about those?

0
0
Unhappy

If only patches worked...

Do you know if any of those 49 vulns is .Net related? In my box the number of pending .NET updates from v2.0 to v4.0 that can't install properly is constantly increasing - presently there are 10 (ten!) of them in the list... I did spend one full day reading authoritative MS forums and trying various magic solutions to no avail. In the beginning I thought this must be MS's way to convince me I need to move on from XP, but from what I've read the issue gracefully plagues all versions of Windows. Since there are only a handful of .NET apps available and I'm not running any of them, I don't intend spending more time to address the issue until I migrate to Windows 8 in 2013 (provided I survive the 2012 doom). Fortunately, until then MS will surely stop issuing patches for XP and then I'll feel safe at last...

0
0
Silver badge

Re: If only patches worked...

Ah, that'll be the magic of .net. 7 different versions, all DLL hell on overload.

To fix, largely ignore MS's KB articles about small in place tweaks and uninstall the lot. Reboot. Install them again from fresh (new download versions). That should fix the .not mess for a bit until the next screw themselves up.

1
0

Worth a go

We had a similar problem, in our case the culprit was KB976569, had to remove this from all machines via scripts, because WSUS can't uninstall it.

0
0
Silver badge

Better yet,

since he said he wasn't using any of them, just uninstall them all and leave them off until he does need one, then install only that one which is needed.

0
0
Go

Just be happy ...

... they don't make you pay for the damn things.

0
1
Thumb Down

Bah Humbug.

Haaaa Big Knobs from Microsoft saying PEOPLE USING THEIR SOFTWARE, their pox infested software, their buggy, easy to hack, insecure, their technological "dumbarse" software... should be blocked if their FUNDAMENTALLY INSECURE Microsoft Operating system is hacked and or infested; and they should be licensed to use the web.

Prompting the next question: "By Whom?", Become a Microsoft Certified Web User - after paying a heap to Microsoft - to sit their shitty tests, for their shitty software.

More trips to the psych ward for overdosing on corporate moron bullshit?

No thanks.

OK. I confess - Microsoft gave me every good reason I needed to move to Linux, and Linux gave me every reason I needed to keep using it.

Microsofts patches are essentially worthless.

3
1
Silver badge
FAIL

Good greief, how could I have been so shortsighted? You have made the scales fall from my eyes!

Not really, just joking. Windows works perfectly for me, and thus I shall continue to use and support it. Thanks for your input, though.

GJC

1
2
FAIL

Billy G. Making Fun Of You

Mr Bill did some enormous talk about a so-called "Security Development Lifecycle" in 2006. You have to admit then man does indeed have some humor. Especially when MS recently had to fix holes which were present already in Windows 3.1, ca 1994 or so. Or their various crypto snafus like the latest with the unprotected cookie.

Read on you own:

http://www.microsoft.com/presspass/exec/billg/speeches/2006/02-14RSA06.mspx

Engineering for Security

BILL GATES: Well, now let's talk about progress in the second area, engineering for security. I mentioned an overall process that we've created, working with others, called the Security Development Lifecycle, and that's exactly this idea of going through, thinking about the threat models, understanding what code to run at what privilege level. Some of this involves the creation of new tools, tools that do extremely deep static analysis of our code, and for the first time we're actually able to prove properties of the code, understand does it ever get into certain states or not, and if it does, be able to show exactly the path that would create those states.

A lot of this is really going to the developers, getting them to write the security architecture as one of the very first things they do. We've documented this and we're sharing that, lots of good feedback, and active community involvement, so you can scope it so it works for projects of different types. Obviously, the ones we do are very large scale, but these principles actually can be applied even for doing simple Web sites, simple applications, it's still very, very important.

We have the tools built in to the Visual Studio compiler. These are the tools that we built ourselves to do these analyses, and so, for example, catching a memory overrun or looking at an API, we're actually not passing in the right kind of information, those will get flagged, and these tools run fast enough that you don't wait and have it be part of some fancy build process, literally this runs on every developers workstation before they can do any code check in. So making that quick, getting it upfront, we've found that that works extremely well.

0
0
This topic is closed for new posts.