Microsoft has one final bumper harvest of 17 security bulletins to release before the year is out. The record-breaking number of bulletins from Redmond will be pushed out next Tuesday and will address 40 vulnerabilities. Microsoft rates two of the 17 security bulletins "critical". Fourteen are considered "important" and the …
I am not a title - I'm a free man
Ho Ho Ho. Merry Christmas.
Thanks a lot, Microsoft. Guess I won't be spending my Christmas hols watching repeats of old James Bond films on ITV and the Snowman on C4. Instead I'll be patching boxes and trying to fix issues if they don't come up cleanly after having had so many patches applied.
Seasons greetings to you too, Mr Ballmer.
(\/) Ò_ó (\/) furious crabs (\/) Ò_ó (\/)
There are plenty of tools to partially or completely automate this process.
if it takes you until Christmas then that's ... very ... dilligent ... of you.
Everyone can has WSUS. It r maek patchez teh E Z.
That said, when your archaic bloody database software and/or random mission-critical chunk of industry-specific software decides to eat it's own face thanks to patches you can spend an awful lot of time Q_Qing.
For these reasons, many of us can't simply release the patches to WSUS and forget about it. We actually have to spend [timeframe] testing the bloody things on all of our various configurations.
I can sympathise with the OP. While it probably won’t take me until Christmas to do so (as the OP claims it will on his network,) it most certainly will take me until that Friday. Patches come out on the 14...I'll be testing until the 16, forestall deployment until the 17 because it's a Friday and I can reboot servers at that time without any blitting from the back buffers.
Automated deployment is free, and awesome. Automated /testing/ on the other hand…
queue the bleating about how liux is so much more secure.........
while ignoring how many times the linux boxes had updates available in the last month...
You are quite right
there have been many of them. Over a hundred Meg infact. However, I am pleased that I don't have to wait a month for my Linux installs to be updated. I really do not understand why MS wait to patch security flaws, it's not like they are short on resource.
Seeing as Win 7 is the most secure, designed from the ground up MS OS why the hell does it need patching anyway?
I run XP. Win 7 and Linux systems in case you are thinking "fanboy".
Linux may have had a squillion patches in the past [timeframe]. There is a critical difference however which you are glossing over:
With Linux, I only have to reboot when the Kernel is updated. For this reason - and this reason alone - will I never, ever even consider a Windows web server.
TO: anon cow
...The Linux updates do not have the same hoopla made of them because none are not held back for a scheduled release, but made immediately available. This continues to assure a more secure OS. It is a great trade-off.
Oi! You're forgetting OSX!
Honestly, you're upsetting Jobs here. After all that marketing, after suffering that itchy collision between beard and turtle neck every time he needs to announce a product - after all that you still forget Apple?
Honestly, what is the world coming to (its senses, I think, but I digress).
Kind regards, a Linux/OSX user.
Oh, and WinXP, but I use that machine maybe once a month (likewise with the Parallel's WinXP segment). And using it once a month makes you realise just how much crap you have to download to keep it running, both those platforms then spend a good 30 minutes, patching, rebooting and generally being no use whatsoever until they have had their updated. The OSX platform they run on updates, well, umm - every other week or so or less. As a matter of fact, I only really started Windows-alike update frequencies when I installed the Adobe PDF reader..
Anyway, I *know* why I no longer use Windows, and that has less to do with any fanboy-alike preference for anything else, more with actually getting some work done..
You often do have to wait for a month for updates for linux, once they're fixed they go into unstable releases, then they go into stable, then the individual distros pick them up and put them onto their updates.
As for not understanding why MS release each Tuesday - It's because their customers asked them to, in order to schedule testing and updates to to their own systems.
Why patches are monthly
See the other discussion thread about testing. By releasing once a month, an IT department can sit down once a month, discuss what patches apply to them, test them, and release them. If patches are drip-fed as and when, the admin overhead involved in properly testing updates before applying is such that many companies don't apply them at all.
Not even when the kernel is updated if you use ksplice
Over-egging the pudding...
...on the one hand, desktop OS updates are a breeze with SMS/SCCM/WSUS, and I very seldom see issues with machines struggling after patches.
Servers are a PITA because you can guarantee a reboot will be needed, and that needs scheduling. And while with them not coming back up is no more likely than with desktops, it's considerably more of an issue.
Server will probably come back up. Windows Server (ignoring 2008 along with Vista...) is a good operating system. The issue is whether the third-party software you are relying on was coded in such a manner that it exploited some bit that just got patched. Having your operating system get you to a GUI is worthless if the apps it is supposed to run go titsup.com after the patch.
This in no way has happened to me three times in the past month causing an overabundance of acute bitterness about the subject...
that can be dealt with by uninstalling the patch.
What fuss with WSUS?
Wsus and a few WoL packets will make light work of it.
Pass me some cake!
hols or holes
Another few holes blocked up in the OS equivalent of a sieve. XP, a decade of fixes and still counting.
As Windows 7 is a completely new rewritten operating system, how come it suffers all the same 'new' security holes found in XP.
Windows 7, Vista with a new frock on and not a nice one at that.
Does anyone know if...
...this batch addresses the alledged 2 unpublicised elevation of privileges as used by stuxnet?