back to article Microsoft Santa gifts you with 5 critical fixes in Xmas Patch Tuesday

December's Patch Tuesday brought seven bulletins from Microsoft, five of which cover critical security vulnerabilities. A critical update for MS Word (MS12-079) is rated by security watchers as the most important of the batch. A flaw in Rich Text Format (RTF) processing poses a severe risk because Microsoft Outlook automatically …

COMMENTS

This topic is closed for new posts.

Preview pane ...

... hasn't the standard advice for that last thousand years been to turn OFF the preview pane?

2
0

This post has been deleted by its author

Anonymous Coward

Re: Preview pane ...

Re: Preview pane ...

".. hasn't the standard advice for that last thousand years been to turn OFF the preview pane?"

.. hasn't the standard advice for that last thousand years been to turn OFF MS software? - Fixed

5
3
Bronze badge
Childcatcher

Re: Preview pane ...

In many cases, this is not advice, but company policy. It seems that as this feature has been exploited many times in many ways that it should have been more a focus for hardening than it seems to have been over the years. Making the preview pane use plain text by default would be a good start.

1
0

This post has been deleted by a moderator

Gold badge

Re: Preview pane ...

hasn't the standard advice for that last thousand years been to turn OFF the preview pane?

Thank you. You just explained a couple of cave drawings we just couldn't make sense of..

1
0
Bronze badge
Mushroom

Re: Preview pane ...

Rememebr that the first and worst internet virus / worm ever was on UNIX based systems!

0
2
Gold badge

Re: Preview pane ...

Yup - and THEY learned from that experience..

0
0
Silver badge
FAIL

Just in time for Crimble

And many business will have implemented a change freeze already. So a good number will not be applying this load of patches until 2013. Great timing Microsoft. Not.

2
0
Anonymous Coward

Re: Just in time for Crimble

Yeah, i only there was a way to predict when patch tuesday is...

Also, all a change freeze does is pevent rollout, not testing...

0
1
Anonymous Coward

Re: Just in time for Crimble

And may I suggest rigorous testing? Our intranet fell over for 48h due to a bug in one of the updates...

1
0
Anonymous Coward

Bing Desktop

Why are Microsoft pushing Bing Desktop through Windows Update? It's bad enough they push Silverlight through it, but Bing Desktop? WTF!

3
0
Silver badge
Coffee/keyboard

Re: Bing Desktop

Keeps the numbers up.

3
0
Mat

Re: Bing Desktop

It's the only way they're going to.. It's still crap!

2
0

This post has been deleted by a moderator

Silver badge
Linux

Re: Bing Desktop

Someone mention Bing and Google in the same sentence? Funny thing is, there's a very interesting story involving those two I drive microsoft apologists mad with every time I bring it up round here. It's extremely embarrassing for them, so naturally they really, really want to airbrush it out of history. Have no fear - we can look forwards to seeing it right through 2013, lest we forget :-)

1
1
Bronze badge
Mushroom

Re: Bing Desktop

That's an optional functionality update, not a security one.

0
2

This post has been deleted by a moderator

Re: Microsoft is the SAURON or Critical Vulnerabilities

"to be continued..."

Oh great.

3
0
Anonymous Coward

Re: Microsoft is the SAURON or Critical Vulnerabilities

Oh do give it a rest, it's getting beyond tedious.

2
2
Anonymous Coward

Re: Microsoft is the SAURON or Critical Vulnerabilities

Sjeez. I nearly dislocated my jaw yawning..

1
1
Silver badge
Linux

Re: Microsoft is the SAURON or Critical Vulnerabilities

I think it's only half bad, you AC downvoters should be ashamed of yourself.

2
0
Anonymous Coward

Re: Microsoft is the SAURON or Critical Vulnerabilities

Nice imagination, but in the real world Linux distributions have an order of magnitude more vulnerabilities than current Windows versions...

0
0
Silver badge
Windows

Unfortunately it doesn't only fix stuff...

Together with the patches they also rolled out their Windows Management Framework, also known as PowerShell 3.0, for Windows 7.

That by itself is of course good news; a new version of PowerShell can be quite useful since it introduces several new features and makes other aspects easier to use, also for new users.

UNFORTUNATELY.... PowerShell is like Unix in some way; you really need the manual or help section around to use as quick reference. 2.0 did a pretty good job IMO because a default help screen gives you a good information overview while commandline parameters allow you to get everything (-Detailed) or simply a bunch of examples (-Examples).

PowerShell 3 otoh now introduces localized help screens. So; say you're on a Dutch version of Windows, then your "UICulture" will be set to "nl-NL", thus making PowerShell look for the help section in the "nl-NL" directory (found in the PowerShell system directory).

Just too bad there there currently is no such thing as a localized Dutch help section. And to make matters worse; PowerShell also does not provide any features what so ever to tell its help system (the "Get-Help" cmdlet) not to look in "nl-NL" but use the default (and in my case preferred) en-US instead.

So the only way to overcome this is either manually copying your help stuff from one locale directory into the other, or device a work around (script) which temporarily hacks your UICulture settings (which is kinda flakey).

Everything seems to be going to pieces with Windows as of late, totally unsatisfying. And PowerShell used to be so good.... :-(

1
0

This post has been deleted by a moderator

Anonymous Coward

Re: Unfortunately it doesn't only fix stuff...

This doesn't remotely surprise me. Even the largest US companies barely acknowledge the existence of other countries when developing and testing software.

0
0
Thumb Down

Arrgggh a mass rebooting session as well!

I tried the latest patches on one of my PC's to see if a reboot is required. And, it is. Another weekend of updates and reboots to waste my time.

When U$oft marketing departments compare the TCO of Microsoft against alternative systems this is one metric they leave out.

My Linux platforms seldom need a reboot and, even if they do, they don't put an in-your-face dialogue box in the middle of the screen every 10 minutes. Why don't Microsoft realise that in a busy company later means much later.

This anger is compounded if Adobe decides to offer it's fixes at the same time. Not only do their patches usually need a reboot but you have to watch out for pre-ticked boxes offering to install software from a company currently run by a desperado and which you do not want or need. Ditto Oracle/Java but at least you never need a reboot...

Arrggggggh!

0
0
Anonymous Coward

Re: Arrgggh a mass rebooting session as well!

New Kernel? You need to reboot. It may not tell you to do so, but you still need to.

As for rebooting a Windows box, if you don't rollout your updates via a push mechanism and then automatically reboot, while monitoring that the machines come back up, you're doing it wrong. The level of effort in rolling out an update which requires reboot should be select the group to update, send the update, make sure that they all come back, all while sitting in the same chair.

1
0
Silver badge

Re: Arrgggh a mass rebooting session as well!

"seldom" it said !

0
0
Bronze badge
Mushroom

Re: Arrgggh a mass rebooting session as well!

Hire a competent Windows admin and all such issues will be a thing of the past....

0
2
Anonymous Coward

MS security holes will kill you only 86 times instead of a hundred this year.

wow.

I feel a lot better already.....

:-)

AC

0
0
Anonymous Coward

Re: MS security holes will kill you only 86 times instead of a hundred this year.

Have you looked at the number of vulnerabilities is a competing OS lately? Much worse than Windows all of them....

0
0

Pardon?

"Another critical update (MS12-077) tackles security bugs in Internet Explorer 9 and 10, and creates a risk of drive-by download attacks involving tricking users into visiting websites contaminated with malicious code."

Isn't there something wrong with that paragraph? The bugs, not the update, create the risk of drive-by download attacks.

By the way, Opera 12.11 has a bad bug that wants fixing. 12.12 is out very soon - release candidate is out now.

0
0
This topic is closed for new posts.

Forums