back to article All aboard the patch wagon! Next stop: Microsoft, Adobe, Mozilla

Today, right on schedule, Microsoft's monthly security patch bandwagon rolled into town with updates for Internet Explorer, Office and Windows - with Adobe bringing up the rear. This latest instalment of Patch Tuesday addresses 33 bugs in a range of Redmond software, as revealed late last week. The flaws have been grouped into …

COMMENTS

This topic is closed for new posts.
  1. SteveB299

    Hours of fun

    Oh, the joy of it all !!

    Windows Update, Firefox, Thunderbird, Quicktime, Kaspersky, Malwarebytes, SuperAntiSpyware, (DivX on my old Vista laptop), graphics drivers, rapid storage technology drivers, Adobe Flash. Then defrag, virus check.

    3 computers, goodbye afternoon and evening.

  2. BillG
    WTF?

    Reminds me of someone...

    I dunno, with all the security vulnerabilities Firefox needs fixed every month, more and more they look like Internet Explorer - every month they fix some gaping security hole, and every month the fix creates a brand new hole.

    I re-purpose older laptops by installing Firefox 3.2.28. Fastest browser I know and still very safe.

    1. Charlie Clark Silver badge
      Thumb Down

      Re: Reminds me of someone...

      Pretty much all the browsers often need security fixes but Firefox 21 is a feature release. Chrome gets silent updates an IE gets patched because someone made it essential for core parts of the OS without putting it in a sandbox.

      I can understand people wanting to avoid feature releases which is why there are the LTS builds which only get security updates. 17.0.6 is current.

      3.2.x might be faster depending on available memory but how do you know if it's safe? It's not supported by anyone.

      1. BillG

        Re: Reminds me of someone...

        3.2.x might be faster depending on available memory but how do you know if it's safe? It's not supported by anyone.

        I don't know what you mean by "It's not supported by anyone". No one needs help using the browser. There are plenty of plugins available & compatible for 3.2.28, and all websites work with it, although the AOL website nags you to update Firefox.

        I know Firefox 3.2.28 is safe because I ran a contest on an IT forum earlier this year, I offered to send via PayPal $100 to anyone that could show me a website that would infect a WinXP SP3 PC through the Firefox 3.2.28 browser but NOT infect the same PC with Firefox 18. It was a pretty lively discussion. Nobody won.

        1. eulampios

          Re: Reminds me of someone...

          You might need to move to more secure OS than WinXP if you are concerned, even Vista was a step forward. Yet GNU/Linux (or *BSD) + MAC tweaking would be almost rock solid.

          Look what Mozilla is fixing now, it's more proactive work than patching for already exploitable wholes. BTW, pwn2own really had shown that it takes 24 hours for Mozilla and Google to do what Microsoft have taken 2 whole months.

          1. eulampios

            Re: Reminds me of someone...

            s/wholes/holes/

          2. Anonymous Coward
            Anonymous Coward

            Re: Reminds me of someone...

            It may take Google / Mozilla less time to release a patch than MS, but you're not necessarily comparing like with like. MS release patches every Patch Tuesday, this is what the overwhelming majority of their customers want. MS test their patches against a whole load more software combinations than Google/Mozilla. We don't know that the complexity of the code fix is the same and we don't know if the code supplied to the end user is of the same quality, or if it will need to be re-visited several times to fix the fix.

        2. Charlie Clark Silver badge

          Re: Reminds me of someone...

          I know Firefox 3.2.28 is safe because I ran a contest on an IT forum earlier this year,

          Wow, I like your style!

          Alternatively you could check the release notes for subsequent versions and write some test cases.

          Can we have a King Canute icon?

  3. Refugee from Windows
    Facepalm

    Ah yes

    Another evening whittled away doing updates, at least it's not warm and sunny. I wouldn't mind all these updates, but if they didn't come all at once like no 72 buses.

    If only they had some way of managing the updates. Wait a minute, there's a penguin pecking at my ankle.......

    1. Irongut

      Re: Ah yes

      Oh yeah all evening. It took me 5 minutes to patch both my Windows 7 boxes at home last night.

      Oh woe how my evening was wasted.

      1. SteveB299
        Thumb Down

        Re: Ah yes

        You obviously didn't bother to dig around in the options menu in Firefox to see what was new. Or check Flash hadn't allowed peer assisted crapo again once the new version installed. Or defrag any mechanical HDDs. Or virus check after all was updated to make sure nothing nasty had been slipped through (DivX update wanted 4 programs to have access through my firewall).

        If you just blindly click 'ok' and trust, then it's only 5mins work.

    2. Irongut

      Re: Wait a minute, there's a penguin pecking at my ankle.......

      Ah yes I had to update her indoors' Fedora netbook last night too. 303 updates!

      Now that one took it's time.

  4. Colin Miller

    Eadon, Eadon, where are you?

    1. Refugee from Windows
      Pint

      At least I've only 3 Windows machines to deal with, all the rest seem to manage this one their own ;)

      It'll mean I get a pint off the lass for sorting the nag screens out for the updates anyway.

      1. FlamingCanuck
        Boffin

        Update on shutdown, go to bed.

        Start machine next day, done. :)

    2. Tom Maddox Silver badge
      Joke

      You have to say his name *three* times!

  5. BigAndos

    Adobe Reader

    It staggers me how many security holes pop up in Adobe Reader. It has one function: Display PDFs on the screen and maybe print them if you want to. If Adobe stripped away all the bloat they surround it with then would most of those disappear?

    (PS - I know alternatives like Foxit exist. If only my company's IT department would let us install them...)

    1. Steve Davies 3 Silver badge
      Boffin

      Foxit in a corporate enviroment

      http://www.portablefreeware.com/?id=1041

      There you go. Plenty of other Corportate Lockdown beating apps there.

    2. eulampios
      Linux

      Re: Adobe Reader

      Display PDFs on the screen and maybe print them if you want to. If Adobe stripped away all the bloat they surround it with then would most of those disappear?

      Exactly, however Adobe might be just particularly good at bad code.

      I know alternatives like Foxit exist.

      In the world without Windows...errr I mean without walls :-) there are quite a few of those. kpdf, xpdf, ocular, evince/atril, even gv. (Emacs can do it inside X , I don't use it for pdf viewing though.) They all seem to be much lighter and are capable of rendering more formats than A. Reader is. Say evince/atril support pdf,dvi,ps,djvu and more.

    3. Sandtitz Silver badge
      Meh

      Re: Adobe Reader

      Foxit Reader has one function: Display PDFs on the screen and maybe print them if you want to.

      Even this (allegedly) bloat free software had a critical vuln couple of months ago.

      Being alternative doesn't necessarily equal better.

      1. Anonymous Coward
        Anonymous Coward

        Re: Adobe Reader

        "Even this (allegedly) bloat free software had a critical vuln couple of months ago."

        Still doing a lot better than Adobe's steaming pile of e-excrement.

        The strangest thing is why lazy corporate IT managers tolerate Adobe Reader. Week after fucking week my machine is brought to a crawl by "essential" Adobe security updates. And every so often we still get spanked by one of the unfixed vulns. In fact, corporate IT managers seem to have a love with shitty, insecure software. My work machine runs XP, an obsolete version of IE, Adobe, and God knows what other dysfunctional, CPU hogging crapware.

        If you work in corporate IT, I'd just like to offer you this hint: I hate you. In fact everybody hates you. Apart from hackers.

        1. Kevin 6

          Re: Adobe Reader

          If you work in corporate IT, I'd just like to offer you this hint: I hate you. In fact everybody hates you. Apart from hackers.

          As someone who used to work in corporate IT, and was put in charge of making an image before I would like to say don't blame the IT person who made the image. Here's a little story on why images act like crap, and its not the IT techs fault.

          When I was tasked with making an image I made one that booted very fast(under 30 seconds, and this was over 9 years ago), and honestly was extremely responsive, but the IT director forced me to install a pile of garbage most of which no one even used anymore. After I installed what the director wanted the boot time of the computer went from 30 seconds to 4+ minutes... Responsiveness also plummeted to behaving like I was trying to run windows 95 on a 386sx with 4 gigs of ram (which btw was possible as I did it for fun).

          After that I was the one that had to deal with all the complaints about how unresponsive the systems were, and how they ran like crap cause hey I made the image, and it was my fault not the person in charge who forced changes. I then went and made another clean image not showing it to the director this time, and installed the bare minimum, and only installed what users needed by department, not the typical full of crap for every department image.

          I ended up making the users happy, but in the end got written up months down the line when a tech went and reported it to be a dick as he saw some things were missing from one of the pc's as the user couldn't figure out how to turn it on, and reported that it was broken.

          For the record the IT director refused to use the default image cause he hated how slow it was...

          1. Anonymous Coward
            Anonymous Coward

            Re: Adobe Reader @Kevin 6 20:51

            "I ended up making the users happy, but in the end got written up months down the line when a tech went and reported it to be a dick as he saw some things were missing from one of the pc's as the user couldn't figure out how to turn it on, and reported that it was broken."

            So you installed a non-standard image behind your own department's backs. How the hell did you think they'd react when they found out? If X is supposed to be there and it isn't, then reporting that fact isn't being a dick - it's trying to fix a problem. If there are standard builds a deviation from that standard is the first suspect. In a corporate environment it's easy to make yourself look better than others by ignoring the rules, but as far as I'm concerned you shot yourself in the foot at the same time as stabbing your team in the back. As for the IT director - well, RHIP, after all.

          2. Allonymous Coward

            Re: Adobe Reader

            > 386sx with 4 gigs of ram

            Holy crap. I want the PC you had 9yrs ago.

      2. Anonymous Coward
        Anonymous Coward

        Re: Adobe Reader

        "Foxit Reader has one function"

        Actually, that is not correct. Most importantly to me, it can save bookmarks inside the .pdf. Also, you can draw, annotate, export, and a few other things I never use, but I do use bookmarks a lot.

        If anyone knows of a Linux reader that can save bookmarks into the .pdf, please list it. I've been running an older version of foxit through wine for some time now being the newer versions don't run properly, but I'm only doing that because the bookmarks save directly into the .pdf. Okular, which I like the most doesn't do this.

    4. Mint Sauce
      Unhappy

      Re: Adobe Reader

      As far as I can tell FoxIt is rapidly turning into a bloated mess also :-( The last straw was upgrading to the latest version recently to discover that they've removed the ability to stop PDFs opening in a browser. [I have to use a mix of IE and other browsers]. Irrationally or otherwise I truly hate opening PDFs in the browser and always use a separate app.. Also I was getting fed up of re-turning off Javascript etc every time I updated it. As mentioned above - it's just frikkin PDF display software that I want - display, zoom, print. That's It. Oh, and not be a 30+Mb download and a monster memory hog too.. Too much to ask it seems.

      Bye Bye FoxIt, it's been fun ;-(

      1. mickey mouse the fith

        Re: Adobe Reader

        "The last straw was upgrading to the latest version recently to discover that they've removed the ability to stop PDFs opening in a browser"

        I updated mine last night, there was a tickbox to stop it opening pdf`s in a browser on the first dialog that popped up.

  6. bigfoot780
    Facepalm

    Oh no theres one other plugin with security as useful as a chocolate teapoot

    Java. Just wait for it. Java 7 u30 and Java 6 u50.

  7. Anonymous Coward
    Pint

    And it wouldn't be a security update story without…

    Classic, just classic.

  8. Herby

    Another hole, another patch...

    Life goes on.

    Same story next month. We all gripe about it, and yes in a perfect world software would be "right", but the standards of production of software (and bugs) has been set and we all obey.

    Till next time...

  9. croc
    FAIL

    Office 2007 not getting auto-updates for security patches

    At least that has been my experience. I understand not getting program updates after going into extended support, but no security updates? MS is REALLY starting to creep me out...

    1. kain preacher

      Re: Office 2007 not getting auto-updates for security patches

      I am getting security updates for Office 2007.

  10. Rukario
    Linux

    And Ubuntu 12.04

    Kernel just rev'ed to 3.2.0-43.

This topic is closed for new posts.

Other stories you might like