back to article Vista and IE 7 to receive 'critical' fixes on Patch Tuesday

Microsoft is to issue four critical security fixes for this month's Patch Tuesday. Three of these affect either Windows Vista or Internet Explorer 7, which the software maker holds out as a paragon of its conversion to secure computing. In all, Microsoft will push six high-priority updates this Tuesday, the company announced …

COMMENTS

This topic is closed for new posts.
  1. Morely Dotes

    Embrace, Extend, Absorb, Obfusticate

    "Today's advisory is the first to implement a change Microsoft is making in the way it communicates plans for high-priority updates."

    Why do I feel as if I am watching Holly from _Red_Dwarf_ banging her head against the screen (from inside, for you Philistines who haven't seen the series) to count the updates?

  2. Anonymous Coward
    Anonymous Coward

    It's obfuscate

    Obfusticate isn't a word, and it's all too often used by developers who RTFM but miss out the glossary.

  3. Anonymous Coward
    Anonymous Coward

    "All new" Vista

    So another month goes by and another set of patches that fix identical problems in Vista and XP appears.

    As each set of such patches come out it makes Microsoft's claims that Vista was all new code and was "secure by design" look more and more like the typical MS Spin everyone else said they were.

    Has anyone asked Steve Ballmer about his statement that " it (vista) is the highest-quality, most secure and reliable Windows operating system ever, there should be no need for a service pack."

    Its not looking too secure from here

  4. Matt

    For those interested in counting...

    Before you start bitching about Vista and IE7 go count the security patches released for Firefox, OS X as Linux in the last few months.

    Its about time reporting of these things (and peoples comments) reflected the fact that the products the anti-microsoft minority (yes, you really are a tiny minority, you just have loud voices) would foist on us really don't offer anything actually any better right now.

  5. Will

    But

    Microsoft long abandoned the idea of coding Vista from the ground up...

  6. Peter F

    Perfect Software

    For crying out loud, I suppose you Steve A ALWAYS write perfect software.

    Now I know MS have set up vista to be the best windows evahhhh! but for goodness sake give them a break.

    MS have needed a shake up to make their software better but if you have ever written software you would know that you have to make updates/bugfixes/changes as the product matures.

  7. Anonymous Coward
    Anonymous Coward

    Yes it is

    http://dictionary.cambridge.org/define.asp?key=54666&dict=CALD

  8. Anonymous Coward
    Anonymous Coward

    It really isn't THAT bad...

    To Steve Atty,

    If you check your facts you would see that the patches for XP/2003 do not apply to Vista. Therefore they are not sharing the same code - excluding IE7/OE6-Mail/WMP of course ;-). NT4 had 6/7 SPs, 2000 had 4, XP has 2 - might have 3, 2003 has 2 and if things go the way they are Vista might have 1 if at all. Ballmer said Service Packs not patches/hotfixes - there is not an OS in the world that doesn't patch/hotfix.

    Click the Affected Software

    http://www.microsoft.com/technet/security/bulletin/ms07-jun.mspx

  9. Anonymous Coward
    Anonymous Coward

    No, its NOT a word

    Results

    obfusticate was not found in the Cambridge Advanced Learner's Dictionary

    Did you spell it correctly?

  10. Alan

    Title

    The points about patches always being needed in the previous are fair enough, but trying to hide the number of vulnerabilities is clearly about making things seem less bad than what they are.

    Sure Firefox needs patched too, but you've just lost the ability to compare the number of vulnerabilities found. So for Matt, in 3 months times you can't say that Firefox doesn't offer anything better, because you won't know how insecure IE has been.

  11. Anonymous Coward
    Anonymous Coward

    Patches

    Bill Gates is Rearranging the deck chairs on the Titanic.

  12. Peter Kay

    Also, it's Ballmer.

    You're not going to take what he's saying without a pinch of salt, are you?

    I'm sure he's keeping very quiet about that PR fluff statement, after realising no-one (especially businesses) will move to Vista until SP1 because it's extremely buggy, and slow.

  13. Andy Turner

    All new code?

    "As each set of such patches come out it makes Microsoft's claims that Vista was all new code"

    Where did Microsoft ever claim this?

  14. Chris Cheale

    anti-MS

    ----

    Before you start bitching about Vista and IE7 go count the security patches released for Firefox, OS X as Linux in the last few months.

    ----

    blah blah blah blah blah...

    To be honest I used to be quite vehementy anti-MS... before XP anyway. I hated the obscenely bloated software (I want a spreadsheet program to do spreadsheets not launch some pointless game thing when a certain combination of keys is pressed), I hated the easy-to-use but totally flawed "security model", the BSODs, the "overly helpful" software (don't bloody auto-correct that, it was deliberate), the way the company behaved and so on...

    However, they are getting better (in some aspects at least) - the security model has been improving since NT4/Win2k and with XP it is possible (for the most part) to run the OS in limited privileges mode and those apps that seem to require admin privileges just to run, seem to be third party. OK it could be argued that it was MS that brought us to the point where everyone runs everything in admin mode all the time - but they do seem to have been taking steps to try and bring their own house in order.

    I still think having a web browser hooked into the OS is a bad idea, and then giving it extra power (for good or ill) through ActiveX just compounds the issue. The software is still bloated (my Windows partition is 10gigs) but it does seem to run better, compare Win98 boot times to XP, and is considerably more reliable - I get very few machine hangs these days and about the only times I've had to do a hardware reset have been caused by me running beta software or playing games (and it's only _very_ rarely now).

    I still wouldn't use Windows to run a web server (FreeBSD is far better at handling multiple connections) but for a personal/business desktop OS, Windows is pretty good - it can even be reasonably securely configured - more so with Vista I gather (although I'm still an XP Pro user).

  15. Anonymous Coward
    Anonymous Coward

    Title

    Matt writes: "Before you start bitching about Vista and IE7 go count the security patches released for Firefox, OS X as Linux in the last few months."

    Of course there have been vulnerabilities in software other than Vista and IE7. Anyone who does write software with no vulnerabilities at all (and which actually does something useful) could become a very rich (wo)man very quickly.

    However, the *number* of vulnerabilities isn't the metric you should be looking at. Instead, you should be looking at the number of "vulnerable days". For each vulnerability in a piece of software, add the number of days elapsed between disclosure of the vulnerability and an effective patch. *That* is what will give you an idea of how effective a software outfit is in providing "safe" software and making sure that it remains safe.

  16. Anonymous Coward
    Anonymous Coward

    Own goal?

    I can't help but think Microsoft have scored bit of an own goal. May be they amped up the hype too much on how secure Vista is, however security updates for even the most mature software are inevitable. They should have always said that Vista will require updates just like any other bit of software. There is no doubt though that Microsoft takes security very seriously -- there has never been an outbreak of worms on the scale of Nimda or Blaster in years. Most major security problems I see these days are from malware that inexperienced users fall for.

  17. Gordon Fecyk

    "Critical" IE bugs are not critical

    I can't find any good in labelling IE bugs as "Critical" while labelling CSRSS bugs as merely "Important."

    The IE bugs deal with user-level code. You run IE as a standard user (or limited user on XP) and the bugs can't hurt the computer all that much. Meanwhile, the CSRSS bug deals with system-level code and lets limited accounts do administrative things if exploited. That to me is nastier than any bug in IE.

    Of course with too many id10ts turning off User Account Control and running as Admin just so they can make The Sims 1 work, maybe IE bugs really are "critical." But that's not Microsoft's fault.

  18. Don Mitchell

    Security

    No one writes perfect code. Microsoft has good programmers and despite what non-technical people love to say, their software is written as well as anybody's and better than most others. People who think they have a process (e.g. open source) that results in automatically secure or bug-free code are deluded.

    Windows and IE are the biggest targets for attack. Year after year, clever hackers attack these products, and Microsoft keeps fixing them and thinking about how to avoid future attacks of similar style.

    This is a process that other products like Linux and Firefox are not subjected to. In the long run, who will have the most secure and bullet-proof software?

  19. NIILL

    Vista 64 IS stable

    My Vista 64 installation ha been working away without a restart and no crashes for a couple of weeks; and this includes adding a Canon scanner and numerous storage devices.

    So not only have I got an OS that looks much better than my XP machine in the office, but one that is more stable too.

    Having worked in software sales for years, I can say without doubt that the only software that doesn't need patches/updates is from vendors who have ceased trading. Stand still and die!

  20. Haro

    Wild animations

    Your wild animations never stop, making it impossible to actually read this article. You're going the way of Yahoo, and I might have to take you off my reading list. I'm sorry.

  21. Andy Bright

    Again, we need to "upgrade" to Vista for what reason?

    Because it seems to me it's nothing more than the same old tat with a pretty face and an over sensitive copy protection system - as well as generally being out performed by every operating system on the market, including previous versions of Windows.

    Still full of holes, still a hazard to the financial well being of those that like to use the internet, still requires monthly patches and innumerable re-boots to install them (despite promises to the contrary).

    Vista is a nasty pile of shit, and you're a fool if you deliberately replace any operating system with this garbage - unless you actually enjoy having your applications slowed down and crippled by 'tilt' factors.

    Shiny things, yes my dog likes shiny things too..

  22. Anonymous Coward
    Anonymous Coward

    re: Again, we need to "upgrade" to Vista for what reason?

    You need to upgrade to Vista because M$ will start crippling Windows Xp over the automatic update syst....oh, wait, that's already happened, he says, watching as SVCHOST.EXE runs at 100%

    Vista will only be a 'reasonable' upgrade when OS prices come down, software support is increased across the board for all apps, and business machines come out the box with a high end dual [or quad] core processor and 2gb of ram for even the most basic systems.

    I had a right laugh trying to get Vista to be usable on a P4 HT with 512Mb of RAM [which stil seem to be a common choice for the financially astute [IE cheap] business user]. Run Office 2003 on that, plus AV software, and it runs about as quick as our old NT4 boxes on PIIIs....not very.

    Seems happier with 1gb and a Core2Duo, but on the same system, XP runs like shit of a shovel, is pretty much rock solid, and runs everything without a hiccup, and just feels quite slick overall.

    And is Novell/Netware officially supported on Vista yet? I would investimigate myself, but I let the Vista testing be passed onto someone else after I got bored with it...

This topic is closed for new posts.