Microsoft warns of super-sized Patch Tuesday next week It's getting close to security update time in Redmond yet again, and Microsoft has given notice that Windows and Office users can expect another nice, big pile of fixes on November's Patch Tuesday. The software giant gave advance notice of no less than 16 security bulletins to be addressed on November 11, five of which have …
Microsoft is encouraging those who have disabled automatic updates to apply them promptly
Well, maybe if they didn't fuck things up with every update, then people wouldn't be disabling them!
I hate the way they handle patches - but I guess that's because I've been blessed with the knowledge of other systems, too.
Perhaps having an adequate update process isn't a selling point to the majority of people who go for Windows.
"I hate the way they handle patches - but I guess that's because I've been blessed with the knowledge of other systems, too."
The Microsoft method of scheduled updates on a known timescale (unless exploits are already in the wild) is far better than most other products with random patch release dates. I have worked with an least 12 different OSs and I can't think of one that's as good as Microsoft in the respect of regular scheduled and well tested security updates. Yes they occasionally have a bug in a patch - but its not like the OSS mess where they chuck anything out the door without proper regression testing . With Microsoft you don't get situations like the BASH mess that took no less than 4 goes to release a secure fix!
The deployment toolsets for larger scale users like WSUS and SCCM are class leaders too.
The same number of times the Chrome browser has been updated. As a matter of fact Chrome get updated in some case more than once a month.
Wasn't it the Chrome browser that set a browser [and probably an app record] for the most vulnerabilities fixed [something like 156] as well as non-security fixes [about 130] in a single update. You call that secure?
Not to be outdone, every time I open Firefox, there seems to be an update.
The Microsoft method of scheduled updates on a known timescale (unless exploits are already in the wild) is far better than most other products with random patch release dates
Better for you, perhaps. But not those of us who want our computers to work for us, and not the other way 'round. Different people have different needs - "random" (ASAP, you mean) gives people a choice, you can either apply them immediately - or sit on them for a month where you can re-schedule your urgent responsibilities into when it's more convenient for you.
It's up to you what you do, but don't inflict your practices and preferences on others, who have different priorities than yourself.
Personally, I don't want to wait weeks, and I don't want them to get in my way, nag me, cause me to run "safe mode", or interrupt my work flow. I get that crap with Windows, and that's why I hate the way they handle patches. If you love that stuff, then go knock yourself out.
I have worked with an least 12 different OSs and I can't think of one that's as good as Microsoft in the respect of regular scheduled and well tested security updates
So you've been using all versions of Windows since ~Win98, and you can't think of anything better?
not like the OSS mess where they chuck anything out the door without proper regression testing. With Microsoft you don't get situations like the BASH mess that took no less than 4 goes to release a secure fix!
The bash vulnerability was handled quite well. Majority of bash installations weren't even affected by it in the slightest. What are these "no less than 4 goes" you talk about? There were 5 similar/different bug reports, if that's what you mean. But the patches required no reboots, no crashes, just click "Install" if security updates aren't automated. So, how could MS have handled it better? Just because they're MS, or do you have any reasoning in your MS rants beyond your own vested interest?
No? then fuck off. I've been using this piece of shit since DOS, it's my right to bring out valid points about how shit the update procedure is, and one day someone might actually listen to us tossers and ... oh, look.. they're starting to. Hmm, and it's open source. tut tut.
>>I have worked with an least 12 different OSs and I can't think of one that's as good as Microsoft in the respect of regular..
Why do you need so many different OSes in the marketing department?
>>With Microsoft you don't get situations like the BASH mess that took no less than 4 goes to release a secure fix!
What's "Bash mess" would be MS' bliss (didn't rhyme unfortunately) Even when MS patch BEFORE it's out in the wild, they still get something like conficker with tens of millions of compromised servers. Speaks volumes about their perfect patching credentials. Shellshock got a correct patch within a week anyways, BTW.
>>Yes they occasionally have a bug in a patch - but its not like the OSS mess where they chuck..
Such bug might render a system unbootable without any straightforward fix, while the "OSS mess" gives an opportunity to boot to the last stable kernel in a similar situation. Remember those 12 (hundred) OSes you used to deal with?
>The Microsoft method of scheduled updates on a known timescale (unless exploits are already in the wild) is far better than most other products with random patch release dates.
With FOSS software and a git/subversion/cvs client, you can get the sources as soon as the software has been patched by the dev and compile from source if it is a 0-day ... NOTHING BEATS THAT.
Proprietary software is for numpties like you, no ifs, buts or maybes.
And save the rest of us time, effort, and money!
Not really.
I make my living from cleaning up these messes. If MS got their act together, I'd be out of a job!
Glad they're doing this just before Christmas. Hate the slump in work we get this time of year.. Hey MS, do us a favour and have an even bigger round next month, please? I could use another pile of broken Windows boxes to get me a Chrissy Bonus!
I suspect most of the posters so far have not actually gone and read the MS notice yet.
Having done so I'll be turning off auto update today and scheduling all day Wed/Thu for client visits.
no less than 6x "restart required". with any luck some of those might be parallel installs.
Why would you call this patch a "supersized"? How much would a user have to eventually download?
Apart from the configuration files, 'patch' in this situation (and when applied to MS Windows in general) is quite a misnomer, since it apps don't receive a patch in the source code by applying the diffs and then get (re)built all anew, it's rather an update when the affected binaries get replaced on the system. Unless MS came up with some super-innovative, theoretical unlikely binary patching technique...
Been at it since DOS days and it hasn't got anymore exciting, or interesting except for those couple of occassions where automatic updates bricked some poor fuckers machines. Windows updates, MAC updates, Linux updates, they've got to be done as what IBM call a "steady state", others call a Swiss cheese that hasn't matured yet.
It doesn't surprise me that humans cannot make an operating system that is absolutely flawless. What does surprise me is the eagerness of some manufacturers to push fundamentally flawed products onto unsuspecting, none computer science, end users. But the biggest surprise is hearing the spouting of bollox that some people resort to when defending their favourite Operating System, of any flavour. Are these people really that fucking stupid that they'll disregard basic fuckups in the product and the multiple work arounds that using the product requires them to perform ?
Sorry folks, but as far as I am concerned, this IT business is comparable to the situation way back in the old Model T days of motor cars because we are new at it and still trying to improve on last seasons models. So we still have to get out and get under the hood on a frequent basis, or find a nice man who can. The equivalent of seat belts for the passengers and driver, safety glass, a surround sound system and a shiney set of rims are but the fantasy of a 62 year old geek that'll likely run out of road before I can relax and actually enjoy the ride ............
I'm sorry, but you're talking crap.
We've got an OS who's vendor tries hard to prevent you from getting under the hood, yet for the majority of the time you have to get under the hood to fix the fuck ups caused by updates. If you haven't had an update fuck-up yet, then you've only just started computers last year, and unchecked "check for updates" when you installed it.
Then there is another OS who's hood is designed to be opened, gets updated several times a week while the engine is still running, and you don't even need to re-boot (apart from ~1% of updates, but that's only if you want to "use" the update).
That's what the issue is. Not having flaws in the first place (although it's sometimes fun to mock), but how they are fixed. If updates cause more harm than good, then people will turn them off - and that's not a good idea.
Can't be any worse than what MS have unleashed on it's Windows 8.0 user-base this last month or so...
Remember having to visit the MS store to download the circa 3.5GB 8.1 update?
Well MS in their wisdom have decided to force Win8. users to update, giving them effectively no warning and no way to abort, by including a couple of innocuous updates in the critical Win updates - the first released a year ago the second just recently. The effect of the second update discovering that the first update has been installed is to immediately commence the download of the 8.1 update - yep over any active network connection with no user notification. Then on completion give the user a maximum of 4 hours usage before their system is forceably updated (there is no "remind me later" option) via a reboot...
So MS expect you the user to drop whatever you are doing (it's not important), free up your diary and focus your attention on Microsoft. There is no opportunity to: Follow best practise and do a full backup (of a working system), just copy essential files to a USB drive. Ensure your system has uptodate OEM drivers etc. (you can't install them if it involves a reboot..) Once the waiting is over you hand your system over to Microsoft who then over several hours perform the magic of upgrading your system to Win8.1. If you are lucky the system will 'work' and be able to connect to a network and access the internet (not a given, particularly on a system for which the OEM doesn't list a Win8.1 compatible network driver). Because the next thing the system will do is to update Win8.1 to 8.1u1 and then 8.1u2 (another 600~800MB of downloads). If all goes well after 4~5 hours you'll have a 'working' system. Only you may not... Hyper-V isn't working (some reports indicate I need to reinstall the Bluetooth driver and probably some other drivers - another 60~150MB of downloads), all my printers aren't working (recommendation download latest drivers and reinstall - ~1GB of downloads). Given my first system was hit at 11am on Thursday (hopefully we've disabled WuP on all the other Win8.0 systems so these other systems can be updated in a more controlled and less stressful manner) and I'm still struggling to get the printers working (higher priority than Hyper-V), I suspect I might just have a working system in time for Patch Tuesday...
Given the tone of the posts in various MS and HP support forums, my problems and frustrations are not uncommon.
As an aside, I expect next months Statcounter and Netmarketshare figures to show the Win8.0 markeshare to have fallen off a cliff and Win8.1 marketshare to have received an "unexpected boost".
As a final observation, as luck would have it, the system had the latest version of Classic Shell, which survived the MS update intact, so no UI surprises!
>Sigh. Windows 8.1 is a different O/S version to Windows 8.
That may be so, however MS are forcing the update of Win 8.0 to 8.1 (and Win RT to Win RT 8.1) through the release of KB3008273 (replaces KB2973544) via WUP. The effect of this update is if you have automatic updates enabled (ie. the recommended/default setting) and have previously installed KB2871389, which was released through WUP about a year back as a critical update, is to automatically force the upgrade your system to 8.1.
NB. Once update KB3008273 or KB2973544 starts executing, there is no published method of preventing the forced upgrade from happening...
Also the update process does not create Win8.1 recovery media, so if you do a factory reset, Win 8 will be reinstalled...
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
