Bumper MS patch batch spells client-side misery Microsoft issued eight updates on Tuesday - two more than expected - as part of its Patch Tuesday update cycle. Redmond classifies six of the octet as critical, while independent security watchers reckon they all make the highest security grade. Worst of the bunch is an update for ActiveX controls that affects Visual Basic 6.0 …
"it is imperative that all IT professionals pay particular attention to the critical updates and patch as quickly as business conditions permit."
Why? Seriously, why?
my servers can ignore most of these. They have no Office apps, have no internet access and the likes of activeX are disabled. So don't tell me what to do sunshine without knowing my setup!
Why does it seem like Microsoft insist on a restart for every bloody patch that comes down the tube.
Surely one could design a system whereby a service is stopped, patched, then restarted. Many other OS do it this way.
Windows 2008 was supposed to largely "eliminate unnecessary restarts", this has never and will never be realized in a MS world!
Yes, how critical are these really & how big is teh risk? I have a home PC (not the one I'm posting from) which the MS Updater would cause to hang. This was an issue specific to my mobo (& several others) and MS issued a patch for it 18 months ago, however the patch did not work for me. The effect of this is that the PC has not had a single MS update applied for approaching 3 years. No problems whatsoever so far either. My only alternative is to replace the mobo (or move away from MS); what's the cost-benefit case of this likely to be anyway?
OK, so it does run up to date AV and a firewall, & regular Adawaring, and most web browsing is using Opera, and no POP email is run on, plus I'm generally careful. No online banking either.
I somehow doubt I'm the worst offender out there either...
And linux / OSX / UNIX is any different how?
Take linux for example, if you have a new kernel, then you MUST reboot, you have no other choice.
Need to make a new initrd for a driver change -- said driver is your boot controller, well sonny Jim, you have to reboot.
GLIBC gets updated, no you don't have to reboot, but you won't be in the new environment until you do.
Yes it is ridiculous that MS require reboots for other things which are NOT in the kernel, but they are getting better. Who actually gives a shite about uptime anyway?
If you data is critical, then fail it over to another node in your cluster, coz you will have one.
Reboot that node, then patch the other.
"And linux / OSX / UNIX is any different how?"
Fundamentally, in that patches are made available when they are ready, rather than on a particular day. Not thinking too hard when you asked that question, were you?
Not sure what to make about the rest of your rant, as you admit that Windows is crap in this regard anyway.
"Why does it seem like Microsoft insist on a restart for every bloody patch that comes down the tube." - Have you ever ran it through Windows Update or Automatic Update? One reboot.
Or manually download each EXE. Run each EXE [assuming WinXP] and use /q /z as parameters. This stops any reboot with minimal interaction. I'd run in a batch file. Works with 95% of the updates. [Suppost to use the utility "qchain.exe" after the last update. Qchain can be found on the MS website.]
We have a dozen Server 2003 servers and with this way, they weren't rebooted in 6 months.
Note: Some updates require a reboot to take effect - so there is a minor risk if your network isn't secure.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
