back to article Microsoft plans biggest ever Patch Tuesday

Microsoft plans to push out a bumper crop of 16 bulletins - four critical - as part of the October edition of Patch Tuesday next week. The updates represent Microsoft's largest ever Patch Tuesday. The patches will collectively grapple with 49 vulnerabilities. The four critical bulletins impact all supported versions of Windows …

COMMENTS

This topic is closed for new posts.
  1. Elmer Phud Silver badge
    WTF?

    Updates

    And this is the company that recently slagged off its users for not having enough security?

    And how is it that there isn't enough security with Windows so we have to go elswhere to find adequate protection?

    1. copsewood
      Linux

      get used to it

      I've just applied the openssl updates on my Ubuntu workstation. A popup window, a description of the problem, and a password prompt because I had to authorise the fix before it applied. No reboot needed on this one, as it wasn't a kernel update so I just kept on working. Come to think about it it's a month or so since I did reboot it.

      Any useful desktop operating system contains so many million lines of code (MLOC) that at any given time some of these will be risky, and the rate of discovery of faults and fixes in these seems to increase in proportion to the MLOC count. Alas a proportion of these faults will be zero day vulnerabilities which are not widely known about or patched yet, but your computer is vulnerable to a much greater number of attackers the longer you delay patching after these faults are discovered and published and fixes made available.

      So go elsewhere by all means as I have, and you may find things less bad as I have, but don't expect to find perfection elsewhere because you won't, and whichever system you use you do need to keep up with the patches. But you are likely to find things better than what you are used to. Much of the trouble on the Net comes from compromised computers belonging to people using cracked and unlicensed versions of Windows, for which Microsoft has no obligation or incentive to provide patches and updates. That and the fact that most Windows users need to obtain software from 3rd party sites to get basic stuff done, where there is no integrated supply-chain quality-assurance and integrity verification of the kind you get with an open-source/free software Linux distribution repository and package management system.

      1. Anonymous Coward
        Anonymous Coward

        Re: get used to it

        "I've just applied the openssl updates on my Ubuntu workstation. A popup window, a description of the problem, and a password prompt because I had to authorise the fix before it applied. No reboot needed on this one, as it wasn't a kernel update so I just kept on working. Come to think about it it's a month or so since I did reboot it."

        This comment is interesting to me because I received the same prompt to update openssl, yet after installing it Ubuntu asked for a reboot. Should I have ignored this request? If so, I have to say this kind of behaviour is not very helpful for someone unfamiliar with Linux.

        Incidentally, it's the second time *this month* I've installed Ubuntu updates that have requested a reboot.

        1. copsewood
          Linux

          @ac Monday 11th October 2010 08:15 GMT

          "Incidentally, it's the second time *this month* I've installed Ubuntu updates that have requested a reboot"

          We are likely to be on different Ubuntu versions or variants running different kernels. The openssl bugs would have applied across various security-supported versions, and these of themselves shouldn't require a reboot. But maybe your kernel updated as well at the same time and mine didn't. You'll probably find that Ubuntu needs to reboot fewer times than Windows for automated security related patches. Also depending upon the kernel problems fixed, the extent to which you understand these and your relative degree of firewalling and the services you are running and providing, not all kernel updates require an immediate reboot. But if you don't understand what a kernel fix was for, you are better off rebooting than not when the update system suggests this course of action. If you daily shutdown and restart your system there is probably no need to worry about this, as your kernel patches will be effective within 24 hours anyway.

      2. SirTainleyBarking
        Pint

        The title is required, and must contain letters and/or digits

        It might be more worthwhile if Microsoft did, as a public service, release security updates to all. That way compromised botnets could be reduced as vulnerabilities are patched. Think of it as vaccination to improve herd immunity.

        Trouble is its a bit of an arms race out there, so ultimately all bets are off

  2. Anonymous Coward
    Anonymous Coward

    How many?

    And here's me with a broken WSUS. Ah, well each workstation manually then it must be.

    Better patched than not patched.

    1. DannyAston

      Depends

      Have these been tested before you have rolled them out?

    2. Anonymous Coward
      Gates Halo

      Try...

      downloading update installers from microsoft, writing a simple batch script running these in quiet unattended mode logging successes/failures to a text file, using psexec to run it on all computers and then perhaps manually updating those where your log file indicates any failures. Should be quicker if you got more than 5-6 computers to update.

      1. Anonymous Coward
        Anonymous Coward

        Be quicker

        For me to get WSUS fixed than to learn and implement what you just described.

  3. Bod

    Non-story

    I recall many occasions where a batch of Fedora updates would run into that number or more, most of which were security related.

    Big deal.

    1. Bilgepipe
      Gates Horns

      Yes, Big Deal

      The entire world isn't locked into running on Fedora.

      1. Penguin herder
        Linux

        Locked?

        "The entire world isn't locked into running on Fedora."

        I'm not saying that freedom is easy, but it is available.

      2. Chemist

        Re : Yes, Big Deal →

        Neither am I, I must point out - I use SUSE

  4. This post has been deleted by its author

  5. Tom 13
    Coat

    It sure is a good thing we've moved past Windows XP

    and onto The Most Secure Windows Ever! (TM)

  6. Anonymous Coward
    Anonymous Coward

    I thought Microsoft wanted

    everyone to move on from IE6 and weren't supporting it any more so why the patch?

  7. Anonymous Coward
    Anonymous Coward

    Whoopie shit

    I don't care how many patches are to be released or what OS everyone runs, I just appreciate the fact software can never be perfect and value the effort MS etc go to in providing us with the ongoing support and patches. Thanks, bye.

  8. Marty
    Unhappy

    ugh, not again....

    Dear El Reg....

    Next time you post a story regarding Microsoft (tm) windows (tm) updates, do you think it would be possible to copy and paste the comments from previous stories regarding Microsoft (tm) windows (tm) updates to save everyone the effort of posting the exact same posts time and time again.

    Its getting silly now...

    yes, windows gets a new batch of updates....

  9. Terry Kiely
    Unhappy

    re: Whoopie shit

    "I just appreciate the fact software can never be perfect and value the effort MS etc go to in providing us with the ongoing support and patches. Thanks,"

    I just ran software update on a customers Mac mini and really appreciate the effort Apple went to in providing the 900Mb update that has left the machine unable to boot!!!!!!!!!!!!!!!!!!!!!!!!

    /sarcasm, no offence to OP

    1. Anonymous Coward
      Happy

      re: Whoopie shit → #

      "I just appreciate the fact software can never be perfect and value the effort MS etc go to in providing us with the ongoing support and patches. Thanks,"

      I just ran software update on a customers Mac mini and really appreciate the effort Apple went to in providing the 900Mb update that has left both my machines working perfectly.

      /sarcasm, no offence to OP

    2. John I'm only dancing
      FAIL

      Just goes to show

      You don't have much experience with a mac....900mb update. Never encountered one that size so what exactly were you updating.

      The largest combo updater I've encountered on OSX was less than half that size. I bet your customer has never, repaired permissions, which do change through everyday use.

      As any fool knows, don't use software update to update software. Manually dl and install locally, making sure you have a bootable back up, just in case. IT!!

  10. dreamingspire
    Alert

    What was it this week, then?

    XP has had some patches this week (2 for one system here, 3 for another). Can anyone enlighten me about those?

  11. dervheid
    Linux

    Windows including Windows 7 and 2008R2.

    So, are Microstuffed themselves now trying to gloss over the turd that was 'Vista' by referring to it as"2008R2"

    Almost as big a joke as one of the world's biggest petrochemical companies opting for Vista globally.

    Mind you, up until this, they were still using NT/2000...

    1. Brassic Lint
      IT Angle

      RE: Windows including Windows 7 and 2008R2.

      I think by 2008R2 they are referring to SERVER 2008R2.......

    2. Geoff Campbell
      FAIL

      No, they aren't

      2008R2 is shorthand for Windows Server 2008R2 (Release 2, presumably, but I CBF to check).

      Which, as I understand the roadmap, is the server version of Windows 7. Although the server version of Vista, Server 2008, was pretty good anyway, as the real cock-up in Vista was the front end, not the kernel, as such.

      GJC

  12. UBfusion
    Unhappy

    If only patches worked...

    Do you know if any of those 49 vulns is .Net related? In my box the number of pending .NET updates from v2.0 to v4.0 that can't install properly is constantly increasing - presently there are 10 (ten!) of them in the list... I did spend one full day reading authoritative MS forums and trying various magic solutions to no avail. In the beginning I thought this must be MS's way to convince me I need to move on from XP, but from what I've read the issue gracefully plagues all versions of Windows. Since there are only a handful of .NET apps available and I'm not running any of them, I don't intend spending more time to address the issue until I migrate to Windows 8 in 2013 (provided I survive the 2012 doom). Fortunately, until then MS will surely stop issuing patches for XP and then I'll feel safe at last...

    1. Nick Ryan Silver badge

      Re: If only patches worked...

      Ah, that'll be the magic of .net. 7 different versions, all DLL hell on overload.

      To fix, largely ignore MS's KB articles about small in place tweaks and uninstall the lot. Reboot. Install them again from fresh (new download versions). That should fix the .not mess for a bit until the next screw themselves up.

      1. Tom 13

        Better yet,

        since he said he wasn't using any of them, just uninstall them all and leave them off until he does need one, then install only that one which is needed.

    2. Little_Crow

      Worth a go

      We had a similar problem, in our case the culprit was KB976569, had to remove this from all machines via scripts, because WSUS can't uninstall it.

  13. Anonymous Coward
    FAIL

    Billy G. Making Fun Of You

    Mr Bill did some enormous talk about a so-called "Security Development Lifecycle" in 2006. You have to admit then man does indeed have some humor. Especially when MS recently had to fix holes which were present already in Windows 3.1, ca 1994 or so. Or their various crypto snafus like the latest with the unprotected cookie.

    Read on you own:

    http://www.microsoft.com/presspass/exec/billg/speeches/2006/02-14RSA06.mspx

    Engineering for Security

    BILL GATES: Well, now let's talk about progress in the second area, engineering for security. I mentioned an overall process that we've created, working with others, called the Security Development Lifecycle, and that's exactly this idea of going through, thinking about the threat models, understanding what code to run at what privilege level. Some of this involves the creation of new tools, tools that do extremely deep static analysis of our code, and for the first time we're actually able to prove properties of the code, understand does it ever get into certain states or not, and if it does, be able to show exactly the path that would create those states.

    A lot of this is really going to the developers, getting them to write the security architecture as one of the very first things they do. We've documented this and we're sharing that, lots of good feedback, and active community involvement, so you can scope it so it works for projects of different types. Obviously, the ones we do are very large scale, but these principles actually can be applied even for doing simple Web sites, simple applications, it's still very, very important.

    We have the tools built in to the Visual Studio compiler. These are the tools that we built ourselves to do these analyses, and so, for example, catching a memory overrun or looking at an API, we're actually not passing in the right kind of information, those will get flagged, and these tools run fast enough that you don't wait and have it be part of some fancy build process, literally this runs on every developers workstation before they can do any code check in. So making that quick, getting it upfront, we've found that that works extremely well.

  14. Anonymous Coward
    Thumb Down

    Bah Humbug.

    Haaaa Big Knobs from Microsoft saying PEOPLE USING THEIR SOFTWARE, their pox infested software, their buggy, easy to hack, insecure, their technological "dumbarse" software... should be blocked if their FUNDAMENTALLY INSECURE Microsoft Operating system is hacked and or infested; and they should be licensed to use the web.

    Prompting the next question: "By Whom?", Become a Microsoft Certified Web User - after paying a heap to Microsoft - to sit their shitty tests, for their shitty software.

    More trips to the psych ward for overdosing on corporate moron bullshit?

    No thanks.

    OK. I confess - Microsoft gave me every good reason I needed to move to Linux, and Linux gave me every reason I needed to keep using it.

    Microsofts patches are essentially worthless.

  15. Doug Glass
    Go

    Just be happy ...

    ... they don't make you pay for the damn things.

    1. Geoff Campbell
      FAIL

      Good greief, how could I have been so shortsighted? You have made the scales fall from my eyes!

      Not really, just joking. Windows works perfectly for me, and thus I shall continue to use and support it. Thanks for your input, though.

      GJC

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019