back to article Roses are red, bugs make you blue, Patch Tuesday is late, because Microsoft loves you

IT admins hoping to get out of the office early for Valentine's Day have received some potentially welcome or heartbreaking news from Microsoft, depending on how they're set up. The Windows slinger says it will hold back its usual monthly release of software security patches while it irons out some last-minute problems with …

  1. Anonymous Coward
    Anonymous Coward

    How do you shorthand the K-hole?

    "Meanwhile, Adobe says that it will push out three updates to address dozens of CVE-listed vulnerabilities in Flash Player..."

    Don't reporters become tired of type the same thing over and over. I can't even tell if the article is new or 15 years old anymore. After all these years, it's just odd to read this all the time. Maybe they have a crontab, macro, include or something. As a reporter reporting security updates for Flash, it seems you have to buy a extended warranty for your keyboard.

    Punch cards....?

    1. Mark 85 Silver badge
      Devil

      Re: How do you shorthand the K-hole?

      I would hope they have a macro that types that for them or maybe part of the boiler plate for Patch Tuesday.

  2. Anonymous Coward
    Anonymous Coward

    Thank you for the early exit!

    Thanks, Microsofties! I have a "hot date" tonight with four lovely ladies... Rose, Dorthy, Blanch, and Sophia. :P HAHA! Golden Girls is on Hulu, you guys.

    Remember to upgrade your Flash Player to version 240,186,341.20000.69420.221122121111111911111111191111111119eleven9999999ten99999ten11

  3. Flakk

    "This is a departure from Microsoft's traditional second-Tuesday-of-the-month schedule for security updates."

    Microsoft's insistence on staying the course with their security roll-up strategy is edging toward abusive. Why could they not have released the February Roll-up without the one offending patch?

    1. RudderLessIT
      FAIL

      Wut?

      "Microsoft's insistence on staying the course with their security roll-up strategy is edging toward abusive"

      I don't get it? MS are being abusive by rolling up patches... because it... does what to you?

      "Why could they not have released the February Roll-up without the one offending patch?"

      And now you want the patch anyway?!?!

      1. Richard 12 Silver badge

        All-or-nothing means that you often get nothing.

        MS used to issue several patches each Patch Tuesday.

        Each of those patches corrected one issue, or a group of closely-related issues.

        So if one of those turned out to be bad, they'd ship all the others and only delay the bad one. (And nobody would ever know.)

        And when an IT dept discovered that one of the patches caused problems on their particular setups, they'd hold that one back (until MS fixed it) and push the rest.

        MS now put everything into one massive tangled messy ball.

        If there is a problem with any one patch, nobody gets anything at all.

    2. phuzz Silver badge
      Windows

      Because they're moving towards having one rollup update each month, containing multiple patches, they can't just postpone one patch without pulling the entire rollup.

      If they put out a buggy patch it's all "oh microsoft don't give a shit they just break everything"

      So instead they delay the patch until they're sure it works and get "bloody microsoft delaying their patches"

    3. macjules Silver badge

      Think about it.

      They only delayed it so as to suck off all the bandwidth that Mac users are going to need for MacPatchWwednesday.

  4. a_yank_lurker Silver badge

    What happened?

    Was the patch so bad it borked MS' internal installs? Inquiring minds want to know!!!! LOL

  5. Anonymous Coward
    Anonymous Coward

    Roses are red, violets are blue, the person that decided yet again to devote headlines to cheesy rhymes should be forced to go to shoreditch for a comedy night of infosec presentations.

  6. Am

    At least they caught it before it got rolled out.

    I'm not a fan of their roll-up strategy precisely because I'm nervous about something like this not getting caught before it's released.

  7. gerdesj Silver badge
    Childcatcher

    SMB o death thing

    Anyone wondering whether the SMB of death, or whatever cute name it got, is a thing? The proof of concept code released has two parts:

    "Win10" will BSOD any Windows machine that can be persuaded to browse to \\waiting.ip.address.

    The second: LSSAS can be sent to a machine and from my testing will BSOD a fully patched WinXP. I haven't tried anything else.

    I certainly have not tried the LSSAS thing against a system that nmap told me was probably WinXP and was persistently attempting AUTH against my SMTP daemon, ie a bot of some sort. That would be naughty.

  8. Carl D

    I have to pinch myself here...

    https://blogs.technet.microsoft.com/msrc/2017/02/14/february-2017-security-update-release/

    "Our top priority is to provide the best possible experience for customers in maintaining and protecting their systems."

    Wow, has Microsoft been sold and under new management or have I crossed over into the Twilight Zone?

  9. arctic_haze Silver badge
    FAIL

    Total fail

    This is how the policy of "one cumulative upgrade to bind them all" ends in a real world.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019