back to article You know the deal: October 2019. Pwned by a spreadsheet. Patch your Microsoft stuff

October brings a relatively light patch load for admins and users, thanks to Adobe's decision to sit out this month's update bonanza. Cloudy patch bundle from Microsoft For Microsoft, the Patch Tuesday update is a manageable 59 CVE-listed bugs for Windows, Edge, Office, and Azure. Among the nine critical issues patched this …

  1. DailyLlama

    No Adobe patches

    Either everything is fine and doesn't need any more fixing, or they haven't finished writing the patches...

    1. Anomalous Custard

      Re: No Adobe patches

      My money's on the latter

    2. John Brown (no body) Silver badge

      Re: No Adobe patches

      Maybe they are too busy cancelling all the user access to their cloudy offerings for their Venezuelan customers thanks to Trumps trade embargo.

      Who'd have thought a trade embargo could cut an entire country off from their paid cloud subscriptions?

      1. Jonathon Green

        Re: No Adobe patches

        That and fixing the Creative Cloud stuff so that it works on macOS Catalina...

  2. Zog_but_not_the_first Silver badge
    IT Angle

    Er....

    As older software has been patched and patched again over time isn't it getting more and more secure?

    Asking because I genuinely don't know.

    1. Zippy´s Sausage Factory

      Re: Er....

      I'm starting to wonder if the reverse is probably closer to the truth. For example, when SQL injection was first discovered, a host of sites were targetted - including the UN and Vatican Radio, IIRC - and we had clients asking why we never protected their sites against that in the first place. Simple answer was that when their site was built (back when dinosaurs ruled the earth) nobody had ever thought about that because it simply hadn't happened yet.

      Older software will be using techniques that were best practice at the time, but are now considered everywhere on the scale from possibly questionable to leakier than a boat made of Swiss cheese. The problem is that finding and fixing them is often more difficult and expensive as time goes by, because you have to preserve the functionality of the original.

      Perhaps we should start using the term "security rot" for older software as it begins to accumulate known and unknown vulnerabilities?

  3. DailyLlama

    We spoke too soon

    Just seen some updates for Adobe Flash Player; v 32.0.0.270 released today.

    1. Mark 85 Silver badge

      Re: We spoke too soon

      And here I thought, no one was using Flash anymore.

      1. DailyLlama

        Re: We spoke too soon

        I'd love to not use it anymore, but too many sites still require it...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019