Microsoft: No patches this month

Status
Not open for further replies.
Julio Franco

Julio Franco

Posts: 9,099   +2,049
Staff member
Microsoft announced on Tuesday that no security patches would be forthcoming this month.

While several new flaws have been announced by researchers, Microsoft said that it is still investigating the issues and doesn't have a patch prepared for December.

Read more: CNet News.
 
So, which is better, a quick (quick as in Microsoft quick) patch that maybe works on only some systems or a late patch that works 100% you apply after a clean install because some script kiddie nuked your HD while MS was polishing their wormhole plugs?

i still haven't fixed my XP on my work machine after KB828035 crippled it :(
 
LoL...

Guess we'll just have to hope that we've got adequate firewalls & such in place, and that noone are very interested in cracking our box...

Status Quo in other words....

On a different note, how does this relate to MS making security top priority? Doesn't this just send a message to crackers that December is the month to exploit machines, since it will not be any patches coming soon?

[EDIT] it would seem vB doesn't like me inserting links manually... Should work now though..[/EDIT]
 
More like MS is on a strategic retreat hoping that if they run away fast enough the bad guys aren't quick enough to come and fill the gap.
 
If more product flaws are discovered during the holiday season, what about the customers who are going to be affected? Is MS just going to leave them hanging until next year? Somehow, irritating your customer base doesn't work very well...just look at the RIAA
 
Well there is the other side of that to think about. M$ can pretty much do whatever they want and peopl will still support them because 90% of the population who uses computers, has no idea how to use Linux, or any other OS out there. Even if M$ pisses people off they will still buy their products because it is pretty much the only choice.
 
While I will agree that MS does play pretty dirty, and they seem to slack off when patching things up, they also are not near as bad as most of you seem to believe they are. As long as MS continues to build an OS that is able to communicate on a network, it will continue to have holes that need to be filled, most of these things weren't even holes till someone decided to figure out a malicious use for it. This would apply to any OS that is used by the majority of the population, just imagine what all would be found in other OSes if they were as widely used as Windows is.
I also believe that a bit of common sense on the part of the user is the best prevention to most of these security holes, as MR. G said.
 
I'm not sure the logic behind announcing that you are not going to release any updates or security patches for "x" amount of time. I hope that antivirus companies keep being vigilant in releasing new virus definations because that may be the only thing to protect us if there is another big exploit or virus like Blaster.
 
Originally posted by SNGX1275
I'm not sure the logic behind announcing that you are not going to release any updates or security patches for "x" amount of time.
Click to expand...

I agee, however Microsoft does seem to have a new patch every week :rolleyes:

Originally posted by SNGX1275 I hope that antivirus companies keep being vigilant in releasing new virus definations because that may be the only thing to protect us if there is another big exploit or virus like Blaster.
Click to expand...

Without a doubt, however Im wondering how long its going to be until Microsoft make AV software standard to come with windows. That would be kinda cool and handy [convinent should I say], however at the same time its like MS is just taking another step to domination.
 
Considering the quality of other "handy" things MS packages with windows, that AV would to more harm than good.

BTW MS used to ship an AV (licensed from McAfee I think) with DOS 6 and later. That was a failure too.. Way too infrequent updates, outdated scanning engine etc.
 
Originally posted by Nodsu
BTW MS used to ship an AV (licensed from McAfee I think) with DOS 6 and later. That was a failure too.. Way too infrequent updates, outdated scanning engine etc.
Click to expand...

You beat me to it...
From what I recall the problem was the the database was outdated by the shipping date, and you had to buy a subscription to update it...

And since it never told you it was outdated (unlike AV's of today which tell you that it's outdated 2 secs after you've updated it, or so it seems) people didn't notice...
They stopped with it around W95 OSR2 iirc...

But if they gave away one which updated itself on a weekly basis, things might be different...

Storm, yes, common sense is the best protection available... Too bad it seems to be in too short supply for most computer users...
(Just can't resist this quote)
Over the years, I came to believe that "the personal computer revolution" is the process through which the Internet evolved from a bunch of smart people in front of dumb terminals, to a much bigger bunch of dumb people in front of smart terminals.
Click to expand...


But you also bring up a very valid point about how any OS that is able to connect to another machine over a network is susceptible to attacks, no matter who created it... Just look at all the new virii attacking *nix lately..
 
I think microsoft should hurry up and fix all these security problems.In the last few months ive noticed how bad all this spyware adaware and viruses are ruining peoples operating systems. Ive had 4 friends that just had to format becuase of all this stuff. Even on my computer i have to check daily and im using a firewall. Even with all the security updates micrsoft puts out it doesnt seem to help.:blackeye:
 
Originally posted by lolifedro
I think microsoft should hurry up and fix all these security problems.In the last few months ive noticed how bad all this spyware adaware and viruses are ruining peoples operating systems. Ive had 4 friends that just had to format becuase of all this stuff. Even on my computer i have to check daily and im using a firewall. Even with all the security updates micrsoft puts out it doesnt seem to help.:blackeye:
Click to expand...

I hope youy aren't blaming MS for those problems.
Virii and spyware is not something they can control. The holes that become exploited by some of those things is the only thing MS has an obligation to fix. Beyond that, it is the user's responsibility to use precautions to avoid infestation. This includes(but is not limited to) the use of firewall, properly updated AV software, Spyware removal software(spybot and adaware) as well as a little common sense.
 
Most security exploits in all desktop operating systems, from XP to 2000 to Linux to MacOS, can be completely prevented via the use of a properly configured hardware firewall. It is our desire for convienance that leads to a lax in security; a $50 investment can protect a slew of PCs in a far superior method than a software patch.

Consider the roots of these operating systems as well. Linux, mimicing UNIX, was designed with security and networking in mind in a multi-user environment. Windows was designed for a single user using no network or closed network.

I agree with StormBringer in that it is primarily up to the user to protect their system and keep themselves up to date.

I think, however, when it comes to updating, Microsoft is on-par with other operating systems. Think RedHats security update or package update management, think Gentoos emerge, think Windows Automatic Updates. It could be a lot worse. (But then again, it could be a lot better!)
 
Microsoft lied, they just released a new patch

Security Update for Windows XP (KB810217)
Download size: 1.4 MB, < 1 minute
A security issue has been identified in FrontPage Server Extensions. This vulnerability could allow an attacker to run code of their choice on your system. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to restart your computer. Once you have installed this item, it cannot be removed.
 
That might have been one that was in the works before December rolled around, and they finally finished it and decided to get it out. I kinda figured they would still release some things.

Also, as it has been said before as much as people rag on M$, it will continue to have problems because unexperienced users ONLY use M$, and if something happens to their system chances are they won't know what to do to fix it, so they are just permanently exploited.

Knowledge is the power you need to prevent.
 
That may be the same security update that I got last week. I'd have to look to be sure, but I have this machine set to check once a week for updates, last week it found one.

EDIT: This should shed some light on things http://news.com.com/2100-1002_3-5119098.html?tag=nefd_top

Microsoft apparently doesn't know when it plans to patch.

The company scrambled on Wednesday morning to figure out why a patch had been issued through its Windows Update service, when the software maker had declared on Tuesday that it would not issue any fixes in December.
Click to expand...
 
Well, after reading that piece, it no longer seems so strange the MS decided not to release any new pathces in December...

That they're moving towards a fixed schedule with monthly fixes will make it much easier for most of us to keep our systems (mostly) up-to-date...

Granted, there will be periods where there are known flaws that might affect your system, but now you'll know when the patch is going to be released, instead of signing up to a mailinglist to know when the new patch is going to be released...
 
That would be much easier for someone to check. Instead of making it a daily or weekly habit, they can simply go back and check the site on the 12th and 25th (for example) of every month to check for updates.
I think this will make things a little easier, but as Mr. G said it could leave your system vulnerable for a short period of time before they released it.
I would imagine that if something big were to happen like the Blaster they would release an immediate fix. At least that is my thoughts.
 
Originally posted by poertner_1274
That would be much easier for someone to check. Instead of making it a daily or weekly habit, they can simply go back and check the site on the 12th and 25th (for example) of every month to check for updates.
I think this will make things a little easier, but as Mr. G said it could leave your system vulnerable for a short period of time before they released it.
I would imagine that if something big were to happen like the Blaster they would release an immediate fix. At least that is my thoughts.
Click to expand...
If everyone checks on say the 12th won't that be similar to a DOS attack:blackeye: everyone beating down the door to get the patch at the same time? After the last run of viruses( virii, virus) everyone is more aware of windows update and thus less bandwidth for all. maybe they have enough servers after the last issue, but i doubt it. just my $.02
 
Good point, but I"m sure if they are planning on doing this sort of thing, it is soemthing they have thought of.....or maybe not :)

But at any rate it will only take 1 time when all their servers go down to realize it is time to either expand their server setup or change their current setup of releasing on the same day each consecutive month.
 
i hope they reconsider and release a patch for that URL display vulnerability in url's with that square character... that could get exploited severly and quickly.
 
Since it partially affects Mozilla too, MS could get sweet revenge if they actually beat the OS community to it (when hell freezes over).
 
Status
Not open for further replies.

Similar threads

A
Microsoft reflects on 20 years of Windows Patch Tuesday
Replies
10
Views
364
OortCloud
O
D
Microsoft's June 2023 Patch Tuesday brings critical patches for Windows, Office, SharePoint...
Replies
1
Views
470
Gars
Gars
A
Microsoft's Patch Tuesday for April 2023 closes 97 security bugs, 1 zero-day flaw
Replies
5
Views
683
Alfonso Maruccia
A

Latest posts

Back