Microsoft: No patches this month

By Julio Franco
Dec 10, 2003
  1. Microsoft announced on Tuesday that no security patches would be forthcoming this month.

    While several new flaws have been announced by researchers, Microsoft said that it is still investigating the issues and doesn't have a patch prepared for December.

    Read more: CNet News.
  2. Nodsu

    Nodsu TS Rookie Posts: 5,837   +6

    So, which is better, a quick (quick as in Microsoft quick) patch that maybe works on only some systems or a late patch that works 100% you apply after a clean install because some script kiddie nuked your HD while MS was polishing their wormhole plugs?

    i still haven't fixed my XP on my work machine after KB828035 crippled it :(
  3. MrGaribaldi

    MrGaribaldi TechSpot Ambassador Posts: 2,512


    Guess we'll just have to hope that we've got adequate firewalls & such in place, and that noone are very interested in cracking our box...

    Status Quo in other words....

    On a different note, how does this relate to MS making security top priority? Doesn't this just send a message to crackers that December is the month to exploit machines, since it will not be any patches coming soon?

    [EDIT] it would seem vB doesn't like me inserting links manually... Should work now though..[/EDIT]
  4. NoisySilence

    NoisySilence TS Rookie Posts: 98

    Has MS & Virus writers declared a truce for Christmas ?
  5. Nodsu

    Nodsu TS Rookie Posts: 5,837   +6

    More like MS is on a strategic retreat hoping that if they run away fast enough the bad guys aren't quick enough to come and fill the gap.
  6. poertner_1274

    poertner_1274 secroF laicepS topShceT Posts: 4,172

    Are they just waiting to put all these new fixes in SP2?
  7. Sgt. Bilbo

    Sgt. Bilbo TS Rookie

    If more product flaws are discovered during the holiday season, what about the customers who are going to be affected? Is MS just going to leave them hanging until next year? Somehow, irritating your customer base doesn't work very well...just look at the RIAA
  8. poertner_1274

    poertner_1274 secroF laicepS topShceT Posts: 4,172

    Well there is the other side of that to think about. M$ can pretty much do whatever they want and peopl will still support them because 90% of the population who uses computers, has no idea how to use Linux, or any other OS out there. Even if M$ pisses people off they will still buy their products because it is pretty much the only choice.
  9. StormBringer

    StormBringer TS Rookie Posts: 2,244

    While I will agree that MS does play pretty dirty, and they seem to slack off when patching things up, they also are not near as bad as most of you seem to believe they are. As long as MS continues to build an OS that is able to communicate on a network, it will continue to have holes that need to be filled, most of these things weren't even holes till someone decided to figure out a malicious use for it. This would apply to any OS that is used by the majority of the population, just imagine what all would be found in other OSes if they were as widely used as Windows is.
    I also believe that a bit of common sense on the part of the user is the best prevention to most of these security holes, as MR. G said.
  10. SNGX1275

    SNGX1275 TS Forces Special Posts: 10,689   +395

    I'm not sure the logic behind announcing that you are not going to release any updates or security patches for "x" amount of time. I hope that antivirus companies keep being vigilant in releasing new virus definations because that may be the only thing to protect us if there is another big exploit or virus like Blaster.
  11. ---agissi---

    ---agissi--- TechSpot Paladin Posts: 1,977   +15

    I agee, however Microsoft does seem to have a new patch every week :rolleyes:

    Without a doubt, however Im wondering how long its going to be until Microsoft make AV software standard to come with windows. That would be kinda cool and handy [convinent should I say], however at the same time its like MS is just taking another step to domination.
  12. Nodsu

    Nodsu TS Rookie Posts: 5,837   +6

    Considering the quality of other "handy" things MS packages with windows, that AV would to more harm than good.

    BTW MS used to ship an AV (licensed from McAfee I think) with DOS 6 and later. That was a failure too.. Way too infrequent updates, outdated scanning engine etc.
  13. MrGaribaldi

    MrGaribaldi TechSpot Ambassador Posts: 2,512

    You beat me to it...
    From what I recall the problem was the the database was outdated by the shipping date, and you had to buy a subscription to update it...

    And since it never told you it was outdated (unlike AV's of today which tell you that it's outdated 2 secs after you've updated it, or so it seems) people didn't notice...
    They stopped with it around W95 OSR2 iirc...

    But if they gave away one which updated itself on a weekly basis, things might be different...

    Storm, yes, common sense is the best protection available... Too bad it seems to be in too short supply for most computer users...
    (Just can't resist this quote)

    But you also bring up a very valid point about how any OS that is able to connect to another machine over a network is susceptible to attacks, no matter who created it... Just look at all the new virii attacking *nix lately..
  14. lolifedro

    lolifedro TS Rookie

    I think microsoft should hurry up and fix all these security problems.In the last few months ive noticed how bad all this spyware adaware and viruses are ruining peoples operating systems. Ive had 4 friends that just had to format becuase of all this stuff. Even on my computer i have to check daily and im using a firewall. Even with all the security updates micrsoft puts out it doesnt seem to help.:blackeye:
  15. StormBringer

    StormBringer TS Rookie Posts: 2,244

    I hope youy aren't blaming MS for those problems.
    Virii and spyware is not something they can control. The holes that become exploited by some of those things is the only thing MS has an obligation to fix. Beyond that, it is the user's responsibility to use precautions to avoid infestation. This includes(but is not limited to) the use of firewall, properly updated AV software, Spyware removal software(spybot and adaware) as well as a little common sense.
  16. Justin

    Justin TS Rookie Posts: 942

    Most security exploits in all desktop operating systems, from XP to 2000 to Linux to MacOS, can be completely prevented via the use of a properly configured hardware firewall. It is our desire for convienance that leads to a lax in security; a $50 investment can protect a slew of PCs in a far superior method than a software patch.

    Consider the roots of these operating systems as well. Linux, mimicing UNIX, was designed with security and networking in mind in a multi-user environment. Windows was designed for a single user using no network or closed network.

    I agree with StormBringer in that it is primarily up to the user to protect their system and keep themselves up to date.

    I think, however, when it comes to updating, Microsoft is on-par with other operating systems. Think RedHats security update or package update management, think Gentoos emerge, think Windows Automatic Updates. It could be a lot worse. (But then again, it could be a lot better!)
  17. Supra

    Supra TS Enthusiast Posts: 190

    Microsoft lied, they just released a new patch

    Security Update for Windows XP (KB810217)
    Download size: 1.4 MB, < 1 minute
    A security issue has been identified in FrontPage Server Extensions. This vulnerability could allow an attacker to run code of their choice on your system. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to restart your computer. Once you have installed this item, it cannot be removed.
  18. poertner_1274

    poertner_1274 secroF laicepS topShceT Posts: 4,172

    That might have been one that was in the works before December rolled around, and they finally finished it and decided to get it out. I kinda figured they would still release some things.

    Also, as it has been said before as much as people rag on M$, it will continue to have problems because unexperienced users ONLY use M$, and if something happens to their system chances are they won't know what to do to fix it, so they are just permanently exploited.

    Knowledge is the power you need to prevent.
  19. StormBringer

    StormBringer TS Rookie Posts: 2,244

    That may be the same security update that I got last week. I'd have to look to be sure, but I have this machine set to check once a week for updates, last week it found one.

    EDIT: This should shed some light on things

  20. MrGaribaldi

    MrGaribaldi TechSpot Ambassador Posts: 2,512

    Well, after reading that piece, it no longer seems so strange the MS decided not to release any new pathces in December...

    That they're moving towards a fixed schedule with monthly fixes will make it much easier for most of us to keep our systems (mostly) up-to-date...

    Granted, there will be periods where there are known flaws that might affect your system, but now you'll know when the patch is going to be released, instead of signing up to a mailinglist to know when the new patch is going to be released...
  21. poertner_1274

    poertner_1274 secroF laicepS topShceT Posts: 4,172

    That would be much easier for someone to check. Instead of making it a daily or weekly habit, they can simply go back and check the site on the 12th and 25th (for example) of every month to check for updates.
    I think this will make things a little easier, but as Mr. G said it could leave your system vulnerable for a short period of time before they released it.
    I would imagine that if something big were to happen like the Blaster they would release an immediate fix. At least that is my thoughts.
  22. agrav8r

    agrav8r TS Rookie Posts: 103

    If everyone checks on say the 12th won't that be similar to a DOS attack:blackeye: everyone beating down the door to get the patch at the same time? After the last run of viruses( virii, virus) everyone is more aware of windows update and thus less bandwidth for all. maybe they have enough servers after the last issue, but i doubt it. just my $.02
  23. poertner_1274

    poertner_1274 secroF laicepS topShceT Posts: 4,172

    Good point, but I"m sure if they are planning on doing this sort of thing, it is soemthing they have thought of.....or maybe not :)

    But at any rate it will only take 1 time when all their servers go down to realize it is time to either expand their server setup or change their current setup of releasing on the same day each consecutive month.
  24. Krugger

    Krugger TS Rookie Posts: 173

    i hope they reconsider and release a patch for that URL display vulnerability in url's with that square character... that could get exploited severly and quickly.
  25. Nodsu

    Nodsu TS Rookie Posts: 5,837   +6

    Since it partially affects Mozilla too, MS could get sweet revenge if they actually beat the OS community to it (when hell freezes over).
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...