Microsoft: No patches this month

By on December 10, 2003, 12:29 AM
Microsoft announced on Tuesday that no security patches would be forthcoming this month.

While several new flaws have been announced by researchers, Microsoft said that it is still investigating the issues and doesn't have a patch prepared for December.

Read more: [URL=http://news.com.com/2100-7355_3-5118292.html?tag=nefd_top]CNet News[/URL].




User Comments: 28

Got something to say? Post a comment
Nodsu said:
So, which is better, a quick (quick as in Microsoft quick) patch that maybe works on only some systems or a late patch that works 100% you apply after a clean install because some script kiddie nuked your HD while MS was polishing their wormhole plugs?i still haven't fixed my XP on my work machine after KB828035 crippled it :(
MrGaribaldi said:
[url=http://ars.userfriendly.org/cartoons/?id=20031210l]LoL[/
rl]...Guess we'll just have to hope that we've got adequate firewalls & such in place, and that noone are very interested in cracking [b]our[/b] box... Status Quo in other words.... On a different note, how does this relate to MS making security top priority? Doesn't this just send a message to crackers that December is [i]the month[/i] to exploit machines, since it will not be any patches coming soon?[EDIT] it would seem vB doesn't like me inserting links manually... Should work now though..[/EDIT]
NoisySilence said:
Has MS & Virus writers declared a truce for Christmas ?
Nodsu said:
More like MS is on a strategic retreat hoping that if they run away fast enough the bad guys aren't quick enough to come and fill the gap.
poertner_1274 said:
Are they just waiting to put all these new fixes in SP2?
Sgt. Bilbo said:
If more product flaws are discovered during the holiday season, what about the customers who are going to be affected? Is MS just going to leave them hanging until next year? Somehow, irritating your customer base doesn't work very well...just look at the RIAA
poertner_1274 said:
Well there is the other side of that to think about. M$ can pretty much do whatever they want and peopl will still support them because 90% of the population who uses computers, has no idea how to use Linux, or any other OS out there. Even if M$ pisses people off they will still buy their products because it is pretty much the only choice.
StormBringer said:
While I will agree that MS does play pretty dirty, and they seem to slack off when patching things up, they also are not near as bad as most of you seem to believe they are. As long as MS continues to build an OS that is able to communicate on a network, it will continue to have holes that need to be filled, most of these things weren't even holes till someone decided to figure out a malicious use for it. This would apply to any OS that is used by the majority of the population, just imagine what all would be found in other OSes if they were as widely used as Windows is. I also believe that a bit of common sense on the part of the user is the best prevention to most of these security holes, as MR. G said.
SNGX1275 said:
I'm not sure the logic behind announcing that you are not going to release any updates or security patches for "x" amount of time. I hope that antivirus companies keep being vigilant in releasing new virus definations because that may be the only thing to protect us if there is another big exploit or virus like Blaster.
---agissi--- said:
[quote][i]Originally posted by SNGX1275 [/i]I'm not sure the logic behind announcing that you are not going to release any updates or security patches for "x" amount of time. [/quote] I agee, however Microsoft does seem to have a new patch every week :rolleyes: [quote][i]Originally posted by SNGX1275 [/i]I hope that antivirus companies keep being vigilant in releasing new virus definations because that may be the only thing to protect us if there is another big exploit or virus like Blaster. [/quote] Without a doubt, however Im wondering how long its going to be until Microsoft make AV software standard to come with windows. That would be kinda cool and handy [convinent should I say], however at the same time its like MS is just taking another step to domination.
Nodsu said:
Considering the quality of other "handy" things MS packages with windows, that AV would to more harm than good.BTW MS used to ship an AV (licensed from McAfee I think) with DOS 6 and later. That was a failure too.. Way too infrequent updates, outdated scanning engine etc.
MrGaribaldi said:
[quote][i]Originally posted by Nodsu [/i]BTW MS used to ship an AV (licensed from McAfee I think) with DOS 6 and later. That was a failure too.. Way too infrequent updates, outdated scanning engine etc. [/quote] You beat me to it... From what I recall the problem was the the database was outdated by the shipping date, and you had to buy a subscription to update it...And since it never told you it was outdated (unlike AV's of today which tell you that it's outdated 2 secs after you've updated it, or so it seems) people didn't notice...They stopped with it around W95 OSR2 iirc...But if they gave away one which updated itself on a weekly basis, things might be different...Storm, yes, common sense is the best protection available... Too bad it seems to be in too short supply for most computer users...(Just can't resist this quote)[quote]Over the years, I came to believe that "the personal computer revolution" is the process through which the Internet evolved from a bunch of smart people in front of dumb terminals, to a much bigger bunch of dumb people in front of smart terminals.[/quote]But you also bring up a very valid point about how any OS that is able to connect to another machine over a network is susceptible to attacks, no matter who created it... Just look at all the new virii attacking *nix lately..
lolifedro said:
I think microsoft should hurry up and fix all these security problems.In the last few months ive noticed how bad all this spyware adaware and viruses are ruining peoples operating systems. Ive had 4 friends that just had to format becuase of all this stuff. Even on my computer i have to check daily and im using a firewall. Even with all the security updates micrsoft puts out it doesnt seem to help.:blackeye:
StormBringer said:
[quote][i]Originally posted by lolifedro [/i]I think microsoft should hurry up and fix all these security problems.In the last few months ive noticed how bad all this spyware adaware and viruses are ruining peoples operating systems. Ive had 4 friends that just had to format becuase of all this stuff. Even on my computer i have to check daily and im using a firewall. Even with all the security updates micrsoft puts out it doesnt seem to help.:blackeye: [/quote] I hope youy aren't blaming MS for those problems.Virii and spyware is not something they can control. The holes that become exploited by some of those things is the only thing MS has an obligation to fix. Beyond that, it is the user's responsibility to use precautions to avoid infestation. This includes(but is not limited to) the use of firewall, properly updated AV software, Spyware removal software(spybot and adaware) as well as a little common sense.
Soul Harvester said:
Most security exploits in all desktop operating systems, from XP to 2000 to Linux to MacOS, can be completely prevented via the use of a properly configured hardware firewall. It is our desire for convienance that leads to a lax in security; a $50 investment can protect a slew of PCs in a far superior method than a software patch.Consider the roots of these operating systems as well. Linux, mimicing UNIX, was designed with security and networking in mind in a multi-user environment. Windows was designed for a single user using no network or closed network.I agree with StormBringer in that it is primarily up to the user to protect their system and keep themselves up to date. I think, however, when it comes to updating, Microsoft is on-par with other operating systems. Think RedHats security update or package update management, think Gentoos emerge, think [i]Windows Automatic Updates[/i]. It could be a lot worse. (But then again, it could be a lot better!)
Supra said:
Microsoft lied, they just released a new patchSecurity Update for Windows XP (KB810217)Download size: 1.4 MB, < 1 minuteA security issue has been identified in FrontPage Server Extensions. This vulnerability could allow an attacker to run code of their choice on your system. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to restart your computer. Once you have installed this item, it cannot be removed.
poertner_1274 said:
That might have been one that was in the works before December rolled around, and they finally finished it and decided to get it out. I kinda figured they would still release some things.Also, as it has been said before as much as people rag on M$, it will continue to have problems because unexperienced users ONLY use M$, and if something happens to their system chances are they won't know what to do to fix it, so they are just permanently exploited.Knowledge is the power you need to prevent.
StormBringer said:
That may be the same security update that I got last week. I'd have to look to be sure, but I have this machine set to check once a week for updates, last week it found one.EDIT: This should shed some light on things [url]http://news.com.com/2100-1002_3-5119098.html?tag=nefd_t
p[/url][quote]Microsoft apparently doesn't know when it plans to patch. The company scrambled on Wednesday morning to figure out why a patch had been issued through its Windows Update service, when the software maker had declared on Tuesday that it would not issue any fixes in December. [/quote]
MrGaribaldi said:
Well, after reading that piece, it no longer seems so strange the MS decided not to release any new pathces in December... That they're moving towards a fixed schedule with monthly fixes will make it much easier for most of us to keep our systems (mostly) up-to-date... Granted, there will be periods where there are known flaws that might affect your system, but now you'll know when the patch is going to be released, instead of signing up to a mailinglist to know when the new patch is going to be released...
poertner_1274 said:
That would be much easier for someone to check. Instead of making it a daily or weekly habit, they can simply go back and check the site on the 12th and 25th (for example) of every month to check for updates.I think this will make things a little easier, but as Mr. G said it could leave your system vulnerable for a short period of time before they released it.I would imagine that if something big were to happen like the Blaster they would release an immediate fix. At least that is my thoughts.
agrav8r said:
[quote][i]Originally posted by poertner_1274 [/i]That would be much easier for someone to check. Instead of making it a daily or weekly habit, they can simply go back and check the site on the 12th and 25th (for example) of every month to check for updates.I think this will make things a little easier, but as Mr. G said it could leave your system vulnerable for a short period of time before they released it.I would imagine that if something big were to happen like the Blaster they would release an immediate fix. At least that is my thoughts. [/quote] If everyone checks on say the 12th won't that be similar to a DOS attack:blackeye: everyone beating down the door to get the patch at the same time? After the last run of viruses( virii, virus) everyone is more aware of windows update and thus less bandwidth for all. maybe they have enough servers after the last issue, but i doubt it. just my $.02
poertner_1274 said:
Good point, but I"m sure if they are planning on doing this sort of thing, it is soemthing they have thought of.....or maybe not :)But at any rate it will only take 1 time when all their servers go down to realize it is time to either expand their server setup or change their current setup of releasing on the same day each consecutive month.
Krugger said:
i hope they reconsider and release a patch for that URL display vulnerability in url's with that square character... that could get exploited severly and quickly.
Nodsu said:
Since it partially affects Mozilla too, MS could get sweet revenge if they actually beat the OS community to it (when hell freezes over).
---agissi--- said:
Just got home today (Dec.12th) and theres yet another update that wanted a downloading. Thought they just no more updates for this month :confused:
StormBringer said:
Dec-13, 6:54pm CST XP just did its weekly scan and found 6 critical updates. Yesterday I ran a scan manually after agissi said he got one, it found nothing. I find this a bit irritating, as MS says no updates this month, then releases 6 at one time. If the majority of users know about this claim MS has made, its surely to make them think that it is some exploit rather than a real critical update. The thought crossed my mind anyway. If you go to the Win update site and scan, it seems they have since been combined into two updates rather than the six I was first alerted to.
SNGX1275 said:
Thats odd, I have checked today and yesterday after reading this thread - I see no critical updates needed for my system except SP1. But that may be why - since I dont' have SP1.
poertner_1274 said:
Same here Dave, the only thing I still have is the SP1 Express Critical Update. I think I might just do that and see what happens wtih my VPN connection. And then I'll report back as to whether or not I have more critical afterwards. But I don't see why I would as if I don't have it yet, it should be available NOW, not after SP1 is installed.
Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.