×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

No Patch On Tuesday For Internet Explorer Hole

timothy posted about a year ago | from the listen-to-the-rushing-air dept.

Internet Explorer 63

An anonymous reader writes "Right on schedule, Microsoft on Thursday announced its usual advance notification for the upcoming Patch Tuesday. While the company is planning to release seven bulletins (two Critical and five Important) which address 12 vulnerabilities, there is one that is notably missing: a bulletin for the new IE vulnerability discovered on Saturday. For those who didn't see the news on the weekend, criminals started using a new IE security hole to attack Windows computers in targeted attacks. While IE9 and IE10 are not affected, versions IE6, IE7, and IE8 are."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

63 comments

There is a fix (3, Insightful)

AmiMoJo (196126) | about a year ago | (#42468119)

Upgrade from XP and install IE9/10. What other manufacturer provides quick fixes for a decade old OS that is now three versions out of date?

Re:There is a fix (-1, Troll)

Anonymous Coward | about a year ago | (#42468279)

Upgrade from XP and install IE9/10. What other manufacturer provides quick fixes for a decade old OS that is now three versions out of date?

And then i installed linux

Re:There is a fix (-1, Troll)

Anonymous Coward | about a year ago | (#42468299)

He said upgrade, not downgrade. Neckbeards are so strange.

Re:There is a fix (1)

amiga3D (567632) | about a year ago | (#42468653)

Actually there's no need to upgrade, just install Firefox. Of course older hardware may actually not be able to upgrade to windows 7 and would benefit from a linux install. Just because you're lame doesn't mean everyone is.

XP Limit (1)

tuppe666 (904118) | about a year ago | (#42470869)

Actually there's no need to upgrade, just install Firefox. Of course older hardware may actually not be able to upgrade to windows 7 and would benefit from a linux install. Just because you're lame doesn't mean everyone is.

The fact that Microsoft are so incompetent that they cannot support their own OS is he point. Using Firefox is work around.

Re:XP Limit (1)

Anonymous Coward | about a year ago | (#42470957)

The fact that the OS happens to be over a decade old and 3 major versions behind is the point. Nobody else supports software that ancient.

Nobody else supports software that ancient (1)

tuppe666 (904118) | about a year ago | (#42471049)

...That is right are either low or zero cost to upgrade, with smaller hardware requirements. If the same was true of Windows this wouldn't be the problem it is.

Re:There is a fix (0, Redundant)

Anonymous Coward | about a year ago | (#42468855)

slow day at microsoft ballmer?

Re:There is a fix (0)

Anonymous Coward | about a year ago | (#42470073)

With Linux's only 2% desktop share, everyday's a 'slow day' in Penguinland!

Penguinland (1)

tuppe666 (904118) | about a year ago | (#42470903)

With Linux's only 2% desktop share, everyday's a 'slow day' in Penguinland!

After being disappointed Penguinland was not a real place discovered that Girls Games 1 has a "Penguin Land" It did not work but I got blinded by pink...F**cking love pink.

Anyway...this shit is why Linux is 75% of mobile devices and Microsoft is on 2% (Not the penguin thing) People don't buy Microsoft Phone/Surface because they want software than just works...and well that is Android. If Microsoft put more effort into creating a great experience maybe things would be different now.

Re:Penguinland (0)

Anonymous Coward | about a year ago | (#42470981)

Haha, I actually bought a windows phone because I wanted a phone that just worked and the shitdroid I had didn't. Have fun managing which apps are on your SD card like it's 1996.

Typical Windows Phone User (1)

tuppe666 (904118) | about a year ago | (#42471073)

Haha, I actually bought a windows phone because I wanted a phone that just worked and the shitdroid I had didn't. Have fun managing which apps are on your SD card like it's 1996.

I am going to bookmark your post and point to it every time someone makes reference to Windows Phone.

Re:Penguinland (0)

Anonymous Coward | about a year ago | (#42471543)

Even if you take into account every single device running Linux, it's still nothing compared to the number of devices running Windows.

Microsoft wthout the monopoly (3, Informative)

tuppe666 (904118) | about a year ago | (#42471641)

Even if you take into account every single device running Linux, it's still nothing compared to the number of devices running Windows.

Windows PC is hovering around 1.25 Billion...and shrinking a little bit, Android had hit only 625Million End of last quarter with activations hitting 1.3million daily...the number people are quoting now is 1.5miillion(ignoring the Christmas spikes). Android is expected to pass Windows this year.

Its kind of sad really. At least with Secure boot they can establish a few more years of lock-in, Go out like you came in I say.

Re:There is a fix (0)

Anonymous Coward | about a year ago | (#42473789)

What, exactly, is wrong with XP other than programming errors? Since I don't play games, I don't need the new graphics drivers. What else do I need?

Re:There is a fix (1, Informative)

UltraZelda64 (2309504) | about a year ago | (#42468323)

The difference is, most other companies don't charge you several hundred dollars for an operating system upgrade just to patch important software vulnerabilities. In fact, most other operating system distributors don't even charge a penny for such a basic service.

Re:There is a fix (2, Insightful)

Anonymous Coward | about a year ago | (#42468461)

The difference is, most other companies don't charge you several hundred dollars for an operating system upgrade just to patch important software vulnerabilities. In fact, most other operating system distributors don't even charge a penny for such a basic service.

Which operating system distributors would that be? Not Apple; they haven't supported System 9 for years. Not Red Hat; they don't support any of their 2.0 kernel based releases either.

Re:There is a fix (2)

jon3k (691256) | about a year ago | (#42469755)

So Microsoft has publicly ended support for IE8 and doesn't offer anymore updates? If so, then paying for an update would be a reasonable expectation (they should have already known to upgrade). If it's still under support, then this isn't a very reasonable option.

Re:There is a fix (1)

UltraZelda64 (2309504) | about a year ago | (#42472173)

FreeBSD. OpenBSD. NetBSD.
Slackware, Debian, Arch, Gentoo, KNOPPIX, CRUX, FINNIX...
FreeDOS, Haiku... and those are just a few that have specifically been around at least about a decade at no cost.

Add others that are newer projects, spin-offs of older ones, and/or previously commercial distributions and a whole new world opens up:
MINIX 3, DragonFly (BSD), PC-BSD (IX Systems), Ubuntu (Canonical), openSUSE, Fedora, Mandriva, Mageia, Scientific Linux, CentOS, Zenwalk, Salix, etc... the list goes on.

Never mind all those others that for whatever reason have ended development over the years, often only to be born again under a new name or replaced by something else, as well as the countless other, newer ones. And of course all those of the past that are no longer around or actively developed. Just look... it's really not that hard to find examples, and this list alone is just a quick one.

Re:There is a fix (0)

Anonymous Coward | about a year ago | (#42472263)

Oh, a freetard. My mistake, I thought you were trying to make an intelligent comment.

Carry on.

Re:There is a fix (1)

UltraZelda64 (2309504) | about a year ago | (#42472547)

Yes... because if it's "free" then it must magically be inferior.
You do know what Darwin, the core of Mac OS X, is based on--right?
I already mentioned it, but I doubt that it will matter to you until they start charging for it, eh?

Re:There is a fix (0)

Anonymous Coward | about a year ago | (#42468543)

Really? Apple charges a premium price for their hardware, and then charges for minor upgrades. Many commercial Linux distributions also do the same. I'm not sure what you mean by "most".

Re:There is a fix (1)

UltraZelda64 (2309504) | about a year ago | (#42472777)

Commercial BSDs and Linux distributions are far outnumbered by their non-commercial, community-based, donation-driven counterparts.

Ya they do (2)

Sycraft-fu (314770) | about a year ago | (#42468901)

Apple generally charges $100 per upgrade and they only do fixes for 2 versions old, so they'll update 10.6 now, but not 10.5. At the rate they release, you have to update every few years to keep getting patches. RedHat charges $350-8600 per year depending on the options you want ($350 is for self support 2 socket x86, $8600 is for premium support 4 socket POWER). Oracle charges a retarded amount of Solaris support, it is kinda a hardware/software combo support and is thousands a year, and you have to uninstall any updates if you stop paying for support.

If you pay for the software, you pay for updates at some point. MS is pretty good in that regard. 10 years from the date of release, sometimes extended. So Windows Server 2012, for example, will be supported until 1/10/2023 at a minimum.

Even in the world of free software, updates are still required for support after a time. Canoical supports a Ubutnu release for a max of 5 years (for LTS, regular is 2 years). After that, you have to get the new version. It is free, but you still have to get the new version.

Also, Windows isn't "several hundred dollars" unless you are talking Windows Server, and even then only new usually.

Re:Ya they do (1)

jon3k (691256) | about a year ago | (#42469797)

You're comparing the costs enterprise products vs. consumer (and enterprise) products, not apples:apples. As far as I know, IE8 is still supported, and the end users paid for support for a period of (typically) 10 years.

Re:Ya they do (2)

UltraZelda64 (2309504) | about a year ago | (#42473653)

Not to mention, Red Hat's business model is based pretty much completely on support... their source is open; nothing is stopping you from downloading the patches is source form and applying them yourself, or just using one of the clones (CentOS, Scientific Linux, etc.)

I don't know about actual Solaris support costs, but I do know that Oracle is one company I will never give a penny to, so to me it doesn't really matter.

Re:Ya they do (0)

Anonymous Coward | about a year ago | (#42476449)

Apple generally charges $100 per upgrade

The current version, 10.8, is $20 (for up to 5 systems)
The previous version, 10.7, is $20 (for up to 5 systems)
The version before that, 10.6, was $30 for one system (now reduced to $20) and $50 for up to five systems.

Re:There is a fix (0)

Anonymous Coward | about a year ago | (#42469215)

It's $40. Have fun. [microsoft.com]

...Plus the cost of the hardware. (1)

tuppe666 (904118) | about a year ago | (#42470939)

It's $40. Have fun. [microsoft.com]

Most XP machines will not run Vista/Windows 7/Windows 8...ignoring the fact that Windows 8 is awful. People will upgrade when their computer dies...if at all.

Re:...Plus the cost of the hardware. (0)

Anonymous Coward | about a year ago | (#42471609)

Windows 8 has lower requirements than Vista/7.

32-bit or 64-bit 1GHz Intel or AMD CPU
1GB RAM for 32-bit, 2GB RAM for 64-bit
DirectX 9 video card

I am willing to bet that most Windows XP systems still in use are capable. I have an 11 year old old Pentium 4 PC that meets those requirements.

Plus the cost of the hardware. (1)

tuppe666 (904118) | about a year ago | (#42471837)

Windows 8 has lower requirements than Vista/7.
I am willing to bet that most Windows XP systems still in use are capable. I have an 11 year old old Pentium 4 PC that meets those requirements.

One of the problems when Vista launched was most computers were running intel chipsets i915 wih 256mb or less and below that aren't going to be suddenly capable now, and would be less functional with Windows 8. That is ignoring all the hardware that won't work with Vista+ a lot didn't get drivers. Whatever you think of Windows 8. Its only worth getting on contemporary hardware with a machine (Maybe with good Vista hardware...if I was given a touchscreen monitor...but I'd wait for those to dip in price.)

Re:...Plus the cost of the hardware. (1)

UltraZelda64 (2309504) | about a year ago | (#42472901)

Why not give it a go and get back with us on its performance? Something tells me that while it might be theoretically possible on that hardware, it would be an unpleasant experience...

I have a shitty system with an Athlon 64 X2 Dual Core 3800 processor and 1GB RAM (max 2GB) and while Windows 8 is relatively snappy on its own (though still eats into swap heavily right upon boot, typical of Windows), I wouldn't dare attempt to use it for any serious work not expecting some serious memory/swapping-related problems. Similarly, if I were to upgrade to 2GB RAM, I would probably still use the 32-bit version. I would have to get a new machine with several gigabytes of RAM (at least 3GB, but more likely 4GB+) before I would even consider choosing the 64-bit version.

Re:...Plus the cost of the hardware. (0)

Anonymous Coward | about a year ago | (#42472947)

Windows 8 requires SSE2. Ruling out any CPU sold before 2006 which do qualify for the other requirements you mentioned.

You're wrong about that (1)

tlambert (566799) | about a year ago | (#42473285)

The difference is, most other companies don't charge you several hundred dollars for an operating system upgrade just to patch important software vulnerabilities. In fact, most other operating system distributors don't even charge a penny for such a basic service.

They aren't charging you to patch the security problem, they are charging you to get you the hell off Windows XP, which they don't want to support going forward because it no longer represents a marginal ongoing income for them.

Windows XP support was was announced dropped several times, finally dropped, and I understand that people don't like this, and that Microsoft had finally made an OS that was "good enough" that people don't see an incentive to "upgrade" to an OS that can only laughably be called "improved". But they aren't selling the stuff any more, and the Windows XP fan boys need to get over the fact that it's dead.

Couching a demand for Windows XP support as if it's actually a demand for a security fix for a totally separate browser product because it's convenient for you to consider them separate after Microsoft has already been hauled into court and censured for it definitely NOT being separate isn't going to get you support for your antique Windows XP.

This is no more likely than that the tactic will get you support for Windows 95 SP 2, which was also an OS that was "good enough" for most business uses, and it was only the Windows 98 SP1 bait-and-switch that made Windows 98 suck so badly that people were willing to "upgrade" to Windows XP.

Maybe Microsoft needs to use the same tactic again, and release a sevice pack for XP that makes it suck worse than Windows 7/8 to cause people to *want* to upgrade?

I don't know... but it's time to pry the cold, dead Windows XP from your fingers.

Re:You're wrong about that (1)

UltraZelda64 (2309504) | about a year ago | (#42473429)

They aren't charging you to patch the security problem, they are charging you to get you the hell off Windows XP, which they don't want to support going forward because it no longer represents a marginal ongoing income for them.

Translation: We want even more of your money, and you can't get this security update until we've seen it in the form of a yet another complete OS upgrade. Don't like the new license or additional DRM/lockout features or Metro? Tough. Don't have a machine up to spec for our latest version? Then go buy a brand new one, toss that old one in the landfill. Don't want to pay us again for yet another overpriced OS upgrade just to get another security fix? Then go elsewhere.

They are charging you because they are a corporation. Simple as that. Any living organism's requirements are air, water and sunlight. A corporation's only requirement, beyond those of the assholes running it, is money. And that is understandable until they start gouging you of it (which Microsoft has been doing for a hell of a long time).

I don't know... but it's time to pry the cold, dead Windows XP from your fingers.

No need to. I left Windows back in 2006 just in time for the V-bomb. Since then the only difficult part has been obtaining hardware that does not force you into paying the Windows tax yet again.

Re:There is a fix (0)

Anonymous Coward | about a year ago | (#42468333)

You get Windows when you buy a computer; you don't install a new version on the one you already have.

It is still a supported OS (5, Informative)

Sycraft-fu (314770) | about a year ago | (#42468367)

MS provides long support lifecycles, 10 years from release minimum and subject to extension, which XP has been. XP will continue to get updates until mid 2014.

I'm sure they intend to fix it, they just haven't gotten the fix tested yet. MS can't just go and bash out a fix and release it and hope nothing goes wrong, they have to regression test their fixes and it is not a fast process.

Re:There is a fix (2)

bunratty (545641) | about a year ago | (#42468683)

The latest versions of every other browser run on Windows XP: Chrome, Firefox, Safari, Opera, and so on. Those latest versions also contain no publicly known security vulnerabilities according to Secunia. So I guess the answer is everyone but Microsoft provides quick fixes for that decade-old OS.

Re:There is a fix (0)

Anonymous Coward | about a year ago | (#42469883)

Upgrade from XP and install IE9/10. What other manufacturer provides quick fixes for a decade old OS that is now three versions out of date?

Or just choose a different browser. Using IE is not a requirement for most users/offices/companies/etc. If your organization uses a site/service/webapp that only runs on IE (either earlier versions that require a now unsupported ActiveX component, or the site/service/app can't run on IE 8, 9 or 10, or you're running some computers on XP, etc) then you need to re-evaluate your product usage because vendor lock-in and unpatched security issues are not good for your business.

You're suggesting a small company - say, 100 computers using XP - should replace the OS on all their computers (and even replace computers when Win 7 won't run on adequately on the hardware) just because they should use IE? Um, no.

Re:There is a fix (0)

Anonymous Coward | about a year ago | (#42469983)

Patching internet Explorer is like ducktaping your eyelids to your forehead to stay awake, although probably perty funny, but it'a realy just time to go to sleep..

Not a fix. Forced obsolescence (2)

tuppe666 (904118) | about a year ago | (#42470847)

Upgrade from XP and install IE9/10. What other manufacturer provides quick fixes for a decade old OS that is now three versions out of date?

I am astonished that anyone sane would measure from the start of the XP cycle which was unnaturally long from extensive problems as Microsoft not the user. That means that 2007 when Vista was released is a much more reasonable time....If it was any good. It wasn't it ran badly on most (all) of the machines at the time which lest many people waiting windows 2007. I have four machines in my house...only one supports Windows 7, Windows 8 is quite but none have a touch screen...making Windows 8 a no no for me.

The reality is that scenario is not unusual currently 35% of people (1 in every three) currently run XP(Vista has already dropped to 5%)

Re:Not a fix. Forced obsolescence (0)

Anonymous Coward | about a year ago | (#42471007)

I can't help but notice you didn't answer the question neckbeard.

FixIt (2, Insightful)

Anonymous Coward | about a year ago | (#42468157)

They did release a FixIt, but yeah no real patch its looking like until Feb.

Re:FixIt (1)

antdude (79039) | about a year ago | (#42470417)

It will probably be an out of the bound release. MS have done this before with emergency fixes. Remember, we just had the holidays. People are back to normal lives now.

Yeah.. (0)

Anonymous Coward | about a year ago | (#42468185)

Is anybody going to notice? Are there still ppl out there who use internet explorer? Honestly?

lots of websites are IE only (0)

Anonymous Coward | about a year ago | (#42471629)

the DiscoverCard points redemption, myaccountaccess.com to redeem Visa/MC points, US Treasury/IRS website to remit payroll withholding, the UNUM Insurance payment site, NetTeller online banking

to name just a few that are IE only. The will not work with ant version of Firefox or Chrome

I'm sure it will come (0)

Anonymous Coward | about a year ago | (#42468347)

Believe it or not, Microsoft does a *lot* of testing around security fixes like this to make sure they aren't leaving similar holes or creating new ones. It sounds like this vulnerability became higher priority late in the patch cycle and didn't make this one.

IE9 &/or IE10 are good (-1)

Anonymous Coward | about a year ago | (#42468349)

Plus, it IS "FIXED" already (well, easily mitigated fixed, that is) -> http://www.neowin.net/news/microsoft-releases-fix-it-patch-for-ie6-8-exploit [neowin.net]

* And, there you are... Upgrade to either, if you can on the MS OS you are using (if you use one)...

E.G.-> I am running the IE10 'pre-release' here on Windows 7 64-bit, & it's been doing a GREAT JOB & it's not even FINAL yet!

APK

P.S.=> Plus - The "fixes" that the FIXIT patch automates are GOOD anyhow...

How/Why?

They cut off things that introduce TONS of hassles anyways (like javascript usage).

E.G.-> I only use Javascript & other "web 2.0 features" ONLY where it is ABSOLUTELY NEEDED for functionality I absolutely need!

Ala on ecommerce or online banking sites (as prime examples)...

Otherwise?

"OPERA TO THE RESCUE"

Via it's "By Site Preferences"...

So - How does THAT help?

Well, I make a GLOBAL POLICY first (that doesn't allow javascript, plugins, JAVA, Frames/IFrames, Cookies on ANY site) - this is the default here.

Then, by site as needed? I create exceptions...

Yes - &, it works to 'cut down' risk online vs. malicious exploit too - the MAIN bonus!

The added bonus? Well - without those things running, & for NO REAL NEED, you actually SURF FASTER TOO! Bonus, again!

(Especially where you do NOT REALLY NEED THEM to get what you wanted... & in my case? That's usually information, or downloads!)

... apk

Justify the downmod of my post trolls... apk (0)

Anonymous Coward | about a year ago | (#42474753)

See my subject-line above, & justify the downmod...

* I don't believe *ANYONE* can...

APK

P.S.=> I simply told it HOW IT REALLY IS, with facts, on both IE9/10 & yes, Opera also... & yes, also about JAVASCRIPT, PLUGINS, JAVA, ActiveX, COOKIES, IFrames/Frames & more being a MASSIVELY EXPLOITED THREAT online!

I.E.-> You "cut them out" as I do in Opera by it's "By Site Preferences"? You cut out avenues of exploitation (bonus), by default!

Especially on sites you do NOT NEED THEM RUNNING ON (most don't) & IN DOING SO, you surf faster as well as using less CPU cycles, RAM, & other forms of I/O as well (double bonus)

... apk

With great power... (1)

eksith (2776419) | about a year ago | (#42468661)

They fought (clean and dirty) to become top dog on the OS and browser front. Now what?

Botnets aren't composed of mostly Windows computers just because it's the most prolific (bought and pirated). It's also because of more than a decade of complacency.

I hope we'll see more real competition on all sides for the company for all our sake. Please, MS, dip into that vast wealth of bought out resources and your own research to make genuinely better products going forward at least. Side note: it's fashionable to bash Windows 8 for both real and trumped up charges, but it's just a symptom of a bigger problem. Less on the lines of Win 8, more of IE10.

No sympathy (1)

I Mean, What (2778851) | about a year ago | (#42469833)

What better way to convince IE6-8 users to stop being so stupid?

Punish them Microsoft!! Smite the fools. (1)

tuppe666 (904118) | about a year ago | (#42470973)

What better way to convince IE6-8 users to stop being so stupid?

Most won't even notice; They will just marvel that the tablet that cost a fraction of the PC runs several times faster...and no it won't be surface.

Re:No sympathy (0)

Anonymous Coward | about a year ago | (#42473253)

Release IE10 for fast, working and still most popular windows XP?

Pathetic Tuesday (0)

Anonymous Coward | about a year ago | (#42473241)

That's not Patch Tuesday. It's Pathetic Tuesday.

How can microsoft wait to release important patches once a month instead of pushing them out as soon as they are ready?

That's really sad how stupid windows administrators are that they agree to be treated like that.

Re:Pathetic Tuesday (1)

FaxeTheCat (1394763) | about a year ago | (#42473379)

Well... actually... Microsoft enterprise customers asked for it...

So Microsoft did what their most paying customers asked for. I cannot see anything stupid in that...
Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...