×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

388 comments

GNAA WUZ HERE PENSIBIRD I LOVE U (-1)

Dikky (613893) | more than 10 years ago | (#7683694)

Hello, Sir! My name is Abdullah Kumr, I am a terrorist.Please HELP ME KILL ALL AMERICANS!!! My father was on the first plane that crashed in the WTC.
I get a boner every time CNN plays that tape.

If you wish to help me in my quest for WORLD SLAVERY, please purchase a kalashnikov at your nearest kalashnikov store and HELP ME KILL ALL AMERICANS!!!

The apparent lack of a patch. (4, Funny)

Neck_of_the_Woods (305788) | more than 10 years ago | (#7683700)



I guess they are going to have to issue a patch to stop the machines from patching....ironic.

Re:The apparent lack of a patch. (2, Funny)

kautilya (727754) | more than 10 years ago | (#7683922)

Perhaps..they should move to a different business model. You will get windows for free. But you have to pay for patches!!!

Re:The apparent lack of a patch. (5, Funny)

0WaitState (231806) | more than 10 years ago | (#7683964)

We once again apologize for the fault in the patch process. Those responsible for patching the patchers who have patched the patch process, have now been patched.

KITTY-N IS ON TEH SPOKE!!!`!~ (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#7683702)

i'll always be right by your side
now our love is sanctified
i'm here to bust this groove

Monthly patches? (3, Interesting)

beattie (594287) | more than 10 years ago | (#7683717)

At the end of the article it says that MS wants to do monthly patches to make it less of a surprise to sysadmins... Anyone else see a problem with waiting a month for your windows machine to get updated?

Re:Monthly patches? (5, Informative)

Fjornir (516960) | more than 10 years ago | (#7683756)

...and of course you read the announcement about this, didn't you? And as such you know that they will still release zero-hour patches for vulnerabilities which are actively being exploited in the wild and/or are to the top left of the threat matrix (remote/system level explots).

Re:Monthly patches? (1, Funny)

ThatDamnMurphyGuy (109869) | more than 10 years ago | (#7683986)

...and of course you read the announcement about this, didn't you? And as such you know that they will still release zero-hour patches for vulnerabilities which are actively being exploited in the wild and/or are to the top left of the threat matrix (remote/system level explots).


You mean there are patches available for things OTHER than vulerabilities from Microsoft? Wow. Must have missed them at the bottom of the Windows Update page after the 250 zillion Security Patches. :-)

Re:Monthly patches? (2, Funny)

LizardKing (5245) | more than 10 years ago | (#7684064)

they will still release zero-hour patches for vulnerabilities which are actively being exploited in the wild

"Kewl", as the script kiddies might say. This simply means that those crackers who resist the urge to get some f4me for their new exploit by announcing it on a SadCrAck3r IRC channel have a four week window to root more boxes.

Chris

Re:Monthly patches? (2, Insightful)

JVert (578547) | more than 10 years ago | (#7683760)

Lets see, the world had roughly 5 weeks before blaster ran amok. Worst case scenario that patch will be delayed 4 weeks so admins get 1 week to test patches instead of the usual 5 week 'grace'.

Re:Monthly patches? (4, Insightful)

km790816 (78280) | more than 10 years ago | (#7683959)

Slow down turbo. In this case blaster was created by looking at the patch that it exploited. It only affected unpatched systems.

I won't argue that the longer one waits the bigger the window for an exploit, but given that a large number of exploits are created from looking at patches, it makes sense to compress the patch time so that sys admins can make time to make sure their infrastructure is updated all at once.

You may have the start of a point, but certainly not with reguard to blaster.

Re:Monthly patches? (2, Insightful)

ryanvm (247662) | more than 10 years ago | (#7684077)

That's a silly argument. Are you suggesting that nobody could code a virus within 4 weeks of an exploit being published? The four week window will just force virus writers to use more timely exploits.

Re:Monthly patches? (0, Funny)

Apreche (239272) | more than 10 years ago | (#7683798)

Hey guys, when you find a new back door, don't tell anyone until right after MS releases a patch. You'll have a whole 30 days to crax0r everyone's b0x0r!

Re:Monthly patches? (-1, Redundant)

Anonymous Coward | more than 10 years ago | (#7683876)

r3l4x, f00... w3 und3rst4nd j00... 5uX0r :)

Re:Monthly patches? (4, Insightful)

leifm (641850) | more than 10 years ago | (#7683809)

The benefit, at least for Microsoft, is that by making patches a routine(second Tuesday of the month) security patches are now a routine, and thus probably won't make news when they are released. This is also good for sysadmins in a way, because they can play for patch deployment, but I bet this system crumbles as soon as some flaw is wormed three weeks before the patch is scheduled for release.

Re:Monthly patches? (1)

ceejayoz (567949) | more than 10 years ago | (#7683923)

I haven't RTFA'ed, but I'd imagine Microsoft would put emergency patches out as soon as possible - that a monthly update would be more the mundane patches.

Re:Monthly patches? (1)

mosha (217365) | more than 10 years ago | (#7683810)

I think it is OK since it gives predictability. For the problems found internally or reported discreetly to Microsoft - there is very little chance that exactly the same problem will be rediscovered in 2 weeks (average of month).
Of course, for the problems which were discolsed publicly, or when the exploits were spotted - the critical patch will be issued immediatelly.

Re:Monthly patches? (1)

aheath (628369) | more than 10 years ago | (#7683997)

Predictability is very useful, but I prefer more frequent updates than what Microsoft is proposing.

Symantec usually issues new Anti-Virus defintions every Wednesday. Symantec also seems to tie software patches to the anti-virus update release schedule. I like this approach because it allows me to check for all Symantec updates once a week. The Symantec update schedule provides me with a reasonable degree of confidence that I am running the latest anti-virus and personal firewall software to protect my PC.

I've also made it a habit to check Windows Update on the same day that I check for Symantec updates. I'd prefer Microsoft to have a predictable weekly or biweekly security patch release schedule. I'd be very happy with a monthly schedule for bug fixes that do not affect operating system security. However, I feel uncomfortable if a security vulnerability is left open for more than a week.

Stupid for desktop/home users (2, Insightful)

Chuck Chunder (21021) | more than 10 years ago | (#7683816)

I have my PC set up to autodownload updates. It's no skin off my nose if I get a "you have updates ready to install" more than once a month.

It's probably just an attempt to increase the appearance of security (by decreasing patch frequency) while not actually increasing security (and in fact decreasing security as machines can be unpatched for longer).

Re:Monthly patches? (0)

Anonymous Coward | more than 10 years ago | (#7683820)

This is MS, the practice is as much about marketing. "see, I only have to patch my _uber_secure_ MS system once every month" Look on the bright side, it only takes one fully disclosed security vuln to show Microsoft for the clowns they are.

Re:Monthly patches? (2, Insightful)

BrynM (217883) | more than 10 years ago | (#7683827)

I thought about that too. It's reflective of Microsoft's attitude torward exploits: If no one releases a flaw publicly, then no one will exploit the flaw before the patch is out, right? Unfortunately for MS, we live in the real world and flaws will be exploited regardless of whether or not it's on Microsoft's schedule. I imagine that the scheduled update method will eventually bite them in the ass, but by then they would have already made a big show of "improving" security and the patch/update process - just like they are doing with the December No Patch announcement. Thus the egg on their faces will only be from us geeks in-the-know and not from the short term memories of the media and press. It's not just what and how to spin, but when you spin that matters in today's media.

Yea, compete with Linux... (1)

Anonymous Coward | more than 10 years ago | (#7683853)

Microsoft issues in 2004: 12

Linux issues, 2004: ???

Today the numbers, tommorow the PR.

Not much need for Microsoft to detail the exact nature of every patch now, is there. Here, apply this lump(tm), it's all good.

Re:Monthly patches? (4, Insightful)

Zocalo (252965) | more than 10 years ago | (#7683945)

Actually, it makes a lot of sense in the context of Microsoft's closed source, security through obscurity approach. By having patches (if any) come out on a known date each month it allows efficient network admins to plan ahead and have time available to test it and patch their systems. Well, that seems to be the theory anyway.

The obvious downside is what happens when a major new remote root exploit comes out like Blaster. However, in that case the news is all over the tech media at worst, and often the mainstream media as well, so there is nothing to stop Microsoft issuing an "emergency" patch or advisory in that case and have the word get out. Unfortunately, that apparently hasn't stopped them from failing to release a patch for the remote IE exploit [slashdot.org] announced a fortnight ago.

Mystery patch? Maybe software wants to be free! (1)

Anonymous Coward | more than 10 years ago | (#7683718)

Wait, this is Microsoft we are talking about.

fill in joke here (3, Funny)

daeley (126313) | more than 10 years ago | (#7683720)

"They haven't got a clue."

...Yes, well...

Re:fill in joke here (0)

Anonymous Coward | more than 10 years ago | (#7683800)

Well, if anyone could afford to buy a clue, it would have to be MicroSoft.

I got it (2, Informative)

Sklivvz (167003) | more than 10 years ago | (#7683729)

My machine got patched this morning, and I thought "funny, didn't microsoft say no patches for this month?" and then i saw they were dated november... but it was too late.

The reason ? (3, Funny)

frodo from middle ea (602941) | more than 10 years ago | (#7683737)

Simple, there is a bug in the patch issuing s/w which needs to be patched .

Patches for older versions of Windows (0)

Anonymous Coward | more than 10 years ago | (#7683879)

This certainly opens up the possibility that there will be patches for older versions of Windows even when Microsoft has declared them unsupported. Of course, if we thought the planned stream of patches was dangerous, untrustworthy and unstable, what is an unplanned stream of patches going to be like?

Re:The reason ? (0)

Anonymous Coward | more than 10 years ago | (#7683929)

But the patch is not going to be applyed before January 2004 ;)

Uhhh, they DO know? (4, Interesting)

LookSharp (3864) | more than 10 years ago | (#7683739)

...They haven't a clue.

On Wednesday morning, Microsoft discovered that a glitch in the patching process resulted in a November fix not being applied to some Windows XP computers. The same patch was sent out again via the Windows update service on Tuesday night. The company is still investigating why and how the patch was reissued.

It looks like someone modified a patch. When a patch gets updated, the KB articles (and often the fixes) are auto-published.

I'd be more interested in knowing why some corporate SUS (Software Update Services, like an in-house Windows Update) subscribers were reporting to NTBugTraq today that they got about a DOZEN updated patches last night!

Re:Uhhh, they DO know? (1)

zulux (112259) | more than 10 years ago | (#7683807)


I'd be more interested in knowing why some corporate SUS (Software Update Services, like an in-house Windows Update) subscribers were reporting to NTBugTraq today that they got about a DOZEN updated patches last night!


Because someone broke into Microsoft's network (again) and updated the patches with trojen?

Re:Uhhh, they DO know? (1)

Gr33nNight (679837) | more than 10 years ago | (#7683826)

This is correct. We run SUS, and this morning I came in to find about a half dozen new fixes, all for the month of November! I didnt really think much of it at the time.

Re:Uhhh, they DO know? (1)

blincoln (592401) | more than 10 years ago | (#7683933)

I'd be more interested in knowing why some corporate SUS (Software Update Services, like an in-house Windows Update) subscribers were reporting to NTBugTraq today that they got about a DOZEN updated patches last night!

I wouldn't be surprised if this was because the monthly schedule for SUS is out of sync with the main release schedule.

I run a SUS via SMS system, and last month's definition file for it didn't include MS03-051 (which I think is the Frontpage extensions patch). I believe this was because the definition file was released a few days before the monthly patch release. If that was the case, it would make sense for MS03-051 (and other patches) to be available in the December definition file.

Re:Uhhh, they DO know? (2, Interesting)

Zak3056 (69287) | more than 10 years ago | (#7683998)

Two things:

1) In answer to your suggestion that Microsoft knows what happened, allow me to point out a comment in the text that you yourself quoted:

The company is still investigating why and how the patch was reissued.

Not only do they not know WHY someone released a patch, they don't know HOW either!

Secondly, I'm also curious. I run an SUS server, and here's my sync log from last night:

Automatic Sync Started- Wednesday, December 10, 2003 2:00:07 AM Successful
Updates Added:
Critical Update for Windows XP Media Center Edition 2004 (KB830786) - KB830786_WXP_MCE2_ENU_c512cb910f28d8b6051537519556 0b3.EXE

Updates Removed:
810847: February 2003, Cumulative Patch for Internet Explorer 5.01 Service Pack 3 - Q810847_B3CA04E8D113EBDE0D561AB3AFAA02EBC3922F36.E XE

813489: April 2003, Cumulative Patch for Internet Explorer 5.01 Service Pack 3 - q813489_7526690df0c1e078957b0d83f8018c0.exe

818529: June 2003, Cumulative Patch for Internet Explorer 5.01 Service Pack 3 - q818529_1d67aa22e752bb5ca55eba289ee1e9f.exe

Q324929: December 2002, Cumulative Patch for Internet Explorer 5.5 - Q324929_E34CB7562E3FADE04E0FBA7A8DF20236ABFC6C46.E XE

810847: February 2003, Cumulative Patch for Internet Explorer 5.5 Service Pack 2 - Q810847_102065CAD52C737EBBF4422AEF2CAC5E100B6EFA.E XE

813489: April 2003, Cumulative Patch for Internet Explorer 5.5 Service Pack 2 - q813489_8ebdafa9c0f5c09d0678826b4c04de5.exe

818529: June 2003, Cumulative Patch for Internet Explorer 5.5 Service Pack 2 - q818529_d8d150d39cc718ff858be51239ea081.exe

Q324929: December 2002, Cumulative Patch for Internet Explorer 6 - Q324929_55049C7F14E3EFF258F10F95FE0A3C179833CB17.E XE

Q324929: December 2002, Cumulative Patch for Internet Explorer 6 SP1 - Q324929_A90F1A87F766965A4D0FC5F1395F3E808ABE7D27.E XE

810847: February 2003, Cumulative Patch for Internet Explorer 6 - Q810847_DDE9BE0E09FF7E261B1E32AFF6F597FA27A72B6A.E XE

810847: February 2003, Cumulative Patch for Internet Explorer 6 Service Pack 1 - Q810847_C3902604B28A9E2AAD419E883ACC553FD69B84F9.E XE

813489: April 2003, Cumulative Patch for Internet Explorer 6 - q813489_2fd2c598d4beecc513c2798f443cf8e.exe

813489: April 2003, Cumulative Patch for Internet Explorer 6 Service Pack 1 - q813489_3a4cba12c72c64d461b611365375bc9.exe

818529: June 2003, Cumulative Patch for Internet Explorer 6 - q818529_5a71949492d46d5a9ed0713ed68cc98.exe

818529: June 2003, Cumulative Patch for Internet Explorer 6 Service Pack 1 - q818529_94327511db0b86d509decf6a3becf73.exe

818529: June 2003, Cumulative Patch for Internet Explorer - WindowsServer2003-KB818529-x86-ENU_0f07225ca313bf4 5fe205783dd059d0.exe

Reissued Update(s):
Security Update, February 14, 2002 (Internet Explorer 5.5) - VBS55NEN_A76B47D34E497BB2C14BA3CBED923CC042406C8B. EXE

Security Update, March 7, 2002 - Q313829_F56D00FEAAE71A0F246EA0A042B92AEEEC822F9D.e xe

814078: Security Update (Microsoft Jscript version 5.1, Windows 2000) - js51nen_8812c08817b46676876f0e06a3cda5b.exe

814078: Security Update (Microsoft Jscript version 5.6, Windows 2000, Windows XP) - JS56_DB18C6EA0F4E8522715BEEA284F6843ECE71D944.EXE

Windows 2000 Service Pack 4 Network Install for IT Professionals - w2ksp4_en_7f12d2da3d7c5b6a62ec4fde9a4b1e6.exe

Flaw In Windows Media Player May Allow Media Library Access (819639) - WindowsMedia9-KB819639-x86-ENU_bfd620da8e1529c3e4f fadfb93f33fa.exe

Q329390: Security Update - Q329390_WXP_3F60064794271F0053892985402FE5B6679D3F 2D.EXE

Q329115: Security Update (Windows XP) - Q329115_WXP_SP2_X86_1D09793FAF21249FEBCC160D341612 338DFD3154.EXE

Security Update for Windows XP (KB810217) - WindowsXP-KB810217-x86-ENU_696190f151ea0bcb063f0a8 9471e45b.exe

Q811114: Security Update (Windows XP or Windows XP Service Pack 1) - Q811114_WXP_SP2_x86_ENU_63cfc7cfc1fb0ad0b7df3c483b 75760.exe

Detailed item description files (Read This First and End User License Agreement for all items) - aurtf1.cab

Sync Finished-Wednesday, December 10, 2003 2:02:44 AM


Re:Uhhh, they DO know? (4, Insightful)

MMaestro (585010) | more than 10 years ago | (#7684028)

Its inevitable. The larger the company/corporation the more likely it is for someone to forget to talk to someone else. In large companies such as Microsoft, you'll sometimes have two or three groups doing the same project, doing the same work, and the same research but not be aware of each other. Thats one of the (major) advantages small business have over large ones. Its easier to take the elevator down a floor and talk to group B than it is to setup a teleconference with group halfway across the globe.

OMFG FINAL EXAMS ON TEH SPOKE!!!!!11 (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#7683743)

YES OH
FLSKDJ
SLKDFJ SLDKFJSDLKF
DO ME
DLFJS SOH OFFLDKJF SLKDJF
OH DEJESUDUSLSDO ME DO[EALSK
FLK

Important Stuff:
Please try to keep posts on topic.
Try to reply to other people's comments instead of starting new threads.
Read other people's messages before posting your own to avoid simply duplicating what has already been said.
Use a clear subject that describes what your message is about.
Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page)

They are smoking crack! (1, Redundant)

CrackHappy (625183) | more than 10 years ago | (#7683751)

Microsoft says that they are going to do patches monthly. Are they basically saying that they'll only issue patches once a month? So when a malicious coder writes an exploit of a flaw, and they know about it, they're NOT going to issue a patch in a timely manner, instead they're going to make it more "intuitive" by making it MUCH easier to exploit security vulnerabilities.

WTF? I just don't get it. Anyone have information to the contrary?

Re:They are smoking crack! (0)

Anonymous Coward | more than 10 years ago | (#7683797)

In a related story. HackersNCrackers.com (the official web site for all computer hackers) has announced that they will delay any exploits until Microsoft has issued patches for them.

Re:They are smoking crack! (1, Informative)

Anonymous Coward | more than 10 years ago | (#7683824)

" Microsoft says that they are going to do patches monthly. Are they basically saying that they'll only issue patches once a month? So when a malicious coder writes an exploit of a flaw, and they know about it, they're NOT going to issue a patch in a timely manner, instead they're going to make it more "intuitive" by making it MUCH easier to exploit security vulnerabilities. WTF? I just don't get it. Anyone have information to the contrary?"They make an exception if there is an exploit available for a vulnerability.

Re:They are smoking crack! (0)

Anonymous Coward | more than 10 years ago | (#7684046)

The huge majority of exploited code...viruses..trojens that are made, are made using holes well known and holes that have already been issued a patch. Wait for it: because the notification of the hole is release only when the patch has been made! Wow imagine that!?!?

So the only people that MS really has to worry about are those security hole submitters that have gotten tired of given the run around by MS because MS is to lasy or to overrun by holes to bother listening to them.

What's the big deal? (5, Insightful)

TwistedSquare (650445) | more than 10 years ago | (#7683752)

On Wednesday morning, Microsoft discovered that a glitch in the patching process resulted in a November fix not being applied to some Windows XP computers. The same patch was sent out again via the Windows update service on Tuesday night.

The patch was due out in November, but it got missed so they re-issued. It's sort of going against what they said but it's understandable and I doubt it will make the world stop spinning. Why is this front page slashdot? If it had been any other company than Microsoft it never would have been news.

Re:What's the big deal? (4, Insightful)

sbennett (448295) | more than 10 years ago | (#7683792)

Why is this front page slashdot?

Simply because Slashdot will take any and every opportunity to make Microsoft look bad.

Re:What's the big deal? (2, Insightful)

Anonymous Coward | more than 10 years ago | (#7683888)

You mean, like Microsoft will take any and every opportunity to make Linux and GPL and OpenSource look bad?

Any other company than Microsoft yes (3, Interesting)

Anonymous Coward | more than 10 years ago | (#7683872)

Any other company like Microsoft no, the catch being of course that there arent any other companies like Microsft. Microsoft is singled out because it stands alone in its class, and it is an undeniable adversary of the GPL ... no other reason.

Re:Any other company than Microsoft yes (-1, Flamebait)

Anonymous Coward | more than 10 years ago | (#7684026)

OH NO they oppose the GPL?!?! Faggot.

Re:What's the big deal? (1)

orange_6 (320700) | more than 10 years ago | (#7683887)

Exactly! I'd rather have a patch reissued or issued late than no patch at all.

Re:What's the big deal? (0)

Anonymous Coward | more than 10 years ago | (#7683980)

Better than that, just gain yourself some computing knowledge and stop using shite software.

All software gets patched, it's just some software seems to have "critical" patches at a seemingly unstopable rate and sys admins who get confused if they have to venture outside their GUI.

Point and drool, who needs it

Re:What's the big deal? (1)

vwjeff (709903) | more than 10 years ago | (#7683985)

Why is this front page slashdot? If it had been any other company than Microsoft it never would have been news.

1. Yes, this Frontpage is on Slashdot because it has a critical flaw. 2. It is Microsoft, need I say more?

That's right (4, Insightful)

truthsearch (249536) | more than 10 years ago | (#7683988)

If it had been any other company than Microsoft it never would have been news.

But it wasn't any other company. It's the company that believes it knows what's best for everyone. The same company that believes it deserves to control all software on Earth. When they make a "big" policy change, even these insignificant ones, and then mess it up right away, it's news.

Re:What's the big deal? (1)

pair-a-noyd (594371) | more than 10 years ago | (#7684038)

I find in this that it's a sad thing that Microsoft can't seem to manage their own affairs, the left hand doesn't know what the right hand is doing and the utter lack of control.

So, it's not a big deal that they issued a patch, it's a big deal that they are freaking out about their ignorance of their own systems, procedures and processes..

Re:What's the big deal? (2, Insightful)

jldrew (629581) | more than 10 years ago | (#7684048)

Why is this front page slashdot? If it had been any other company than Microsoft it never would have been news.

True. The reason why this is on the front page of slashdot is, as an AC trolled:

Any other company like Microsoft no, the catch being of course that there arent any other companies like Microsft.

Of course, said troll quickly gets to the trolling, but the first part is dead-on. Microsoft is big, they're more relevant to slashdot users than any other company.

Then again, the submitter worded his submission so that the mystery patch sounded scary, but if you RTFA, it's not. Perhaps timothy fell for it.

Re:What's the big deal? (0)

Anonymous Coward | more than 10 years ago | (#7684051)

"If it had been any other company than Microsoft it never would have been news."

Why was invading Iraq on the front page of national newspapers? If it had been the United States of TwistedSquare, it never would have been made news.

Where is Edward James Olmos? (5, Funny)

charlieo88 (658362) | more than 10 years ago | (#7683754)

So the computers are patching themselves now, are they?

When exactly was it that the Cylons are supposed to attack?

SUS at least makes this easy. (5, Insightful)

Coaster-Sj (614973) | more than 10 years ago | (#7683757)

Ever since we started using Software Update Services this has been cake.
All the clients just pull the windows critical updates that we approve from OUR servers.
I feel sorry for anyone who is trying to run around and do them by hand.

Updated patches (1)

fluor2 (242824) | more than 10 years ago | (#7683765)

There's only some bugfixes of recent patches. This means that there was updated versions of patches, but not any "new" stuff.

Frankengates (1)

Ridgelift (228977) | more than 10 years ago | (#7683767)

The same patch was sent out again via the Windows update service on Tuesday night. The company is still investigating why and how the patch was reissued.

Too bad Mary Wollstonecraft Shelley wasn't alive today. "Frankenstein" could be re-written as a terrible monster bent on world domination that in order to survive must feed on a never-ending stream of patches.

Dracula? (1)

jot445 (637326) | more than 10 years ago | (#7683864)

Sounds more like Dracula, with all that feeding. Oh wait, with Dracula the patches are applied after the feeding. lol.

Transcript (4, Funny)

blogboy (638908) | more than 10 years ago | (#7683768)

"Hey Bob...did you patch this?" "No, I thought you did." "Phil!" "What?" "Is this your patch?" "Not me. No patches in December, remember? It's our gift to the world." "Then who the hell...hey Eddie!" "Not now...I'm trying to track down this patch..." "Crap."

Fin.

scary (0)

Anonymous Coward | more than 10 years ago | (#7683774)

Maybe the Debian, Gentoo(?) and Savannah weren't the only servers hacked recently.

Someone seems pretty intent on injecting bad code to peoples computers..

Microsoft did the right thing (5, Insightful)

spitzak (4019) | more than 10 years ago | (#7683776)

If I understand this right, there was a bug. Maybe this bug was introduced by the previous patch, or maybe the previous patch did not work as expected, or whatever, but no matter what the reason, there was a bug, they could fix it, and they sent out a patch. That is the correct behavior.

They were probably being pretty stupid to say "no new patches". Due to Murphy's law, that guarantees that a problem will come up within days. Probably if they said "we are going to issue more patches than ever" then suddenly all their programmers would start have trouble finding bugs or figuring out how to fix them...

Anyway we can laugh at marketing for the "no new patches" but technically they did the right thing.

Re:Microsoft did the right thing (2, Funny)

Short Circuit (52384) | more than 10 years ago | (#7683934)

When they said "no new patches", they meant it. They simply raised existing patches. :)

I was unlucky... (1)

eaddict (148006) | more than 10 years ago | (#7683777)

and I got it. It managed to hose my system to the point that I had to pull out all the RunOnce and Run entires in the registry for my system to get going. I am unsure what the patch did..

And... (5, Funny)

Nom du Keyboard (633989) | more than 10 years ago | (#7683796)

It moved to a fixed schedule of monthly patches to make the process more predictable for network and system administrators.

...and virus writers.

RTFA. jesus (4, Informative)

User 956 (568564) | more than 10 years ago | (#7683799)

the boys at Redmond were scrambling today to figure out why some systems are being patched. The reason? They haven't got a clue.

The do have a clue. Read the article. It's because a November patch for frontpage wasn't applied to some machines.

no no no, rtWfa (4, Informative)

White Shade (57215) | more than 10 years ago | (#7683907)

if you read the WHOLE article you find this:

The same patch was sent out again via the Windows update service on Tuesday night. The company is still investigating why and how the patch was reissued.

So, they have a reason for it to be released, but they don't actually know why or how it got released... so... maybe 'they haven't got a clue' is a bit of overstatement, but they certainly don't have the whole clue.

Re:RTFA. jesus (0)

simdan (207210) | more than 10 years ago | (#7683981)

Read it again: "The company is still investigating why and how the patch was reissued." They know who is being patched. They don't know who in MS released it or why it was released when no one in MS is supposed to be release patches.

No Clue? (-1, Flamebait)

jot445 (637326) | more than 10 years ago | (#7683803)

Sorry, but Microsoft didn't have a clue long before the month of December.
There were clues scattered on the ground around them, but they were unable to get/find one.

I dont' get it... (4, Insightful)

chill (34294) | more than 10 years ago | (#7683808)

The idea of monthly patches was to ease the burden on corporate sysadmins.

MS makes an update server freely available, and it can serve XP Pro, NT Workstation and 2000 Workstation -- the official corporate clients.

How hard is it to have your central corporate update server get the patches DAILY, if necessary, and push them out on a schedule with SMS? Or a login script, or...

This also gives the sysadmin time to regression test some patches if that is their policy.

Big business clients -- you know, the ones benefitting from the monthly schedule -- shouldn't be using Windows Update anyway!

-Charles Hill

Re:I dont' get it... (1, Interesting)

Anonymous Coward | more than 10 years ago | (#7683909)

Have you ever been responsible for 100's of machines? You can't just patch and hope it all works out. Patches have been known to break things, and aren't always uninstallable.

So, while it's hunky dory for you to update three of your personal computers, it's a much bigger deal to so to dozens, especially since you can't be sure that there won't be any issues from the patch.

Re:I dont' get it... (2, Insightful)

Gr33nNight (679837) | more than 10 years ago | (#7683911)

With SUS its very easy. We have our SUS server sync up with the Windows Update every morning at 4 am, then I manually test and approve each patch for deployment. Then it is automatically installed upon reboot of the users machines. Very simple and easy.

It' MS's fault (5, Funny)

nytes (231372) | more than 10 years ago | (#7683821)

They keep sending me those security patches in email, and I keep applying them. I wish they'd stop it.

Re:It' MS's fault (1, Funny)

CodeHog (666724) | more than 10 years ago | (#7683896)

Mod this one up, that is funny. I was talking to a guy who actually did apply one of the security patches he received in an email. One of his *friends* told him to do it. Hmmmmm....with friends like that... anyway, I informed him M$ NEVER sends patches via emails. He was genuinely surprised. Live and learn.

Obligatory Treasure of the Sierra Madre quote (4, Funny)

adso (469590) | more than 10 years ago | (#7683828)

Patches? We don't need no stinking patches!

Re:Read my lips ... (0)

Anonymous Coward | more than 10 years ago | (#7683881)

no new patches!!

monthly patches??? (1)

thanasakis (225405) | more than 10 years ago | (#7683836)

Microsoft has previously said that it would attempt to make its patching process more intuitive and easy to use. It moved to a fixed schedule of monthly patches to make the process more predictable for network and system administrators.

Though this may be ok for systems like solaris, IMHO this would be a wrong move. If you are gonna wait until next month to patch your systems there will be many more worm outbrakes like those we've seen last summer.

The difference is that most windows systems are being used by mom'n'pop, and they tend to think that their computer is like an ultra smart typewriter. They know how to type their word documents but they wouldn't know system administration even if it kicked them in the back.

Windows needs an *automated* procedure for patching and patches that arrive on time, *not* when it's too late.

Making it more intuitive and easy to use (2, Interesting)

aflat362 (601039) | more than 10 years ago | (#7683852)

The article states that Microsoft is making the patch process more intuitive and easy to use. How much easier could it be than opening a link to a web site, pressing scan, reading a list of results with descriptions and selecting the ones you want?

I mean, are people retarded or something? My grandpa who could barely figure out how to use a mouse was able to do an update of his computer after some simple instructions.

I suppose they could just have your PC patch itself by default but in my opinion that would suck.

Interesting...... (2, Informative)

vwjeff (709903) | more than 10 years ago | (#7683855)

I went to Windows Update like all users should (must)do and found one patch for Win XP. It is a Frontpage Server Extensions Patch. It looks pretty serious and I can see why they would want it released quietly. Here's the URL:

http://support.microsoft.com/default.aspx?scid=k b; en-us;810217

The Final Windows Patch (1, Funny)

Doc Squidly (720087) | more than 10 years ago | (#7683857)

All these M$ patches are getting annoying, so I've applied the last fix for M$ problems that I'll ever need.
It's called LINUX [linux.org].
There's even a version of this patch works great on PPC [linux.org].

Re:The Final Windows Patch (0)

Anonymous Coward | more than 10 years ago | (#7683926)


That has got to be the worst attempt at lame Linux Karma Whoring I've ever read, "Doc".

Re:The Final Windows Patch (0)

Rallion (711805) | more than 10 years ago | (#7683937)

Your patch broke all my games! Bastard. *Loves his interactive escape-from-reality software too much to switch. Sigh.* I have a free partition just waiting for a Linux install, but It's since occurred to me that I never have the computer on for more than 20 minutes without loading up a game. How pathetic is that?

Uh oh.. (1, Insightful)

devphaeton (695736) | more than 10 years ago | (#7683859)

You mean the patch i just installed is a MYSTERY TO MICROSOFT TOO?

Holy shit! ....at least that's what i was thinking when i read that headline. like "oh great, now some ghey crax0rz have infiltrated Windows Update....

*whew*, i think..

Double Entendre. (1)

Ridgelift (228977) | more than 10 years ago | (#7683878)

"The Reason? They haven't got a clue."

Double Entendre: a word or expression capable of two interpretations

aka: Microsoft is clueless.

No, they have got a clue. (2, Insightful)

Rahga (13479) | more than 10 years ago | (#7683889)

See, here's how it goes.

-Microsoft knows their software is weak when it comes to security.

-Microsoft pleads to the security community not to make any vulnerabilities public prior to notifying them for at least a few weeks, and sues everyone who doesn't fall in.

-Microsoft reveals the reason it wants vulnerabilites not to go public.... So CTOs can claim that security updates only happen every month rather than every day, keeping their job intact and making more money for MS in the long run.

-Somebody who cares about security rather than marketing posts a needed FrontPage Extensions update.

See.... someone at Microsoft has a clue. They just don't talk to the marketing folks. I don't blame 'em.

I already switched (0, Offtopic)

cavemanf16 (303184) | more than 10 years ago | (#7683906)

I have already migrated to Linux, and hence don't care about Microsoft patches anymore.

And you know what, Linux isn't that great initially. The install can be a little tough depending on the distro, not all my stuff is instantly recognized, yadda yadda yadda, but now that I've been fudging around with it for a while, WOW! My server just sits there and WORKS without crashing after X days. My main "power" machine just keeps on churning away, and installing new programs NEVER requires a reboot (unless it's the kernel of course).

Not to mention the fact that security updates are ready in days or hours, not weeks or months. Sure, it's a challenge to get Linux up and running to the place where it really rocks, but it's worth it. To those of you who aren't all consumed with the latest Windows game(s), give Linux a try. It does email, web surfing, office apps, audio apps, and a lot of other stuff right off most FTP servers, so it's not a piece of crap anymore.

I will also bet you that your paranoia level will go down quite a bit when you start using the inherently, by-design, more secure Linux. (Or any *BSD if that's how you swing)

WTF? (4, Insightful)

ChangeOnInstall (589099) | more than 10 years ago | (#7683928)

How can a company claim that:

There will not be any patches issued in the month of december

and

they release patches more promptly than Linux vendors?

What is the benefit of no patches in Dec? (2, Interesting)

zapp (201236) | more than 10 years ago | (#7683939)

Any ideas why this would be beneficial at all? Are they going for the record thing, like some work places have a big sign that say "It's been days since the last workplace injury"? Are they trying to say "hey, Windows is secure! See, no patches released in days"?

What if a highly critical bug is discovered tomorrow, something big enough that several exploits are in the wild by next week? Will they release a patch then, or will they stick to their policy and hold out on us until 2004?

Addendum (5, Funny)

tds67 (670584) | more than 10 years ago | (#7683942)

In October, Microsoft committed to making its patch-release schedule more regular, by only publishing patches on the second Tuesday in each month.

In other news today, the Cracker community announced it would commit to new virus and worm releases on the second Wednesday in each month.

Whatever happened to One Service Pack behind? (5, Interesting)

mr_lithic (563105) | more than 10 years ago | (#7683955)

It used to be the standard method of dealing with Microsoft Service Packs that you never deployed the latest one on your boxes. You always stayed one step behind. This practice was proved right with the Service Pack 6/6a debacle.

With automatic patching of machines from Windows Updates at Microsoft, it seems that everyone is thrown into chaos at the same time.

Do we really trust Microsoft enough to think that they will get their updates right everytime?

smaller vs. larger patches (2, Troll)

Dynamic Ranger (725268) | more than 10 years ago | (#7684002)

You can keep using smaller and smaller patches, and eventually, you can stop smoking.

Or, you can keep using larger and larger patches and eventually become a smoker.

Windows Update Hacked = All Windows Hacked? (1)

placeclicker (709182) | more than 10 years ago | (#7684007)

If someone gained access to that server.. what if they sent out a virus disguised as a patch? I bet more people patch rather than don't patch

At least this was just a "glitch"

Monthly patches are stupid (5, Interesting)

Anonymous Coward | more than 10 years ago | (#7684009)

As someone who has to keep over 1000 clients patched, I have no idea what they're talking about when they say "admins want this".

You know what admins want? I'll tell you. They want to know about bugs AS THEY ARE FOUND, not AS THEY ARE PATCHED, so that we can block ports/attachments/capabilities and aren't sitting there vulnerable for months waiting for a patch. Then, when we get the patch, we want the patch to work. Lastly, we want products that aren't as much in need of patches. Are you listening? That's my top 3 requests--I don't give a rat's ass about monthly patch releases.

Here's how it works out in the real world, Microsoft. Nobody trusts your patches. After you release them, do you think we just cross our fingers and install the thing? Hell no. We do a test deployment, let it run for a few weeks, and if there aren't any problem, THEN we do the general deployment. And guess what? Frequently, we find problems with your patches and don't deploy them at all.

So this leaves us vulnerable. Sure, that's bad, but we were ALREADY vulnerable the whole time we've been using this software, and more alarmingly, we were vulnerable and you knew about it and didn't tell us while you were working on a patch.

We didn't choose to be vulnerable when we chose not to install your broken patches, we chose to be vulnerable when we chose to use your products.

This is Newsworthy? (0, Flamebait)

snevig (555801) | more than 10 years ago | (#7684037)

Good grief, Charlie Brown, /.'s blatant anti-M$ obsession is becomming embarrasingly transparent for this glitch to be newsworthy.

Re:This is Newsworthy? (1)

MagicBox (576175) | more than 10 years ago | (#7684075)

This news is a bit biased, but that's ok, after all we're talking about MS here. it's funny because I patched my XP last night with that same exact patch. I was worried for a moment since I knew it wasn't *that time of the month* yet for the patch, but after reading the description and the version of the file I decided to do it.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...