Microsoft: Patches, Patches Everywhere! 388
Ridgelift writes "Even though Microsoft's recently announce they would not be issuing any new patches for the month of December, the boys at Redmond were scrambling today to figure out why some systems are being patched. The reason? They haven't got a clue."
Monthly patches? (Score:3, Interesting)
Uhhh, they DO know? (Score:5, Interesting)
On Wednesday morning, Microsoft discovered that a glitch in the patching process resulted in a November fix not being applied to some Windows XP computers. The same patch was sent out again via the Windows update service on Tuesday night. The company is still investigating why and how the patch was reissued.
It looks like someone modified a patch. When a patch gets updated, the KB articles (and often the fixes) are auto-published.
I'd be more interested in knowing why some corporate SUS (Software Update Services, like an in-house Windows Update) subscribers were reporting to NTBugTraq today that they got about a DOZEN updated patches last night!
Making it more intuitive and easy to use (Score:2, Interesting)
I mean, are people retarded or something? My grandpa who could barely figure out how to use a mouse was able to do an update of his computer after some simple instructions.
I suppose they could just have your PC patch itself by default but in my opinion that would suck.
Any other company than Microsoft yes (Score:3, Interesting)
Re:I dont' get it... (Score:1, Interesting)
So, while it's hunky dory for you to update three of your personal computers, it's a much bigger deal to so to dozens, especially since you can't be sure that there won't be any issues from the patch.
What is the benefit of no patches in Dec? (Score:3, Interesting)
What if a highly critical bug is discovered tomorrow, something big enough that several exploits are in the wild by next week? Will they release a patch then, or will they stick to their policy and hold out on us until 2004?
Whatever happened to One Service Pack behind? (Score:5, Interesting)
With automatic patching of machines from Windows Updates at Microsoft, it seems that everyone is thrown into chaos at the same time.
Do we really trust Microsoft enough to think that they will get their updates right everytime?
Re:Uhhh, they DO know? (Score:3, Interesting)
1) In answer to your suggestion that Microsoft knows what happened, allow me to point out a comment in the text that you yourself quoted:
The company is still investigating why and how the patch was reissued.
Not only do they not know WHY someone released a patch, they don't know HOW either!
Secondly, I'm also curious. I run an SUS server, and here's my sync log from last night:
Monthly patches are stupid (Score:5, Interesting)
You know what admins want? I'll tell you. They want to know about bugs AS THEY ARE FOUND, not AS THEY ARE PATCHED, so that we can block ports/attachments/capabilities and aren't sitting there vulnerable for months waiting for a patch. Then, when we get the patch, we want the patch to work. Lastly, we want products that aren't as much in need of patches. Are you listening? That's my top 3 requests--I don't give a rat's ass about monthly patch releases.
Here's how it works out in the real world, Microsoft. Nobody trusts your patches. After you release them, do you think we just cross our fingers and install the thing? Hell no. We do a test deployment, let it run for a few weeks, and if there aren't any problem, THEN we do the general deployment. And guess what? Frequently, we find problems with your patches and don't deploy them at all.
So this leaves us vulnerable. Sure, that's bad, but we were ALREADY vulnerable the whole time we've been using this software, and more alarmingly, we were vulnerable and you knew about it and didn't tell us while you were working on a patch.
We didn't choose to be vulnerable when we chose not to install your broken patches, we chose to be vulnerable when we chose to use your products.
Re:Monthly patches? (Score:2, Interesting)
Re:I dont' get it... (Score:2, Interesting)
Exploits from patch announcements? (Score:5, Interesting)
Here you go fella (Score:3, Interesting)
Re:Monthly patches? (Score:1, Interesting)
As for WMP 9, well... again, they don't force it. Although some very small systems would have there admin use the server as a workstation in which case WMP 9 is useful for such things as tutorials. Granted, hardly ideal but also optional, so who cares?
I'd think people would like the options, they aren't forced so why bitch about them?
If you wanna talk SUS... (Score:3, Interesting)
(Note if you don't know what SUS is, try http://susserver.com/)
Automatic Sync Started- Thursday, 11 December 2003 12:59:56 AM Successful
Updates Added:
Critical Update for Windows XP Media Center Edition 2004 (KB830786) - KB830786_WXP_MCE2_ENU_c512cb910f28d8b6051537519556 0b3.EXE
Updates Removed:
810847: February 2003, Cumulative Patch for Internet Explorer 5.01 Service Pack 3 - Q810847_B3CA04E8D113EBDE0D561AB3AFAA02EBC3922F36.E XE
813489: April 2003, Cumulative Patch for Internet Explorer 5.01 Service Pack 3 - q813489_7526690df0c1e078957b0d83f8018c0.exe
818529: June 2003, Cumulative Patch for Internet Explorer 5.01 Service Pack 3 - q818529_1d67aa22e752bb5ca55eba289ee1e9f.exe
Q324929: December 2002, Cumulative Patch for Internet Explorer 5.5 - Q324929_E34CB7562E3FADE04E0FBA7A8DF20236ABFC6C46.E XE
810847: February 2003, Cumulative Patch for Internet Explorer 5.5 Service Pack 2 - Q810847_102065CAD52C737EBBF4422AEF2CAC5E100B6EFA.E XE
813489: April 2003, Cumulative Patch for Internet Explorer 5.5 Service Pack 2 - q813489_8ebdafa9c0f5c09d0678826b4c04de5.exe
818529: June 2003, Cumulative Patch for Internet Explorer 5.5 Service Pack 2 - q818529_d8d150d39cc718ff858be51239ea081.exe
Q324929: December 2002, Cumulative Patch for Internet Explorer 6 - Q324929_55049C7F14E3EFF258F10F95FE0A3C179833CB17.E XE
Q324929: December 2002, Cumulative Patch for Internet Explorer 6 SP1 - Q324929_A90F1A87F766965A4D0FC5F1395F3E808ABE7D27.E XE
810847: February 2003, Cumulative Patch for Internet Explorer 6 - Q810847_DDE9BE0E09FF7E261B1E32AFF6F597FA27A72B6A.E XE
810847: February 2003, Cumulative Patch for Internet Explorer 6 Service Pack 1 - Q810847_C3902604B28A9E2AAD419E883ACC553FD69B84F9.E XE
813489: April 2003, Cumulative Patch for Internet Explorer 6 - q813489_2fd2c598d4beecc513c2798f443cf8e.exe
813489: April 2003, Cumulative Patch for Internet Explorer 6 Service Pack 1 - q813489_3a4cba12c72c64d461b611365375bc9.exe
818529: June 2003, Cumulative Patch for Internet Explorer 6 - q818529_5a71949492d46d5a9ed0713ed68cc98.exe
818529: June 2003, Cumulative Patch for Internet Explorer 6 Service Pack 1 - q818529_94327511db0b86d509decf6a3becf73.exe
818529: June 2003, Cumulative Patch for Internet Explorer - WindowsServer2003-KB818529-x86-ENU_0f07225ca313bf4 5fe205783dd059d0.exe
Reissued Update(s):
Security Update, February 14, 2002 (Internet Explorer 5.5) - VBS55NEN_A76B47D34E497BB2C14BA3CBED923CC042406C8B. EXE
Security Update, March 7, 2002 - Q313829_F56D00FEAAE71A0F246EA0A042B92AEEEC822F9D.e xe
814078: Security Update (Microsoft Jscript version 5.1, Windows 2000) - js51nen_8812c08817b46676876f0e06a3cda5b.exe
814078: Security Update (Microsoft Jscript version 5.6, Windows 2000, Windows XP) - JS56_DB18C6EA0F4E8522715BEEA284F6843ECE71D944.EXE
Windows 2000 Service Pack 4 Network Install for IT Professionals - w2ksp4_en_7f12d2da3d7c5b6a62ec4fde9a4b1e6.exe
Flaw In Windows Media Player May Allow Media Library Access (819639) - WindowsMedia9-KB819639-x86-ENU_bfd620da8e1529c3e4f fadfb93f33fa.exe
Q329390: Security Update - Q329390_WXP_3F60064794271F0053892985402FE5B6679D3F 2D.EXE
Q329115: Security Update (Windows XP) - Q329115_WXP_SP2_X86_1D09793FAF21249FEBCC160D341612 338DFD3154.EXE
Security Update for Windows XP (KB810217) - WindowsXP-KB810217-x86-ENU_696190f151ea0bcb063f0a8 9471e45b.exe
Q811114: Security Update (Windows XP or Windows XP
Re:Monthly patches? (Score:3, Interesting)
The company scrambled on Wednesday morning to figure out why a patch had been issued through its Windows Update service, when the software maker had declared on Tuesday that it would not issue any fixes in December.
In short, the update wasn't a 'zero-hour' patch, or a planned release.
Interestingly, this update has been mysteriously approved on our local SUS server without our knowledge. I really do hope that this patch has been thorougly tested by Microsoft, as they have just deployed it across our LAN without our consent.
Trustworthy computing? pftttt.
Stealth Patch (Score:3, Interesting)
Considering the ramifications of patches and their 'assumed authority' with autopatch, this is a very bad blunder.
Re:Monthly patches? (Score:5, Interesting)
Should I upgrade?
Media Player 6.4 won't play all of Microsofts media files anymore. WMA or ASF files created with the latest version of Media Player won't play on ver 6.4, it won't download the codecs for all of them. Subtle way for them to get people to upgrade, isn't it.
Wether that's worth upgrading for is up to you.
Re:SUS at least makes this easy. (Score:3, Interesting)
Really? It sucks for us. Our SUS client is pointed at our corporate server. When corporate decides a patch should be installed, it gets installed on our systems. The problem? I am in QA, and our systems started acting goofy lately. In particular, our Rational applications started behaving very strangely. We *think* that it is due to the MS updates, but have no way of telling without launching a full-blown investigation into the issue. We have different OSs we have to test on, and different configurations. But they all have to have these stupid patches installed automatically. And some of them you cannot un-install. Try to track down the cause of a problem when there were 10 patches installed on your system the night before.
Now that isn't necessarily MS's fault, it is more our head office's fault. We should be able to test out patches with the software we use before having it mass-deployed. Sure, mandate it for all the meat-bag virus-spreaders in sales, but leave us the F alone. The IT guys in our own building are clueless, because they don't have to do anything now - the auto-updater will take care of it, and the patches come from corporate. But like you said, that part is cake....