Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Microsoft Bug Security

Microsoft Rereleases Patch to Fix Problems 226

Posted by CowboyNeal from the if-at-first-you-don't-secure dept.
AbdullahHaydar writes "From CRN: 'One day after releasing a fix for an Office XP flaw, Microsoft upgraded the severity of the vulnerability to critical and re-issued a new patch to address a new attack scenario discovered in the last 24 hours.' The funny thing is that the second bug they missed with the first fix is 'critical' whereas the original bug the fix was for is 'important.'"
This discussion has been archived. No new comments can be posted.

Microsoft Rereleases Patch to Fix Problems More

Microsoft Rereleases Patch to Fix Problems

Comments Filter:

  • It ain't necessarily so (Score:5, Insightful)

    by Space cowboy ( 13680 ) * on Thursday March 11, 2004 @07:49PM (#8537820) Journal
    The fact that 24 hours after releasing an 'important' bug patch, Microsoft re-released a 'critical' bugpatch should *not* be held against them! It certainly would not be the first time someone had realised that the consequences of X are far more than previously thought.

    I'm no apologist for MS (see my posting history :-), but re-relasing a new patch at a higher security classification ought to be applauded, not ridiculed. Fair play, guys, and play the game according to *all* the rules, not just the "Redmond -4" ruleset...

    Simon

    • Re:It ain't necessarily so (Score:4, Insightful)

      by Kethinov ( 636034 ) on Thursday March 11, 2004 @07:50PM (#8537842) Homepage Journal
      Yeah, my thoughts exactly.

      I read the headline and the summary and it left me wondering "uh, and?"

      This just in, grass is green! Whether you're OS is corporate or open source, security patches are going to happen and revisions of security patches are going to happen.

    • I'm no apologist for MS (see my posting history :-), but re-relasing a new patch at a higher security classification ought to be applauded, not ridiculed.

      Applauding Microsoft for having to re-release a patch is like applauding Idi Amin for only eating some dude's skin and muscles and not his intestines or eyeballs. Or applauding Paris Hilton for having the good sense to only videotape herself having regular and oral sex and not anal sex.

      GMD

    • But perhaps Microsoft should be criticised for releasing a partial fix earlier? For not investigating the earlier problem with enough dilligence?

      • Re:It ain't necessarily so (Score:4, Insightful)

        by pantycrickets ( 694774 ) on Thursday March 11, 2004 @08:46PM (#8538224)
        But perhaps Microsoft should be criticised for releasing a partial fix earlier? For not investigating the earlier problem with enough dilligence?

        Perhaps nearly every network enabled software developer should be criticised for the same? I'm sorry, but that was an asinine statement.

        Nearly every major piece of software on any OS, especially those that accept network connections have had multiple vulnerabilities over time. Even those developers who are extremely diligent (ie. OpenBSD) have had their share of problems.

        Any action on a developers part, especially a proactive one, should be commended..
        • Perhaps nearly every network enabled software developer should be criticised for the same?

          Clearly multiple vulnerabilities exist and are discovered. My issue is that if a new patch is released one day after the first patch was released, it appears that insufficient investigation went into the first problem. One might also want to question the level of quality control that went into the second patch.

          Any action on a developers part, especially a proactive one, should be commended.

          I agree that Microso

        • Yes, as you point out, "Nearly every major piece of software on any OS, especially those that accept network connections have had multiple vulnerabilities over time".

          BUT - and here is where your post leaves rationality - what NEW vulnerability was discovered, investigated, fixed, extensively tested, and released in those 24 hours?

          G'parent post is not asinine, it makes a good point - why was a fix that evidently was already in the pipeline not released 24 hours earlier with the other patch, or, if 24 hours

      • Re:It ain't necessarily so (Score:5, Insightful)

        by the_mad_poster ( 640772 ) <shattoc@adelphia.com> on Thursday March 11, 2004 @08:50PM (#8538249) Homepage Journal

        So everyone could get on their ass for slow patching instead?

        Look, they patched a hole in a relatively decent period of time. They then patched additional issues quickly as well.

        I hate Microsoft too, but for crying out loud... how utterly fucking naive do you have to be to sit there trying to spin reasonable patch fixes against the company? Some people just need to get a life...

        • So everyone could get on their ass for slow patching instead?

          Look, they patched a hole in a relatively decent period of time. They then patched additional issues quickly as well.

          An alternative explanation that fits the known facts is that Microsoft did not expend sufficient resources investigating the problem and fixing it. Time has nothing to do with it if they did a lousy job in the first case.

          Spinning multiple fixes within a day of each other benefits no-one. Microsoft should be expected to:
          1. Do

          • Re:It ain't necessarily so (Score:4, Insightful)

            by the_mad_poster ( 640772 ) <shattoc@adelphia.com> on Thursday March 11, 2004 @11:26PM (#8539373) Homepage Journal

            You've got to be kidding me, right? Look, I've got it in for Microsoft-the-monopoly, but not like this. They patched a damn problem and they did it fairly quickly. Even if they goofed on the first one, they took a mere 24 hours (a fairly typical OSS turnaround) to come back and offer reparations for it. Not only did they not drag their feet on the fix, they didn't drag their feet on repairs of a potential oversight from the first one.

            Note the bold highlights since it's all speculation as to whether it was their goof or a mere coincidence that additional issues were discovered in the process. Some people are just trying to spin one of Microsoft's rare good moments against them as a knee-jerk reaction. I'm all for alternative OS's and choice, but on technical merit, not knee-jerk anti-MS reactions and unsubstantiated speculation.

    • Seems I rememebr reading somewhere: http://slashdot.org/article.pl?sid=04/02/26/155520 8&mode=thread that the only reason Windows has holes is due to the patchs. Was the 1st patch not creating a big enough crevasse and the Redmond crowd needed to dig a deeper one?
    • After reading your post and the ones below it, I am left wondering if Microsoft didn't quite let their testing department finish before releasing the patch.

      At least they fixed it, in any case. But now I'm wondering if there aren't other things they missed, or that the poor Patch Testing monkeys will find tomorrow.... not that releasing incomplete or flawed patches is that unusual for Microsoft (and yes, I'm aware that it can happen to anyone, but MS has quite a track record in that respect)

      SB
    • Microsoft has been patching patches, to patch patches with patches, for the past 10 years with limited success. It's gotten out of control and now they call the really big patches "Upgrades".

      This article seems more a testament to the futility of patching windows, not a dig at making mistakes.

      - Oxymoron: Microsoft Works

    • Yeah, but it's totally cheating the way Redmond uses that Spell Trigger with Absolute Immunity, Spell Turning, and Spell Trap!

    • >but re-relasing a new patch at a higher security classification ought to be applauded, not ridiculed.

      You're new here aren't you?

      This is just our Microsoft Two Minutes of Hate. When you see these posts you're supposed to seeth in rage and imagine Bill Gates.

      Perhaps if we weren't such hypocrites we would be taken more seriously and more people would be running Linux for its merits and not for the hype or manufactured political reasons.

  • The problem.. hmm... (Score:5, Funny)

    by thrillbert ( 146343 ) * on Thursday March 11, 2004 @07:49PM (#8537825) Homepage
    I love that headline.. a patch to fix problems.. great.. I'll apply it to my marriage, my job, my car, my bank account (too little money could be a problem).. and I'll apply it twice to my teenage daughter for better results..

    I knew eventually microsoft would do something right...

    ---
    Universe, n.:
    • The problem.
  • Retry, Reboot, Reapply, and Reinstall...

  • This is consistent (Score:5, Funny)

    by El ( 94934 ) on Thursday March 11, 2004 @07:50PM (#8537841)
    Remember, to Microsoft it is not an important problem unless they already have a fix for it!
    • Especially because, after all, Windows vulnerabilities result from MS patches [slashdot.org], and there's no such thing as a hole that's not already been patched. ;-)
    • Remember, to Microsoft it is not an important problem unless they already have a fix for it!

      I know you were kidding around, but -

      This is true almost everywhere. If you release information about a vulnerability before you have a fix for it you invite folks to test your shiny new vulnerability ;-)

      I've been impressed with MS' stance on security since about last June - but now we see people using MS security bulletins to write worms.

      Look at Blaster - MS released a security bulletin and a fix, and Blast

  • More information on the vulnerability (Score:5, Informative)

    by windows ( 452268 ) on Thursday March 11, 2004 @07:51PM (#8537854)
    More information on the vulnerability can be found here [microsoft.com].
    • Subsequent to the release of this bulletin, it was determined that this vulnerability could also affect users who do not have the "Outlook Today" folder home page as their default home page in Outlook 2002. As a result, Microsoft has re-released this bulletin with a new severity rating of "critical" to reflect the expanded attack vector.

      Much like other users have suggested, there's no reason in harrassing them. They discovered the patch was exploitable on a wider scale than previously thought, and quick

  • Two bugs in one place (Score:5, Insightful)

    by Anonymous Coward on Thursday March 11, 2004 @07:53PM (#8537864)
    As I recall it took more than 24 hours for the second bug in the mremap function to be found in Linux. While bashing MS is always fun & exciting (and I do think their security sucks). I think Slashdot should try to post more stories about how Linux could be improved (security & functionality). Not to imply that Linux is bad, but there is this reactionary attitude where we must adapt to everything MS does as opposed to doing things first. No Longhorn till 2006 should not mean we sit around waiting for MS to come out with something to whine about. It should be seen as an opportunity to evolve Linux in new directions that MS can't emulate. Don't be afraid to embrace changes that could propel us way ahead of them.

    • Re:Two bugs in one place (Score:4, Informative)

      by KingOfBLASH ( 620432 ) on Thursday March 11, 2004 @08:16PM (#8538022) Journal
      One of the nremap bugs posted on slashdot was really a dupe. It was the same thing and already fixed. At least, that's what I was told. See this [linuxquestions.org] thread on LinuxQuestions.org

    • Us vs Them (Score:2, Interesting)

      by Anonymous Coward
      Don't be afraid to embrace changes that could propel us way ahead of them.

      So this is what it's come down to? How many people share the "us" vs. "them" mentality? I thought people contributed to Linux in order to take part in something greater than what they could do alone, rather than as a way of beating Gates & Co.

      I know, I know... I must be new around here.

  • Facts of life? (Score:5, Funny)

    by nmoog ( 701216 ) on Thursday March 11, 2004 @07:53PM (#8537865) Homepage Journal
    "People have resigned themselves to this being a fact of life. "
    Life, death, taxes, and patching flaky patches.

  • Patches (Score:4, Insightful)

    by black mariah ( 654971 ) on Thursday March 11, 2004 @07:55PM (#8537884)
    Exactly how is this different from the multitude of patches to fix things in the Linux kernel? Or patches in ANY OSS project? Are you trying to tell me that there has never been a security patch to any Linux kernel ever?

    I seem to recall a /. story just a short while back about a security vulnerability in the Linux kernel that was patched and te resulting posts were nothing but a bunch of open source taint nuzzling. When MS fixes a problem on the other hand, it's a bad thing.

    • Exactly how is this different from the multitude of patches to fix things in the Linux kernel? Or patches in ANY OSS project? Are you trying to tell me that there has never been a security patch to any Linux kernel ever?

      Not at all. It's just that Windows is plagued with exploits and viruses, while *BSD and Linux does not suffer the same fate.

    • Re:Patches (Score:3, Interesting)

      by rusty0101 ( 565565 )
      Nope. When Microsoft releases a patch, it's not always good or bad. I think that most people would catagorize what is updated into one of three catagories,

      Good thing: patches that prevent remote exploits of upnp, remote takeover via corrupted mp3 files, or valid mp3 files with embeded URL's to locations that allow script kiddies to make use of your computer, and the like.

      Bad thing: patches that update the EULA to allow Microsoft to keep track of what music, videos, etc. you like to pay attention to. Patch

  • Uh.... (Score:3, Funny)

    by mrseigen ( 518390 ) on Thursday March 11, 2004 @07:56PM (#8537886) Homepage Journal
    So what, they did a dupe?

  • Apache OS (Score:5, Funny)

    by Eberlin ( 570874 ) on Thursday March 11, 2004 @07:58PM (#8537905) Homepage
    Ok, ok, patching is a part of life -- that's understood. We have to patch our Linux installs too, after all. However, the Linux community doesn't seem to wrap itself in this strange PR shroud that MS does. You know the one -- how hackers are good for testing MS software and then how hacks aren't found until after MS releases a patch...oh and this business about making patch management easier by bundling patches monthly instead of releasing them sooner to protect their customers from harm.

    Right. So here we have a patch that should've probably been QA-ed to death (since they're doing this monthly instead of knee-jerk) and then later issuing another patch to properly plug the hole.

    I guess after they um...opened the source to some of Windows, they're only following suit by doing the "Release early, release often" mantra. Next thing we know, they'll be sponsoring Linux-friendly news sites and even exhibiting in Open Source conventions.
    • And for all the misplaced Microsoft fan bois, the post is obvoiusly meant to be funny, but it carries a bit of the old truth. If Linux was in Microsofts position (convicted monopolist, proprietary, pedatory) we'd all be laughing at them. News? I though Slashdot was more of a IT gossip column. ;-)

    • Re:Apache OS (Score:2, Informative)

      by Anonymous Coward
      The patch itself was fine. Re-issuing the patch (in this case) means that they changed the severity level. It doesn't mean that they changed the code or that the original patch had some problems with it.

      Also, the monthly patch release scenario is NOT for critical security updates, but non-security bugfixes. Security-related patches are released as often as need be.

  • that patch must be huge (Score:3, Funny)

    by minusthink ( 218231 ) on Thursday March 11, 2004 @07:58PM (#8537907)
    "Microsoft Rereleases Patch to Fix Problems"

    all of them?

  • Great choice of article (Score:4, Funny)

    by mattgreen ( 701203 ) on Thursday March 11, 2004 @08:02PM (#8537937)
    I applaud the Slashdot editors once again in choosing a relevant and timely news story. Never before has a patch been reissued. This is surely a momentous day on the Internet.

    Plus we can have a chance to talk about how our favorite operating system would never do such a thing! This IS a great post!

  • They did not re-issue a new patch! (Score:4, Informative)

    by Nevo ( 690791 ) on Thursday March 11, 2004 @08:03PM (#8537946)
    It's the same patch they released yesterday. They just discovered it's more serious than they first thought, so they released the same binaries with a higher severity.

    http://www.microsoft.com/technet/security/bullet in/ms04-009.mspx

    Read the revisions section

    • Re:They did not re-issue a new patch! (Score:4, Informative)

      by Nevo ( 690791 ) on Thursday March 11, 2004 @08:06PM (#8537964)
      Just to quote the relevant section:

      Why is Microsoft re-issuing this bulletin
      Subsequent to the release of this bulletin, it was determined that this vulnerability could also affect users who do not have the "Outlook Today" folder home page as their default home page in Outlook 2002. As a result, Microsoft has re-released this bulletin with a new severity rating of "critical" to reflect the expanded attack vector. The update released with the original version of this security bulletin is effective in protecting from the vulnerability and users who have applied the update or have installed Office XP Service Pack 3 do not need to take additional action.
    • Wrong! From the microsoft patch site:

      • V1.0 (March 9, 2004): Bulletin published
      • V2.0 (March 10, 2004): Bulletin updated to reflect on a revised severity rating of Critical and to advise of a new client update.
      • V2.1 (March 10, 2004): Frequently Asked Question "What is the scope of the vulnerability?" updated.
      • um..... you just showed us that he is right. read the second bullet again. "Bulletin updated to reflect on a revised severity rating"
      • Right! From the microsoft patch site:

        "In addition, Microsoft is making available an additional "client update" for customers on the Microsoft Download Center. This additional update does not contain new fixes or functionality, but is instead an additional offering of the update that provides an alternative for customers. More information on the client update is available in the Security Update Information section."

        They re-issued the bulletin to upgrade the security rating to "critical" due to new informa

  • Excuse me... (Score:5, Funny)

    by Quinn_Inuit ( 760445 ) <Quinn_Inuit.yahoo@com> on Thursday March 11, 2004 @08:04PM (#8537951)
    "The funny thing"? The funny thing? That's like walking out of a Monty Python show and saying, "Man, that one joke was really funny."

  • Anyone else notice... (Score:5, Informative)

    by ManxStef ( 469602 ) on Thursday March 11, 2004 @08:15PM (#8538015) Homepage

    ...the broken PGP signature on the e-mail update Microsoft sent round relating to this? (The original was fine.) Just seemed a bit sloppy from a company who's now supposed to be taking security so seriously is all...

    BTW The Register chastised MS for marking the original as only "important" [theregister.co.uk], looks like they were right on the money!

  • new method (Score:2, Interesting)

    by firstadopter.com ( 745257 )
    Microsoft needs a new method of installing these patches. How many us have spent HOURS a day installing and installing and rebooting and rebooting.

    • Re:new method (Score:4, Informative)

      by value_added ( 719364 ) on Thursday March 11, 2004 @09:29PM (#8538532)

      FWIW, you can use Microsoft's qchain utility [microsoft.com] that purportedly allows you to apply several patches a single reboot. Haven't tried it yet, as my hours are still being spent trying to figure out what patches I need on my systems. Seems that between the Windows update site, the HFNetChk commandline utility, and a handful of patch management programs I've been looking at, I'm getting a variety of results as to what's needed and what's been installed.

      If anybody has any favourite suggestions for managing this mess, I'm all ears.

      • Re:new method (Score:4, Informative)

        by agallagh42 ( 301559 ) on Friday March 12, 2004 @01:10AM (#8540122) Homepage
        Qchain is no longer required to install multiple patches with a single reboot. Qchain functionality has been included in all windows patches for a while now. Just hit "no" when it asks you to reboot, then reboot manually when you've installed them all. If you want to script it, there are command line switches for all the patches allowing silent installs with no reboot.

        Also, you should be using the new MBSA (Microsoft Baseline Security Analyser) [microsoft.com] instead of HFNetChk.

        Another great tool is SUS (Software Update Services) [microsoft.com]. It's basically in internal copy of Windows Update, where you can approve patches that you've tested, and the clients will then pull approved updates down automatically according the schedule you set. Set the schedule via AD group policy, by manually editing the registry, or with a logon script.

  • Everytime a story like this is posted.... (Score:5, Insightful)

    by gatkinso ( 15975 ) on Thursday March 11, 2004 @08:17PM (#8538028)
    ....I am tempted to check the kernel cvs source tree history.

    But why inject objectivity and reality into an otherwise excellent discussion?
    • The kernel source isn't stored in CVS.

      But why inject truth into an otherwise excellent troll?
      • Well you are right about that - my cvs-centricness pervades all rational thought.

        However my post was not a troll (any more than the orignal story is at any rate), and is sound even if the sources aren't in cvs... because when you look at the change logs http://www.kernel.org/pub/linux/kernel/v2.6/Chang e Log-2.6.4 and see BS like "fix build breakage" immediately after the same guy committed something that says "Fix compilation warning in bond_alb.c" well we can see just the type of developer is working on
        • Have you ever considered that code that builds on one system might not build on another? That this is especially likely in a kernel full of preprocessor conditionals for different hardware and different options? And since you're taking a shot at "Open Source land" and telling me to shove something up my ass, I stand by my assertion that your post was a troll.

  • Patch requires install CDs (Score:5, Interesting)

    by mmusson ( 753678 ) on Thursday March 11, 2004 @08:22PM (#8538067)
    I tried to install the first patch last night and found that I had to apply office SP2 first. Ok. So, I ran office SP2 and it required the install CDs.

    I travel extensively for work and I don't carry around all my install CDs for my laptop. So, I cannot even install the critical security patch because I cannot install office SP2.

    I think this is a problem when people that would want to install this 'critical' security patch are not able to. Why can't this patch be stand-alone (not require install CDs) like the ones available from the windows update site?

  • attention moderators (Score:4, Funny)

    by GunFodder ( 208805 ) on Thursday March 11, 2004 @08:23PM (#8538075)
    Please moderate this story as both "Redundant" and "Flamebait" (definitely not clever enough to be a "Troll"). What, we're not allowed to moderate stories? Sounds like Slashdot needs a patch...

  • Must have CD to install (Score:5, Informative)

    by ccnull ( 607939 ) <null@@@filmcritic...com> on Thursday March 11, 2004 @08:25PM (#8538085) Homepage
    How aggravating that many people won't install these service packs because Microsoft requires you have the original CD to install them.

    There is a workaround: Download the larger (the 58MB one with "fullfile" in the name) file on this page here [microsoft.com] and you can do the update without a CD.

    • Re:Must have CD to install (Score:5, Informative)

      by ccnull ( 607939 ) <null@@@filmcritic...com> on Thursday March 11, 2004 @08:48PM (#8538235) Homepage
      ... on second analysis, this method has now failed on 2 different machines -- both of which asked me for the CD despite being eligible for the CD-free patch per Microsoft's own rules. Use at your own risk, folks! (And apologies if I led anyone astray...)
      • Yep, this really annoys me. You are on the road in some godforsaken place but your link to the outside world is through your Win notebook. You really want to keep the patches up to date, especially Outlook ones. Do you really want to haul your original CDs everywhere with you?

        Luckily in that particlar case, I was able to buy and use a pirate CD ($2) so that I could update my fully licensed Office-Pro.

  • My copy of Office must not need the patch... (Score:4, Funny)

    by pdcryan ( 748847 ) on Thursday March 11, 2004 @08:25PM (#8538086) Homepage
    ...because when right click on the paperclip and ask it if there is a security problem... and he told me Word already had security features.

    Thank god!
  • I thought patches were only supposed to come out first tuesday of the month from now on, what happened?

  • Of course we could read the updated bulletin (Score:3, Informative)

    by TheRealSlimShady ( 253441 ) on Thursday March 11, 2004 @08:58PM (#8538312)
    Straight from the horses mouth [microsoft.com]:

    The update released with the original version of this security bulletin is effective in protecting from the vulnerability and users who have applied the update or have installed Office XP Service Pack 3 do not need to take additional action.(emphasis mine)

    In addition, Microsoft is making available an additional "client update" for customers on the Microsoft Download Center. This additional update does not contain new fixes or functionality, but is instead an additional offering of the update that provides an alternative for customers. More information on the client update is available in the Security Update Information section.


    So they didn't actually release a new update, just a new way of applying the update, and they increased the importance.

  • My question is... (Score:5, Funny)

    by Anonymous Coward on Thursday March 11, 2004 @09:00PM (#8538335)
    So does this patch require a restart? Because I'd hate to lose my 8 hours of uptime.

  • Not the first time? (Score:4, Informative)

    by loconet ( 415875 ) on Thursday March 11, 2004 @09:14PM (#8538439) Homepage
    correct me if I'm wrong but it seems like this is not the first time Microsoft is wasting customer's time:

    It seems like a patch for SP1 Internet explorer 6.0 (released released February 2, 2004 - KB832894) also broke functionality on [scotiabank.com] several websites in the form of displaying "HTTP 500 internal server error" messages for no reason. 5 days later they released [microsoft.com] a patch to fix the patch.

  • Slashdot is so biased (Score:3, Informative)

    by Anonymous Coward on Thursday March 11, 2004 @09:23PM (#8538495)
    "As a result, Microsoft has re-released this bulletin with a new severity rating of "critical" to reflect the expanded attack vector. The update released with the original version of this security bulletin is effective in protecting from the vulnerability and users who have applied the update or have installed Office XP Service Pack 3 do not need to take additional action. "

    " In addition, Microsoft is making available an additional "client update" for customers on the Microsoft Download Center. This additional update does not contain new fixes or functionality, but is instead an additional offering of the update that provides an alternative for customers. More information on the client update is available in the Security Update Information section."

    "AbdullahHaydar writes "From CRN: 'One day after releasing a fix for an Office XP flaw, Microsoft upgraded the severity of the vulnerability to critical and re-issued a new patch to address a new attack scenario discovered in the last 24 hours.' The funny thing is that the second bug they missed with the first fix is 'critical' whereas the original bug the fix was for is 'important.'"

    What a deliberate trick. Bias at its worst. Why don't people check their sources?

    Why can't we moderate news as Moronic or better yet moderate people as Stupid?

  • Good response time (Score:3, Insightful)

    by Gary Destruction ( 683101 ) * on Thursday March 11, 2004 @09:32PM (#8538549) Journal
    It shows that Microsoft is taking things more seriously. And maybe next time, maybe they'll catch more potential problems before they're discovered. If MS were to actually break itself up into smaller companies, it wouldn't have to worry about keep tabs on so much stuff. I know it won't do that, but I think it would be alot more efficient. When it comes to patches, Microsoft is like a giant. Someone hits it on the leg, so it has to look down and find the source of the attack and fix it. But at the same time, someone could be attacking it on the back and neck.

  • What Differentiates Linux from Windows (Score:3, Interesting)

    by jlrowe ( 69115 ) on Thursday March 11, 2004 @09:50PM (#8538688)
    It is odd that only moments after reading about 'What differentiates Linux from Windows' [linuxinsider.com], how the very design of Windows leads to problems making fixes for security things gone wrong, the story of this latest patch problem appears. It is verification of the story I just read, in perfect example.

    Synopsis:
    Microsoft reacts to marketing pressure to make design decisions favoring running a few processes faster but then finds itself forced first to layer in backward compatibility and then to engage in a patch-and-kludge upgrade process until the code becomes so bloated, slow and unreliable that wholesale replacement is again called for.

  • I grow weary... (Score:5, Funny)

    by Epistax ( 544591 ) <epistax@g[ ]l.com ['mai' in gap]> on Thursday March 11, 2004 @10:08PM (#8538853) Journal
    of these threatening severity levels. I will install no patch less severe than "orgasmic" or possiblity "chocolicious".

  • New Service Pack (Score:4, Funny)

    by CycoChuck ( 102607 ) on Thursday March 11, 2004 @10:48PM (#8539115) Journal
    I heard that MS is releasing a new SP for Office that would fix all the problems. They're calling it OpenOffice. The new Windows SP, code named Linux, is suppose to be released soon as well.

  • Nice headline (Score:3, Funny)

    by Anonymous Coward on Thursday March 11, 2004 @10:55PM (#8539169)

    My first thought was, "Damn, that would be a tremendous patch."

  • Download? (Score:3, Interesting)

    by utlemming ( 654269 ) on Thursday March 11, 2004 @11:31PM (#8539401) Homepage
    And the big problem of the day is that you cannot download the file, because, well Microsoft is having problems with their website. Go figure. I mean, they say that the file is a critical upgrade, and then it is inaccessable. You would think that for the $300-$800 people pay for Office, they would at least have the bandwidth to get critical patches.

    • Re:Download? (Score:3, Interesting)

      by utlemming ( 654269 )
      Just another update -- they removed the link, as of 8:32MST, from the download page. The link is here [microsoft.com]. Which is rather interesting. Too much demand or did they find another bug?
  • Windows XP Service Pack 2 Update 4 Patch 7.3!

  • What Else is a Patch For? (Score:3, Funny)

    by handy_vandal ( 606174 ) on Friday March 12, 2004 @12:09AM (#8539653) Homepage Journal
    Microsoft Rereleases Patch to Fix Problems

    Well, that's a relief -- could be worse -- imagine a headline that reads "Microsoft Rereleases Patch to Cause Problems" ....

    -kgj
  • the second patch was critical? whaddya bet it fixed a new, more serious hole introduced by the first patch? :P

  • The timeline of the vulnerability [idefense.com] tells us that Microsoft was informed November 12, 2003. Now, they got 4 months to find a patch and release their security bulletin. Couldn't they find out that it was more critical in the 24*30*4 hours before?

    From MS04-009 [microsoft.com]:
    Reason for Major Revision
    Subsequent to the release of this bulletin, it was determined that this vulnerability could also affect users who do not have the "Outlook Today" folder home page as their default home page in Outlook 2002. As a result, Micro

Slashdot Top Deals

Math is like love -- a simple idea but it can get complicated. -- R. Drabek

Close