Critical Security Updates Coming To Windows XP, 8, RT & Server

SmartAboutThings writes "On the upcoming Patch Tuesday on July 9, Microsoft is going to bring some notable security updates, that will mostly deal with fixing issues in remote code execution vulnerabilities, which allow attackers to breach in. The security updates will be applied to all Windows versions Microsoft is still supporting (from XP to Windows 8.1)"

Re:Why?

[jellomizer]

OSS groups release security fixes, they are applauded for caring about people's safety and security.
Microsoft releases security fixes, they are appaled that they would let such a problem exist.

So...

[SCPRedMage]

...it's a normal Patch Tuesday? How the hell is this news?

Re:Why?

[Anonymous Coward]

Yes, because OSS groups are entirely volunteer effort, basically by the users for the users.
Microsoft is a paid product, if you buy it, you expect it to work as advertised, any flaw you stumble upon is money you got cheated of.

I'm still waiting to see a Linux distro that works and is advertised as "Android for Desktop".

Day 16 in Linux Mint

[SuperCharlie]

While I know it wont make me invisible, I voted with my OS and have taken the Linux plunge. I am quite happy and comfortable in Mint. I have found all the tools I need and if nothing else, maybe it will take a few more cycles to keep me under the NSA thumb.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:their patches can no longer be trusted

[Anachragnome]

"All joking aside, can any of us trust their patches now that it has been comfirmed that Microsoft is effectively a branch of the NSA?"

All joking aside. Excellent idea.

How many of you folks are squirming right now, wondering if any of your code managed to end up inadvertently being used in the Prism program? How many of you are wondering how this will impact your job? How many of you are wondering what you might have said in the past, things that you are afraid might be exposed by this? How many Microsoft employees are now worrying about their social life, now that everyone knows Microsoft is neck-deep in NSA spying? Will they be ostracized? What about Google employees? Might they become targets for recriminations? Have you been hiding your affiliations with implicated companies? Will that one friend you confided in turn on you, out you to others that they know will shun you as a result? How much more do we NOT know about? What will the next leaked document reveal? How many of you even care (or dare to care openly)?

See where I am going with this?

Fear. I see it between the lines in forum posts (not just here on Slashdot), I see it in the public pronouncements from public officials around the world, I see it amongst the world's journalists (some fear not the personal costs, but the costs to the entire idea of journalism). I see it coming from the NSA themselves.

This is East Germany, all over again--the NSA literally has us spying on each other, inadvertently or not. Secrecy=Fear=the need for secrecy. Both sides of the equation are feeling it. Did you just hesitate before you sent that email? Have you resigned yourself to the fact that privacy is now dead? Do you fear the repercussions of standing up for your rights?

Do you fear doing nothing?

Re:their patches can no longer be trusted

[mysidia]

All joking aside, can any of us trust their patches now that it has been comfirmed that Microsoft is effectively a branch of the NSA?

No you cannot; HOWEVER, you can trust not patching even less. Because Microsoft have been known to share vulnerabilities with the NSA, before they even share the fact of their existence to the public.

The NSA has loads of cash available, and all the research and engineering resources required to work on developing reported vulnerabilities into exploits, to add to "surveillance malware deployment packages".

Uptime isn't important, lack of downtime is

[dutchwhizzman]

.How long your computer hasn't rebooted isn't the important bit. What is important, that it will be available when you need it to be and that it won't reboot or crash without your explicit permission. Even though I have set my permissions such that MicroSoft should never ever update without my consent, let alone reboot my machines, it has happened on several occasions that they pushed an update without prior warning and rebooted XP computers.

On any critical infrastructure I'd want to have total control over when something happens and what happens then. Some vendor autonomously deciding to reboot my heart/lung controller during a heart transplant will not do. The same applies to (air) traffic control (ILS in San Francisco anyone?), hight voltage control, nuclear power plants and whatnot. Hell, I don't even want them to reboot my music player if I'm listening to it.

I don't mind having to do regular scheduled maintenance in maintenance windows if I know in advance, during the design phase of the platform. That way, I can decide which exact OS will be the most useful and beneficial for the exact purpose I intend it to have. Any rogue OS that decides to reboot "on it's own" will never ever get a place in any important infrastructure I have, no matter how long uptime some dude on a forum achieves on it.

Any down time outside of service windows is a major issue, regular windows are not only a minor nuisance compared to an incident during production hours, they are also "job security" if you look at it. I don't care how long uptime you get. I just don't want any downtime for myself.