Forgot your password?
typodupeerror
Microsoft Security

Critical Security Updates Coming To Windows XP, 8, RT & Server 289

Posted by samzenpus
from the protect-ya-neck dept.
SmartAboutThings writes "On the upcoming Patch Tuesday on July 9, Microsoft is going to bring some notable security updates, that will mostly deal with fixing issues in remote code execution vulnerabilities, which allow attackers to breach in. The security updates will be applied to all Windows versions Microsoft is still supporting (from XP to Windows 8.1)"
This discussion has been archived. No new comments can be posted.

Critical Security Updates Coming To Windows XP, 8, RT & Server

Comments Filter:
  • Why? (Score:5, Funny)

    by Corona Extra (2975551) on Sunday July 07, 2013 @02:57PM (#44211111)
    I haven't noticed any security problems with Windows. Why do they release this?
    • Re: (Score:3, Insightful)

      by jellomizer (103300)

      OSS groups release security fixes, they are applauded for caring about people's safety and security.
      Microsoft releases security fixes, they are appaled that they would let such a problem exist.

      • Re: (Score:2, Interesting)

        by Anonymous Coward

        I believe that does happen, yes. But you seem to be replying to a post that denies there being a problem in the first place.

      • Re: (Score:2, Insightful)

        by Anonymous Coward

        Yes, because OSS groups are entirely volunteer effort, basically by the users for the users.
        Microsoft is a paid product, if you buy it, you expect it to work as advertised, any flaw you stumble upon is money you got cheated of.

        I'm still waiting to see a Linux distro that works and is advertised as "Android for Desktop".

        • Re: (Score:3, Insightful)

          by hairyfeet (841228)

          In case you ain't figured it out so far Windows has always run on the "Star Trek Rule" with the first in a transition being shit followed by the next being decent, at least on the home front (personally I found both NT 4 and Win2K to be pretty solid) such as Win95 crap, Win98 great, WinME crap, WinXP great, Vista crap,Win 7 great, and so on.

          But the advantage you get with Windows, that really makes a difference if you are using the PC for work and which you just don't get with Linux, is the ability to comple

          • by ttucker (2884057)

            [...] like the mess that was Pulse Audio or the shit that was early KDE 4 and Gnome 3? Too bad, fuck you, you update or its shit time for you.

            I tried Gnome 3 and it was shit time for me.

            • by ulatekh (775985)
              The difference is, you have a choice! Don't like Gnome 3? (Me either.) There are a plethora of other desktop managers out there. I'm using XFCE right now. MS Windows doesn't give you a choice.
          • Re:Why? (Score:5, Informative)

            by devent (1627873) on Sunday July 07, 2013 @04:53PM (#44211847) Homepage

            Sorry that is just not true.

            First, the kernel developers have a strict policy for not breaking API or ABI with applications.
            See for example: Linus Chews Up Kernel Maintainer For Introducing Userspace Bug [slashdot.org] "Userspace" means applications.
            Secondly, the developers of low level stuff like GUI toolkids (Qt, KDE, GDK+, PluseAudio, etc) are also very strict about breaking compatibility.

            On the plus side, Linux don't costs you anything. It's not like you have to pay 80 or 100 Euro to update from Debian Lenny to Debian Squeeze. When Debian Squeeze was finished you just download it and update your system. Costs you maybe half a hour time.

          • Unfortunately Hairy I tried Windows 8.1 yesterday. The UI is even worse than 8.0!

            I really did try not to be an old man afraid of change and an elistist as I would lvoe applets on my phone and PC all working together in Harmony in HTML 5 glory.

            Now it only scrolls left to right making up and down useless on my mouse and while the start button helps clueless users I kept having to hit it. IE 11 disapointed me and misrendered and wouldn't work on many websites. WTF this is 2013 not 2003! As someone who wants to

          • by sjames (1099)

            Debian routinely maintains security patches for oldstable. Ubuntu has it's LTS releases. Centos releases stick around for quite a while. Not bad for something you can install for free. If you'd rather pay the distro provider for support, there's RHEL. There doesn't seem to be much interest in going back further since the upgrades are free and tend not to fail on older machines. If you need to keep an old release around, I'll bet you could pay for that and get it.

            I don't like Gnome 3, so I don't use it. Ther

            • by hairyfeet (841228)

              Uhhh I take it you missed the memo where Ubuntu said they are going rolling release across the board [zdnet.com] so there IS NO LTS, there is just unstable and slightly LESS unstable. Second of all debian is primarily a server OS, that is where the money is spent. Finally that misses the big fucking GOTCHA when it comes to old kernels which is "Won't run shit" when it comes to new software because of the royally fucked up way software will require kernel Y and depend on framework Z and you have kernel R and framework W

          • Re:Why? (Score:5, Informative)

            by the_B0fh (208483) on Sunday July 07, 2013 @05:16PM (#44211973) Homepage

            So to me THAT right there is one of the big differences that takes Linux out of the running (well that and the piss poor driver model, but that is another rant) because if you don't stay pretty God damned close to the bleeding edge with most mainstream Linux? You are FUCKED with a capital F. You try skipping releases and suddenly the latest software won't run because it requires kernel X+3 and you have kernel X, it makes it a royal PITA and means that even if the devs go some way you don't want to go, like the mess that was Pulse Audio or the shit that was early KDE 4 and Gnome 3? Too bad, fuck you, you update or its shit time for you.

            You really based your arguments on what you read on blogs rather than personal experience? Plenty of people still run kernel 2.2 which is about 15 years old now, or 2.4 which is about 10 years old now. And if you run something like debian, it's as simple as "apt-get distupgrade" and editing a few config files.

            Or... you know, just not upgrade.

            Seriously. Get over it.

          • You try skipping releases and suddenly the latest software won't run because it requires kernel X+3 and you have kernel X, it makes it a royal PITA

            But there's one big difference. Unlike new major versions of Windows, new versions of Linux, glibc, etc. are available without charge. I didn't have to pay a dime to upgrade Ubuntu from 8.04 through 12.04, apart from the Internet access that I was paying for anyway.

            and even if the devs go some way you don't want to go, like the mess that was Pulse Audio or the shit that was early KDE 4 and Gnome 3? Too bad, fuck you

            No, fuck Unity. After I failed to get the hang of the Un(usabil)ity that is 11.10's default GUI, I installed Xfce (sudo apt-get install xubuntu-desktop) and was able to make it mine again.

          • You've been lucky then as I've had Realtek drivers shit all over themselves in XP/Vista and Win7 and don't forget the Nvidia debacle. It took them almost a full year after Vista was released before they got stable drivers for the fucking video card. Can't use a computer when the fucking video crashes on you and gaming? Forget it. Fastest way to crash the whole fucking system and have to reinstall. Even Intel has screwed up their drivers (security flaws - remote exploits) causing BSOD's the forced a reinsta

            • by hairyfeet (841228)

              Built hundreds of systems, supported even more, never seen that happen with Realtek, hell never saw anything more than their stupid "HD Deck" app not run with Via, only problem I've seen on sound is some of the old Sigmatels are badly supported but that is Sigmatel, they have ALWAYS had piss poor support when it comes to their stuff.

              As for Nvidia I take it you missed the behind the scenes drama? Since you did I'll fill you in, less than 4 months before the Vista RTM was to happen MSFT basically gutted a goo

          • by armanox (826486)

            I've had Windows drivers die on update - the best one that comes to mind for me was my Toshiba laptop (2006). Had WiFi issues with XP SP3 when that came out, and WiFi, GPU and Power Managment really hit the fan in Vista for a short while, and then again in Windows 7 (wouldn't work with the Vista drivers, due to some issue with Toshiba's installers. Had to go through some hoops to get everything working).

            For long term stability in Linux, I'm using RHEL. RHEL 5 still supports the software I need it to run,

          • by McGruber (1417641)

            Oh and in all my years I have NEVER seen Windows shit all over one of my drivers with an update

            I have an indestructable LaserJet 4 that runs fine under XP and the latest version of my preferred linux distribution. That same printer will not work with Windows 7 or 8 because there is no compatible driver for it.

        • I'm still waiting to see a Linux distro that works and is advertised as "Android for Desktop".

          If you see it, you won't see it for long*. [android.com] ;-)

          * Though admittedly longer if you use Bing ;-)

      • I'm not concerned that they are releasing updates, my concern is with how long it takes before they acknowledge a bug and release a fix. With OSS, the fix is released ASAP (at least that's the theory), with proprietary software... Well, here's a car analogy that might help [imdb.com]:

        "A new car built by my company leaves somewhere traveling at 60 mph. The rear differential locks up. The car crashes and burns with everyone trapped inside. Now, should we initiate a recall? Take the number of vehicles in the field, A,

      • Personally, I run a Linux-only household. If I want, I can check every day for updates and install any that have been accepted since the last time I checked. If there's an important security update, I can get it as soon as it's ready. If I were running Windows, I'd have to wait until the next Patch Tuesday and hope that the black hats don't ream me out too badly before the patch is released. And, since the patch might be ready one day after a Patch Tuesday, that means that all Windows users might have t
      • by mysidia (191772)

        OSS groups release security fixes, they are applauded for caring about people's safety and security. Microsoft releases security fixes, they are appaled that they would let such a problem exist.

        They often engage the community in totally different ways. The OSS groups often disclose vulnerabilities, workarounds, and print advisories very early --- they are honest and alert about the threat early.

        Closed source OS vendors avoid publishing anything until they have a fix.

        Closed source OS vendors have

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      Probably just the zero day vunerabilities that NSA are using, would be such a bitch if Snowden would choose to publish them

      Information thats been set free is useful, isn't it ?

  •   If so, I guess this is one of the downsides.

  • by gmuslera (3436) on Sunday July 07, 2013 @03:05PM (#44211161) Homepage Journal
    A lot of systems that had to be compromised by the NSA and associates [techweekeurope.co.uk] before this patch could finally be released.
  • So... (Score:5, Insightful)

    by SCPRedMage (838040) on Sunday July 07, 2013 @03:09PM (#44211197)
    ...it's a normal Patch Tuesday? How the hell is this news?
    • Was thinking the same.
    • by iggymanz (596061)

      windows slashdot users were feeling left out with all the stories of linux kernel minor version releases and linus' random brain farts in forums.

      • It's still sad that there is actually a lot of cool stuff (Azure, Visual Studio, PowerShell...) happening in the Windows world too, but it never shows up here due to the heavy OSS slant. I'm more of a platform-agnostic myself.
        • Liar :) (Score:2, Informative)

          by tuppe666 (904118)

          I'm more of a platform-agnostic myself.

          No your not your consistently anti-oss and there is nothing wrong with that, hell whatever floats your boat, but platform-agnostic you are not.

          • I do not oppose OSS in any way but you are correct that usually it just isn't that important for me that the source code is available. I will use the software which makes the computer most enjoyable to use.
    • by danomac (1032160)

      Microsoft patches flaws on regularly scheduled patch day. News at 11.

  • A request... (Score:5, Interesting)

    by Anachragnome (1008495) on Sunday July 07, 2013 @03:15PM (#44211237)

    I do not have the ability to do so, but could someone that is able to do so please make a close comparison before/after changes?

    They might be trying to cover their tracks in terms NSA backdoors--hide the evidence to minimize the coverage--and the changes they make with updates might shed some light on those backdoors.

  • by SuperCharlie (1068072) on Sunday July 07, 2013 @03:57PM (#44211511)
    While I know it wont make me invisible, I voted with my OS and have taken the Linux plunge. I am quite happy and comfortable in Mint. I have found all the tools I need and if nothing else, maybe it will take a few more cycles to keep me under the NSA thumb.
    • Try to make it so your screen wont blank using GUI tools.....go on, ill wait. Simple shit like that is what prevents me from using Linux as a desktop. The control panel is missing well over 50 elements compared to win or mac.
      • by devent (1627873)

        > Try to make it so your screen wont blank using GUI tools

        What that even suppose to mean?

        > The control panel is missing well over 50 elements compared to win or mac.

        Like what?

        PS: I'm a full time Linux user, Fedora with KDE4.

        • I cant prevent Mint or Ubuntu from blanking the screen (shutting off the monitor) using the GUI. It requires several commands at the CLI for several programs and still doesn't work right. There is no way to change the behavior of the power button in GUI as well. These are just the roadblocks I ran into recently.
          • by 0123456 (636235)

            I cant prevent Mint or Ubuntu from blanking the screen (shutting off the monitor) using the GUI. It requires several commands at the CLI for several programs and still doesn't work right.

            How very odd. I just went to System/Preferences/Power Management and the monitor setting is right there.

            • by Nerdfest (867930)

              In Gnome 2 there were several widgets like Caffeine that would also let you disable it via the tool bar. Not sure if there's anything available since the unity/Gnome3 insanity.

            • Yes, now actually engage it and see if it works.
      • its pretty simple to do in linux mint.
        ps: i'm assuming you meant set the 'turn off display time' to 'never'

    • by JDG1980 (2438906)

      How is Wine compatibility on newer versions of MS Office, Adobe Photoshop, and Lightroom these days? It's been a couple months since I checked, but last time I looked it was pretty lackluster.

  • ...but if you're running Vista or 7, you're on your own. At least, according to Slashdot's headline...

  • This is news? (Score:5, Interesting)

    by JDG1980 (2438906) on Sunday July 07, 2013 @04:38PM (#44211757)

    Doesn't Microsoft patch these kind of security holes every Patch Tuesday? How is this one special?

  • by 0111 1110 (518466) on Sunday July 07, 2013 @04:57PM (#44211873)

    All joking aside, can any of us trust their patches now that it has been comfirmed that Microsoft is effectively a branch of the NSA? What percentage of these updates were sponsored and ordered by the NSA? Are only 30% of the changes for the benefit of the NSA? 70%? There is no way to know.

    • by Anachragnome (1008495) on Sunday July 07, 2013 @05:52PM (#44212153)

      "All joking aside, can any of us trust their patches now that it has been comfirmed that Microsoft is effectively a branch of the NSA?"

      All joking aside. Excellent idea.

      How many of you folks are squirming right now, wondering if any of your code managed to end up inadvertently being used in the Prism program? How many of you are wondering how this will impact your job? How many of you are wondering what you might have said in the past, things that you are afraid might be exposed by this? How many Microsoft employees are now worrying about their social life, now that everyone knows Microsoft is neck-deep in NSA spying? Will they be ostracized? What about Google employees? Might they become targets for recriminations? Have you been hiding your affiliations with implicated companies? Will that one friend you confided in turn on you, out you to others that they know will shun you as a result? How much more do we NOT know about? What will the next leaked document reveal? How many of you even care (or dare to care openly)?

      See where I am going with this?

      Fear. I see it between the lines in forum posts (not just here on Slashdot), I see it in the public pronouncements from public officials around the world, I see it amongst the world's journalists (some fear not the personal costs, but the costs to the entire idea of journalism). I see it coming from the NSA themselves.

      This is East Germany, all over again--the NSA literally has us spying on each other, inadvertently or not. Secrecy=Fear=the need for secrecy. Both sides of the equation are feeling it. Did you just hesitate before you sent that email? Have you resigned yourself to the fact that privacy is now dead? Do you fear the repercussions of standing up for your rights?

      Do you fear doing nothing?

    • by mysidia (191772) on Sunday July 07, 2013 @06:44PM (#44212417)

      All joking aside, can any of us trust their patches now that it has been comfirmed that Microsoft is effectively a branch of the NSA?

      No you cannot; HOWEVER, you can trust not patching even less. Because Microsoft have been known to share vulnerabilities with the NSA, before they even share the fact of their existence to the public.

      The NSA has loads of cash available, and all the research and engineering resources required to work on developing reported vulnerabilities into exploits, to add to "surveillance malware deployment packages".

    • 30% - 70% Windows patches might be NSA directed? Well, Heaven knows Windows has no legitimate bugs to fix [theverge.com] . But that does help me understand something. I've been puzzled by your sig for some time since I can't say I know anyone that actually lives in fear. Now it is clearer. You probably bitch when Microsoft doesn't fix something, but are too terrified to use it when they do. That explains a lot. Especially if you aren't applying patches and get pwned.

      Your views are simple: It's all a plot. Windows

      • by 0111 1110 (518466)

        You could have just googled my sig. Have you never watched Blade Runner? If you live in the US you are a slave for at least a third of your life, and if you are not afraid of the power of the regime it is either because you are part of the repression machine or are just ignorant and whistling in the dark.

        As for responding to the post you mention. I did read it. I'm still not convinced that you have mind reading abiliities. And I am well aware that Stalin was not a nice guy and that the USSR was not a nice p

    • by AHuxley (892839)
      Laws and requirements like the The Communications Assistance for Law Enforcement Act (CALEA) gave the USA all the hardware and software help they needed.
      What any domestic US agency can get, any other US agency can get.
      All the fear of encryption exports seemed to stop and the US tech press got lost in nice new toys.
      Now we know why, the change over from setting encryption standards to just having a legal entry into domestic and export hardware and software.
      Its never the patches, it was always the OS.
  • There's something seriously wrong with the present-day computing that such vulnerabilities are continually being discovered. The only solution being an endless patch cycle. Why isn't it possible to make a compiler that produces enduser safe software?
    • by mysidia (191772)

      There's something seriously wrong with the present-day computing that such vulnerabilities are continually being discovered.

      It's not very surprising. It takes less than a minute of programming to accidentally make a mistake --- millions of vulnerabilities can be crafted in an hour by pure accident, or by incompetence.

      It takes months or years to discover the vulnerabilities, and longer to prove to people's satisfaction, that yes, they are indeed exploitable.

      As long as such disparity exists;

    • by smash (1351)

      Because memory management in a muli-tasking, multi-threaded operating system and associated support libraries is hard, and end users are not willing to pay for the additional development time. Free software writers are mostly not willing to spend the development time on the boring security stuff either (the OpenBSD team being a notable exception, and even they are only human).

      It's simply human nature to solve a problem (i.e., get an application or OS to "work") and then move onto the next problem. Very

    • by WD (96061)

      You're implying that the problems are in the compiler, which clearly indicates your lack of knowledge of software and vulnerabilities.

      • by dgharmon (2564621)
        You're implying that the problems are in the compiler, which clearly indicates your lack of knowledge of software and vulnerabilities.

        Stack exploits, heap exploits and buffer overflows are clearly defects in the software, exploitable by defects in the memory management unit. If you know different then please do enlighten us with your knowledge.
    • by ulatekh (775985)
      It's not the compiler, it's the programmers. Most programmers are Mort [codinghorror.com], unfortunately. Personally, I consider security in all of the code I write, but when I try to recommend that course of action to my fellow programmers, I mostly just get sullen glares.

      For commercial software, there's the additional problem that 70% of employees are not actively engaged [gallup.com] in their work.

  • Remember Google recently added Malware to Google transparency report [google.com] Take a look at the major uptick in malware warnings in 2013..... perhaps a sign that more and more popular destinations are getting compromised and actually leveraging remote code execution exploits, or other trickery, that may be among that covered in the patches.

    There's this thing called Patch Tuesday; first Tuesday every month. There are almost always plenty of remote security vulns, with patches. If there aren't -- then t

    • Correction: Patch Tuesday is the 2nd Tuesday of every month, not the first. As a sysadmin, it's in my Outlook calendar as a reoccurring scheduled event.

  • by smash (1351)
    ... patch tuesday is news now? If this was an out-of-band, critical update then maybe this would be newsworthy. What next? News items for every time Adobe release a flash security update?

If money can't buy happiness, I guess you'll just have to rent it.

Working...