Microsoft Flubs Patch, Putting Users At Risk

An anonymous reader writes "Microsoft is rushing to fix a flaw introduced by the company's latest security update to Internet Explorer. From the article: 'The flaw, initially thought to only crash Internet Explorer, actually allows an attacker to run code on computers running Windows 2000 and Windows XP Service Pack 1 that have applied the August cumulative update to Internet Explorer 6 Service Pack 1, security firm eEye Digital Security asserted. The update, released on August 8, fixed eight security holes but also introduced a bug of its own, according to Marc Maiffret, chief hacking officer for the security firm, which notified Microsoft last week that the issue is exploitable.'"

When are we going to move these off the front page

[hcob$]

the MS has a security hole post has now become, trite, cliche, and dare I say it.... (-1, Redundant)

Why This is Different

[Aqua_boy17]

Yes, but this is a hole created by a patch to fix a hole. On the whole, different and somewhat amusing. Or it would be amusing if I didn't have to administer Windows systems. :P

Re:Why This is Different

[just_another_sean]

Or it would be amusing if I didn't have to administer Windows systems. :P

And that is exactly why I like to see it on the front page of /.

Of course I don't rely on /. alone for security news but as an Admin supporting MS products news like this does matter to me. The more sources of info I can get on problems with software the better. And being the /. junkie I am it is likely I may just get info on new flaws here first! :-)

Re:

[dw604]

Preparations A through G were absolute failures. On the whole, Preparation H is a good plan.

Re:

[thePowerOfGrayskull]

What ninny modded this "flamebait"? I'll admit, it doesn't deserve "funny"... b ut it's no more flamebait than parent.

Not Really So Different

[ackthpt]

Yes, but this is a hole created by a patch to fix a hole. On the whole, different and somewhat amusing. Or it would be amusing if I didn't have to administer Windows systems. :P

Actually this really isn't unique. There have been a few of these in the past. And only after some noticed this was happening, who knows how often it happened before people took notice of the fix busting other code than that fixed.

I used to admin a mainframe and keep up on patches rigorously, as we had any number of weasels in

Re:

[RareButSeriousSideEf]

Amusing & sad is about right. I don't know about you or your group, but a few years ago my meetings would include a time to run down a list of recent Windows Updates and quickly ask if anyone knew of a reason why one shouldn't be released to the domain at large.

After some hard-learned lessons, Windows Update is now disabled throughout the organization. The meetings include a time to ask if any recent patches are so critical that we need to risk installing them. If so, each patch gets its own stability e

same here, but more so

[RMH101]

if you're working on qualified systems (e.g. ones bound by GxP, FDA, etc) then you need to have documented and tested your systems right down the LRF* level. Any changes, including patches, need to be fully assessed for potential scope, validated, tested formally, documented and applied under strict change control. The constant stream of patches from Redmond makes this an enormous overhead for organisations like ours.

*Little Rubber Feet

Re:When are we going to move these off the front p

[eln]

Sure, exploits in Windows are nothing new, but when the exploit is introduced as a result of Microsoft trying to fix OTHER exploits, it's not only new(ish), but also funny. Maybe not pants-wettingly hilarious (but perhaps pants-wettingly frightening if you're a Windows user), but funny nonetheless.

Come on, it's like rai-i-ain on your wedding day

[spun]

You know, like goldy or coppery, only with iron. Microsoft is the John Holmes of security. Sure, they'll "patch your hole," but that's just gonna make your hole bigger.

Re:Come on, it's like rai-i-ain on your wedding da

[Lord Prox]

What? No goatse.cx link?! goatse needs a new caption: "Microsoft Customer."

Oh... wait. THATS ME

What if Band-Aid ran their business this way?

[krell]

What if Band-Aid ran their business this way?

"Oh, never mind that our latest shipment of bandages had sharp rusty jagged bits of razor blades embedded in the cloth".

Or office building sprinkler systems?

"We at Paragon Office Protection Systems do not think it is anything to get upset about that our sprinkler system sprayed gasoline instead of water on that paper-room fire last week."

Re:

[Jim_Callahan]

Well, it only affects SP1, according to the summary, so fully updating your software fixes it. I would tend to call that a nonissue, but whatever.

Re:So, does this mean...

[Linker3000]

No, Microsoft will start a new initiative called the Genuine Double Patch Advantage (GDPA)

Re:

[quantum bit]

I thought they were going to call it the Double Virus Defense Advantage (DVDA)

Re:

[hcob$]

I thought they were going to call it the Double Virus Defense Advantage (DVDA)

FEAR the Hampster Style...

**Meww**

And of course:
"Now you're a MAN! An m.a.n. MAN!"

Last but not least:
ChodeBoy: "JESUS!"
Orgasmo: "WHERE?!?!"

no need to worry.

[krell]

As long as, over the course of a year, the number of security holes plugged by the patches manages to outnumber the number of security holes introduced by these same patches, we're in real good shape right?

Clearly, the fix is

[Weaselmancer]

...to switch to Vista. [microsoft.com] That way, this sort of thing will never happen again. You betcha.

wtf?

[User 956]

The update, released on August 8, fixed eight security holes but also introduced a bug of its own, according to Marc Maiffret, chief hacking officer for the security firm, which notified Microsoft last week that the issue is exploitable.

Chief Hacking Officer? I wasn't aware companies had those these days.

Re:

[ahsile]

lol. awesome title.

Re:

[Rob T Firefly]

Hah! I'd love that on a shiny nameplate outside my office.

Re:

[voice_of_all_reason]

The high ground gives him +5 agility

Re:

[MillionthMonkey]

I would guess they must have twenty-five or fifty hackers, and the chief hacking officer has his own office- special, with glass. You know, like they have in the movies- guys coming in all the time with research projects that they're doing, getting his advice, and rushing off to do more hacking, people coming in and out all the time.

Re:

[Randseed]

Yeah, I envision it as a regular CTU. Where's Jack Bauer when you need him, tho?

Re:

[voice_of_all_reason]

I decided then that I must eventually get a job with a glass office where the walls can be made opaque with a click of a button.

The natural correllary to that invention, of course, would be that a suitably intelligent prankster could eventually un-opaque your walls, likely at the most inopportune moment.

Re:

[sam i am]

You're under arrect for hacking into the top secret CIA computers!

Wait, check out my business card, that is my job!

Hmmm, "Chief Hacking Officer". Ok then, carry on.

Re:wtf?

[99BottlesOfBeerInMyF]

Chief Hacking Officer? I wasn't aware companies had those these days.

This is what happens when employees pick their own titles. I used to work with the "grand poobah of software development" at a former company. It was on his business cards. An IBM guy snorted soda through his nose when he read it.

Re:

[Miniluv]

A colleague of mine is Conquistador of QA. He has elicited similar responses from vendors.

I have a Sr Jr System Admin on my team, as HR refused to allow me to title him Jr SysAdmin but he's not experienced enough to warrant an unprefixed System Admin. I told him to just put SysAdmin on his resume though if he decides to look for a job before we change his title.

Re:

[Pollardito]

i hear they have an opening for a Chief Hacker's Understudy Developer

Closed source strikes again

[MarkByers]

Haha! This sort of thing would never happen if you used Ubuntu [ubuntuforums.org]!

Re:Closed source strikes again

[baadger]

The difference is the Ubuntu slip up was fixed within hours, the Microsoft slip up ..is still counting...

Re:

[giorgosts]

yeah but if your sole computer in the house was ubuntu, no dual-boot, or if you were not a command-line wizzard, you wouldn't find the solution. In xp there is system restore. In ubuntu you have to boot a liveCD and wait for an (unsupported) fix (downgrade actually) by the ubuntu community over the internet.

Re:

[baadger]

See this blog post [tieguy.org] for what I assume is the same issue and hence that this was fixed :

"To ubuntu's credit, there was an update in apt within a few minutes of when I got to class, so I was able to fix it by apt-get'ing again."

I don't use Ubuntu but i'm sure the several hour fix assumption isn't too far off

Re:

[Keith Russell]

You know, we've had three "patch regression" stories this month. Before the Ubuntu and Windows stories at hand, Mozilla had to turn around a quick point release [mozillazine.org] for Firefox, to fix a regression that blocked the MMS protocol.

Despite everybody's best efforts and practices, sometimes a regression bug reaches production. And while the grandparent comment was a bit snarky about it, I would hope that whoever down-modded that comment did so to rebuke the tone, not to deny or supress the underlying issue.

Re:

[MarkByers]

It was already stated above. Linux fixes, in general, are fixed within hours.

Tell that to the users that got stuck at a command line with no way of knowing how to use apt-get to get the fixes.

At least this update error from Microsoft didn't leave the computer in an unusable state. Luckily most Ubuntu users are knowledgable enough to be able to use Lynx (or dual-boot Windows) to read the forums to get the fix.

Re:

[Mad Merlin]

At least this update error from Microsoft didn't leave the computer in an unusable state.

Except that pretty much by definition, a computer running Windows is in an unusable state.

Re:

[makomk]

Any *true* Gentoo user (especially one running unstable, where it happens much more often) would know that every so often, "emerge -uD world" refuses to run due to package conflicts, and you have to manually unmerge, remerge, downgrade and/or upgrade the right package(s) (in the right order) to get it working again...

will it cause problems?

[joe 155]

whilst this is no doubt a bit of a "d'oh" moment for MS I doubt it will be a serious problem for anyone. * For this to have any affect on you you need to have SP1 but have the latest update of security for IE 6, surely if anyone updated regularly and applied security updates they'd be using SP2 anyway...

*If I'm wrong correct me, not being a windows user it's hard to remember what service pack is current

Re:will it cause problems?

[baadger]

Not necessarily, my aunt is on dialup and until recently she'd been patching herself up on SP1 because downloading a 290MB service pack just wasn't feasible. The monthly updates themselves can sometimes be big of a download.

I recently did a full reinstall of her system (at my place on cable) from a MS cd (managing to maintain her OEM activation), SP2, Firefox, Opera and IE7-beta3 and she's been good for ages now.

The annoying thing is, even on dialup with sparse on-off connectivity and surfing it's remarkeably easy to get infected. Don't underestimate the number of people who *CAN'T* keep upto date.

Re:

[Volante3192]

You can get an SP2 CD from MS through the mail at no charge. (Looks like they have possibly added in S&H, I didn't want to go through the entire procedure, I think even that was free before though. It's been a while).

Re:

[Abcd1234]

You can get an SP2 CD from MS through the mail at no charge.

And how many people know this service exists? Or know to update at all? Heck, automatic updates exist for Windows specifically *because* people don't know enough to update...

Re:

[westlake]

Not necessarily, my aunt is on dialup and until recently she'd been patching herself up on SP1 because downloading a 290MB service pack just wasn't feasible

At the risk of sounding redundant:

1 The 300 MB download is for system administrators and others who need the SP in all possible configurations.

2 Windows Update downloads all necessary components in the background. This shouldn't be a problem even over a dial-up connection.

3 Service Packs are available on CD, for a nominal S&H charge.

Lemme splain

[charleste]

There a users who get terribly confused with multiple windows of a browser, so they use multiple browsers to keep track of their multi-tasking. I, however, have 7 different browsers on my work computer: it's part of my job to ensure the stuff I work on at least functions.

Re:

[baadger]

and why would that be a problem?

Firefox has very small incremental updates and quite frankly nobody targets Opera

Re:

[Jamil Karim]

Due to some programs not functioning correctly with SP2, our department was explicitly told NOT to update to SP2. However, we've been applying all of the other patches that have come out. So, the scenario is more likely than you'd think. Microsoft even has a list of programs [microsoft.com] that don't work as intended under SP2.

Re:

[dave562]

I ran into a similar situation at one of my clients. They are a small lighting manufacturer and they run their entire business on an old dBase database. Their old Novell server bit the dust so they bit the bullet and went Win2K3 server and Windows XP on the desktops. The dBase app works okay with SP1, but as soon as you put SP2 (or any number of post SP1 hotfixes) on the box, the dBase app will fail to run with an NTDVM 16-bit subsystem error.

Re:

[AdamWeeden]

Sounds like most corporate IT environments I work with. My current work environment I help manage is over 1000 users with alomst that exact setup because we're still testing our internal software against SP2. In fact I had to deploy a hacky fix the other day to "patch" it.

Re:

[QRDeNameland]

whilst this is no doubt a bit of a "d'oh" moment for MS I doubt it will be a serious problem for anyone. * For this to have any affect on you you need to have SP1 but have the latest update of security for IE 6, surely if anyone updated regularly and applied security updates they'd be using SP2 anyway...

Well, count me as "not anyone". I still run Win2000 on two machines, and my one XP box is still SP1 because I refuse to install WGA [wikipedia.org]. On the other hand, this now prevents me from using Windows Update as w

Re:

[Korin43]

Well isn't that ironic.. People too paranoid to update are having issues with bugs.

Re:

[QRDeNameland]

Doubly ironic that you would say that in a thread about how an update actually introduced a bug.

Re:

[airjrdn]

You trust that site?

Re:

[heck]

It's causing problems.

We had 20+ tickets sitting in the help desk queue because people can't access our Web site. One of our end users figured out the issue before we did (bless a savvy end user) and emailed us the fix late last week. Most of our end users aren't that savvy. Luckily we now have a "here's whatcha need to do" now.

Some systems affected here

[lpangelrob]

Some clients accessing systems at the Chicago Board of Trade [cbot.com] were rendered useless by this bug; the flaw essentially resulted in a crash on login. Didn't know until today that it was exploitable, though.

The solution for us was simple: install Firefox on affected clients. Problem solved, users happy.

Re:

[lpangelrob]

Heh. I'm not even the systems administrator around here... it's more of a shared job.

Firefox is used here sparingly (4 installs off the top of my head, out of 50+) precisely because it's untested. If people know how to install it (and have permissions, for that matter, though I don't recall if you need to be admin to install Firefox) we don't support it. But in this case, all I had to go on was a website that worked before in IE now wouldn't work with IE, but continued to work with Firefox.

For limited ins

Laughable

[neonprimetime]

The incident may undo a great deal of the work that Microsoft has done to convince users to trust its software updates and install them by default.

Who's trust did they gain again? Which users? Certainly wasn't me!

Re:

[Apocalypse111]

I bet that a lot of what they're talking about isn't so much "work" as having the automatic update option set to "on" by default, and most users not knowing or caring about it. And still, most users won't care about this issue either, as it too will be automatically fixed when the patch is released and downloaded by the updating service that they may not even aware they have running.

I'm not saying this is a good or bad thing, I'm just saying.

Just Please...

[moehoward]

Please don't automatically reboot my machines again when the patch's patch is installed. I have the custom options in MS Update to allow me to control install/reboot for the updates. Well, it ignored that this week and rebooted 2 of my machines for me.

Then, I noticed that The Register had a couple of articles this week about the same thing happening to others.

Just who in the hell does MS think they are?

Oh, and if the patch's patch's patch needs a reboot as well, don't do that too.

Oh, and if.... nevermind.

Re:Just Please...

[Randseed]

Please don't automatically reboot my machines again when the patch's patch is installed. I have the custom options in MS Update to allow me to control install/reboot for the updates. Well, it ignored that this week and rebooted 2 of my machines for me.

Then, I noticed that The Register had a couple of articles this week about the same thing happening to others.

Just who in the hell does MS think they are?

That's precisely the problem. I, and I assume countless other users, have the automatic update installation turned off because every damned time I go to install an update, I have to reboot the machine, and it annoys the hell out of me, FUBARing applications by stealing focus (or worse, not and not allowing me to abort it) until I do. On the machines that are up for weeks at a time, that means that the updates get installed in batches, not immediately, which is precisely what Microsoft seems to be trying to avoid. the key for Microsoft is going to be coming up with the ability to install updates without forcing a reboot. Then, and only then, will they have a very high level of compliance among systems that truly matter. (i.e., not Bob's dialup machine, but Steve's server he has hanging out on a DSL line 24/7/365).

Re:

[TClevenger]

I also like how SP2 changes the default "Shut down" to "Shut down and install updates." Nice not catching that, and not being able to get out of the office because I'm waiting for my laptop to complete updates that must happen Right Now.

Switch to battery

[nstenz]

If you unplug the power cord and make the laptop go to battery power, it will give up applying the rest of the updates. You'll then have to apply them the next day when you shut down.

I did that for about a week until I actually had enough time to sit there and watch it finish installing updates and shut down.

Re:

[TClevenger]

Excellent. Thanks for the tip!

Re:

[Sancho]

So? I update while I'm doing other tasks, and I don't always want to stop doing those tasks so that the machine can (forcibly) reboot in 5 minutes. Not having the option to delay the reboot is absurd.

Forced Reboot = BAD

[Valacosa]

Here's an example for you:
I was once running an experiment for a prof. The computer controlling the experiment has a GPIB card, which is controlling several other devices in the room (PID temperature controller, Lock in amp, yada yada yada.) The software running the experiment was written in LabVIEW.

I'm in the middle of a nine-hour experiment when this dialog box pops up. "Your computer will restart in 5 minutes to apply updates."

Now, let's review. What have I done wrong?

• This isn't a server
• AFAIK there is no "LabVIEW" for Linux. I could have written all the GPIB software in C but then no one else would have the expertise to change it, plus getting the card to work in linux would probably be hell
• I'm not using IE
• Windows update is on? Oh, that's what I'm doing wrong.

Luckily my software is much better written, so I was able to discontinue and resume the experiment wihtout losing data. But still, is this the kind of OS that is intended for a production environment? "Who the hell do they think they are" indeed.

Re:

[schmiddy]

Just so you know, LabVIEW is in fact offered for Linux [ni.com]. I'm forced to use it on Windows myself, but I'm seriously thinking about switching our lab's measurement comps to Linux for ease of scripting, stability, etc.

Re:

[springbox]

I have it set up like this too, but that damn bubble keeps popping up every 5 or 10 minutes reminding me to reboot. So the machine gets rebooted anyway after the 20th time I've been reminded.

Re:

[gad_zuki!]

>Just who in the hell does MS think they are?

Maybe they think you can simply click on the right radio button:

Control Panel>Automatic Updates> Click Download updates for me, but let me choose when to install them, and click OK.

Do you ever get that feeling...

[T_ConX]

Do you ever get the feeling that IE6 is like a cartoon characters hole-riddled row-boat?

The cartoon character (lets just say it's Elmer Fudd) tries to plug a leak with his thumb, only to have another pop open on the other end of the boat. He stretchs over there to plug it with his other hand. A third appears, and he has to use his toe. Eventually, the number of leaks outnumbers the number of limbs (Or at least, the number of limbs one is allowed to show on TV. *wink* *wink*), and the boat finally goes down. A Fox riding in a Motorboat then speeds by...

Re:

[$RANDOMLUSER]

I think it's more like Wyle E. Coyote.

Week 1: Falls off a mountain, yowwwww SPLAT!
Week 2: He's back again, good as new. Anvil falls on his head, yowwwww SPLAT!
Week 3: Back for more, all cleaned up. Chases roadrunner into tunnel, train runs him over, yowwwww SPLAT!
Week 4: Back again, looking fine. Spring trap slams him into mountainside, boulder falls on him, yowwwww SPLAT!
Week 5: Lather, rinse, repeat, yowwwww SPLAT!

Re:

[KiloByte]

Does a reinstalled coyote count as the same one as the original?

Re:

[koh]

"I don't remember... I think I'm the third one"
.

Get rid of fixed patch date

[Joe The Dragon]

likey they rushed this patch to get it ready for the patch day and they did not fully test it. M$ will be better off with put the updates out when they are done not on a fixed time table.

Question

[Spazntwich]

Only SP1? Why would anyone with either XP or 2k have just patched other software but be at least a service pack behind?

Last I recalled, sp2 for XP had been out long enough even most corporations' IT departments to have tested and OKed it by now.

Re:

[phasm42]

Windows 2K SP4 is affected -- the SP1 bit is in regards to XP.

Re:

[mvdwege]

p>

Last I recalled, sp2 for XP had been out long enough even most corporations' IT departments to have tested and OKed it by now.

It's not quite that simple. If you have a corporate install of several tens of thousands PCs using the same base OS package, then the base package must be compatible with all applications that are to be deployed upon it. Now, XP SP2 breaks several applications, this is a known fact. Therefore, it may be more trouble rolling out SP2 on short notice instead of keeping up with

Re:

[Spazntwich]

Crazy shit. I sometimes forget people still use dialup.

snakes!

[ssrs396]

My computer is full of snakes!

*YAWN*

[Conspiracy_Of_Doves]

Wake me up when there is a security risk that doesn't need to go through IE.

Re:

[ZachPruckowski]

I'll wake you up when September ends [wikipedia.org].

Re:

[Conspiracy_Of_Doves]

Uhh.. yeah. That was kind of my point.

8 for 1

[roger6106]

8 bugs have been replaced with 1 bug. That is an improvement unless the bugs it fixed were all minor bugs.

New Windows Feature

[bblboy54]

I really don't understand why Microsoft doesnt just use their marketing power and explain how executing code from another machine is actually a feature. There is really no need to purchase applications such as pcAnywhere. Thank God for Microsoft saving us all that money!

Eight steps forward, one step back...

[spicyjeff]

Eight steps forward, one step back. That isn't so bad is it, it's still progress. :-/

Disable HTTP 1.1

[planckscale]

I had a Win2K box on our network who's Internet Explorer kept crashing when she visited websites with lots of stuff going on (Java and Flash). I read around and found a work-around from Microsoft. The workaround involved going into IE Options and unchecking "HTTP 1.1" MS Article ID: 923762:

Internet Explorer 6 Service Pack 1 unexpectedly exits after you install the 918899 update

Additionally they go on to say in this article: A new version of security update 918899 is currently in development and will be released to all Microsoft Internet Explorer 6 Service Pack 1 customers by August 22, 2006.

This patch was NOT released today - they LIED! :-) Since that change, the crashes stopped at least but now that this is out I have much move incentive to upgrade our last few W2K machines up to WinXPSP2.

Re:Disable HTTP 1.1

[pe1chl]

Also note that the patch mentioned in KB923762, which is available only by calling Microsoft and explicitly asking for it, was compiled on August 4th!

So, they KNEW about this problem at the time they sent out 918899 to the world via Windows Update!
They already had the fix available, but they chose to neither include it in 918899 nor to withhold 918899 from release on August 8th.

It caused some damage at work. We had to ask for the KB923762 fix, which took 3 days to get (because we buy computers with Windows installed, so we cannot call Microsoft but have to go via Dell).
IMHO it is gross neglect by Microsoft to knowingly release a defective update for which a better version already is available.

Re:

[planckscale]

Wow well I'm sure their intentions were to plug some serious holes in their browser. Unfortunately, it seems as though the patch they issued not only caused problems in older OS's but opened other serious holes. When the last release came out in August, I read that worms were already exploiting the patch, so I went ahead and rolled out via WSUS to error on the side of safety.

So what is worse? Roll out MS patches that could hose our machines, or wait 2 weeks for others to find out all the new problems the

Re:

[pe1chl]

This would be true if
- they would always release security fixes as soon as possible
- they would know that there was a problem but they had no fix available yet

However, in reality:
- all security fixes are delayed to patchday. 918899 was compiled on June 25th and all that time between June 25th and patchday the customers were vulnerable
- the problem was known and fixed a couple of days before patchday.

Also, remember that it is not only that the fault exposes the user to new threats (which they may not have r

But VISTA is Coming...

[BoRegardless]

And Bill Gates has said this new OS is going to be the whing dinger of all time.

Meaning, the number of serious holes is going to be astonishing, because they are so sophisticated and well hidden that only the best hackers can find and exploit them without users and IT admins finding them.

Aaaaak

Sick of this crap (OT)

[swordgeek]

This is pretty typical from what I've seen.

Although I'm an IT professional, I'm speaking as an end user here.

Last night my laptop (our company's corporate build, no additions or weird stuff) auto-applied a bunch of patches. When I came in this morning, it told me to reboot. No problem. Reboot to...bluescreen. Did some digging, and found that my install is hosed. I can't do anything until I get an XP boot CD and get to a rescue console. I have no clue if it's SP1 or SP2, and quite honestly, I shouldn't have to. If I had this sort of difficulty with a car, a furnace, or a kitchen appliance, it would go RIGHT BACK TO THE MANUFACTURER! There is no way a company

This isn't a rant against MS per se, it's against all shitty computer companies (hardware and software) who build shitty products that can't do the job they're designed for in a reliable and consistent manner. The entire computer industry needs to be taken out back and shot.

Yeah, I'm railing and blowing off steam here. Doesn't matter--I challenge you to come up with a single product in the industry that (a) does what it's supposed to, in a (b) reliable and (c) consistent manner.

Linux? Nope. Firefox? Close, but nope. MS Office? Nope. OpenOffice? Nope. Any and all media players? Nope. Most hardware now? Nope.

This industry is pathetic. It shouldn't be allowed to exist, let alone thrive.

Re:

[WuphonsReach]

Mmm, that reminds me... it's time to update my Knoppix+NTFSClone image...

Remove the log from your own eye...

[Reverberant]

...so that you could remove the speck from your brother's [stepto.com].

This is news?

[v1]

It's a bit like the old style avertisements you used to see, but with a twist.

"Microsoft... puting users at risk since Windows 3.0."

Nothing new here. Here, tell you what. They're going to do it again in less than 2 months. bet me.

Critical Mass

[whyde]

IIRC, according to the Jargon File, Windows has reached critical mass.

critical mass: n. Of a software product, describes a condition of the software such that fixing one bug introduces one plus epsilon bugs. (This malady has many causes: creeping featurism, ports to too many disparate environments, poor initial design, etc.) When software achieves critical mass, it can never be fixed; it can only be discarded and rewritten.

Vista is their re-write, which is an admission of this situation.

Dupe

[The Cisco Kid]

Oh wait, its actually a new bug. Or wait, its just the same bug over and over.

Seriously, how is this news? Everyone with even half a clue (and certainly almost all /. readers) recognize that MS will repeatedly issues patches, patches to patches, and will never really fix anything. Anyone with any sense in the IT/Net field that STILL actually uses Internet Explorer except in a heavily restricted sandbox for testing websites that the driveling masses will use it to visit is either too ignorant or blindly loyal to care about security.

If for some reason /. really thinks this needs to be news, just add it as a permanent headline. In fact, heck, maybe it should get its own whole section 'Security update to MS software introduces new security hole'

Internet Explorer?

[Niet3sche]

Internet Explorer? Internet what? Oh! The Firefox clone! I didn't know people used that anymore. ;)

More than one bug...

[hollismb]

I might be slightly off about whether it applies to this patch, or one that was also sent out last week, but it also messed up XP's ability to deal with compressed/zipped folders if you're running SP1, like we are at my work. You can create a zip file fine, but you cannot rename or open it through explorer. You can't get to the right-click menu at all (to copy/rename/delete etc.). It's totally been screwing with me all week. Also, you can't access the My Documents icon on your desktop, although it still wor

Re:To all Slashdot trolls

[neonprimetime]

Microsoft's idea of testing patches

1.) Perform Windows update
2.) Wait for system to reboot
3.) If system turns back on successfully after reboot, release!

Step 4

[MarkByers]

4) Check that the GUI appears.

Re:

[ShibaInu]

Well, Microsoft is a multi-billion dollar company that has been convicted of monopolistic pratices and Ubuntu is a tiny corp that gives its product away, for one.

MS also has the cash to support a huge infrastructure of programmers, testers, etc. Yet, they seem to always be shooting themselves in the foot. Doesn't stop them from swimming in money, but maybe, one day, it will.

Re:

[Phisbut]

Ubuntu has a problem today, which basically renders machines inoperable that update their X software today.

Dang, and I thought it was some weird config that I had that locked me out. Gawd I'm happy (somewhat) to see I'm not the only one who suffered that... I'll head for the forums now. Thanks for letting me know it's a general problem.

Re:I will not criticize this

[gelfling]

See what I mean. All Hail the 'Soft.