Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Bug Upgrades Microsoft Security IT

Microsoft Plans Largest-Ever Patch Tuesday 341

CWmike writes "Microsoft said it will deliver its largest-ever number of security updates on Tuesday to fix 13 flaws in every version of Windows, as well as Internet Explorer (IE), Office, SQL Server, important developer tools and Forefront Security client software. Among the updates will be the first for the final, or release to manufacturing, code of Windows 7, Microsoft's newest operating system. The 13 updates slated for next week, eight of them pegged 'critical,' beat the previous record of 12 updates shipped in February 2007 and again in October 2008." Update Reader Kurt Seifried writes to correct the math a bit, pointing to Microsoft's Advance Notification page for the release, which says that rather than 13 flaws, this Patch Tuesday involves "13 bulletins (eight critical and five important), addressing 34 vulnerabilities ... Most of these updates require a restart so please factor that into your deployment planning."
This discussion has been archived. No new comments can be posted.

Microsoft Plans Largest-Ever Patch Tuesday

Comments Filter:
  • by randy of the redwood ( 1565519 ) on Thursday October 08, 2009 @06:56PM (#29687561)
    I am still worried about using Ebay to buy my star wars collectables from my Chrome Browser - http://it.slashdot.org/story/09/10/06/2118211/Null-Prefix-SSL-Certificate-For-PayPal-Released [slashdot.org]
  • by CSMatt ( 1175471 ) on Thursday October 08, 2009 @07:01PM (#29687613)

    Does this mean that my Windows 3.1 box will finally get the DST update?

  • ...Patch Tuesday (Score:4, Insightful)

    by steelscalp ( 1383757 ) on Thursday October 08, 2009 @07:03PM (#29687629)
    Last week's "critical updates" were two copies of Windows Genuine Annoyance.
    • Re:...Patch Tuesday (Score:5, Interesting)

      by Fluffeh ( 1273756 ) on Thursday October 08, 2009 @07:12PM (#29687691)
      Well, they can be called critical. It's subjective you see. Critical to you as a user, or critical to Microsoft as a business?

      Yes, I think there is something in that for all of us, don't you? *puffs pipe*
    • by Entropius ( 188861 ) on Thursday October 08, 2009 @07:14PM (#29687711)

      It's a very good security strategy to piss off all your customers with WGA and Windows Media bullshit until they all turn off automatic updates.

    • by sconeu ( 64226 )

      You forgot Office Genuine Annoyance, too.

      Why is it critical?

  • Long Weekend (Score:4, Insightful)

    by camperdave ( 969942 ) on Thursday October 08, 2009 @07:04PM (#29687633) Journal
    Isn't Tuesday the first day back from a long weekend? Is that really the best time to do this? We'll be up to our eyeballs in password resets already. (How do people forget a password in three days?)
    • only if you have Monday off! ;)
    • Re:Long Weekend (Score:5, Insightful)

      by Fluffeh ( 1273756 ) on Thursday October 08, 2009 @07:14PM (#29687707)

      How do people forget a password in three days?

      Because people are stupid. A person is smart, but people are stupid.

      One of the most strangely insightful comments in Men in Black from memory.

      • Re: (Score:2, Insightful)

        by flipper9 ( 109877 ) *

        Because people are required to memorize multiple passwords, between many different systems, that have different password construction requirements, require differing expiration dates on passwords. Not to mention each different system has a different login username and sequence. Then you wonder why people write their login information down on a post-it-note on their desk. Too many passwords and usernames lead to greater insecurity. Don't blame them for forgetting a password amongst so many.

    • Re: (Score:3, Insightful)

      How do people forget a password in three days?

      Duh, the janitor who comes in on holidays keeps throwing out the post-its taped to the monitors!

  • Windows 2000? (Score:2, Interesting)

    by Azureflare ( 645778 )
    I'm guessing windows 2000 isn't one of the operating systems that will be patched?

    I couldn't find details in the article, but since extended support has ended... RIP win2k :(

    P.S. unless it's not affected by this? but I think there are previous vulnerabilities which haven't been patched too so maybe win2k is already dead and I missed the boat.
  • i got this awesome bug fix such that Outlook now says "This copy of Office is not genuine. Click here to learn more online." in an unremoveable toolbar

    can't wait to see what gets patched next!

    • I wish they'd patch my work computer to do that, and in such a way that the IT department can't fix it. I hate Outlook, and I'd love a good excuse to not use it any more.

      • Re: (Score:3, Informative)

        I used to say that. Then we got forced onto Lotus Notes.

        and when I get to Heaven To St. Peter I will tell: "One more Notes user reporting, Sir -- I've served my time in Hell."

        • That's funny, because we're in the process of being switched from Notes to Outlook and I miss Notes terribly.

          Come on, I can't even make the folder name font bigger without increasing the drop-down menu size for all of the programs?

    • Thankfully Office is considered quaint where I work. Anybody who wants to be taken seriously uses vi/emacs/kwrite/textpad and LaTeX.

    • Re: (Score:3, Insightful)

      by plague3106 ( 71849 )

      Well stop pirating office and you won't have those kinds of problems.

    • Was it "genuine"? Cause all I got was a message saying the system was being updated. I waited that out and everything worked as usual. The only annoyance was it didn't say what was updated, nor did it ask if I wanted the updates even though my settings are to notify me before updating.
  • Bad luck (Score:5, Funny)

    by gmuslera ( 3436 ) on Thursday October 08, 2009 @07:12PM (#29687693) Homepage Journal
    13 patches released at 13:00 of Tuesday 13. Windows sysadmins that day will have to pass below ladders, see a black cats cross in front of them and then break a mirror. But that will be nothing. The worst part will be when they turn on the computer, and see that windows is still running.
  • by seifried ( 12921 ) on Thursday October 08, 2009 @07:31PM (#29687861) Homepage

    http://blogs.technet.com/msrc/archive/2009/10/08/october-2009-bulletin-release.aspx [technet.com]

    For October we are releasing 13 bulletins (eight critical and five important), addressing 34 vulnerabilities, affecting Windows, Internet Explorer, Office, Silverlight, Forefront, Developer Tools, and SQL Server. Most of these updates require a restart so please factor that into your deployment planning.

    • Re: (Score:3, Funny)

      by John Hasler ( 414242 )

      So you are going to have to reboot more than thirty times to install this?

      • by seifried ( 12921 )
        Fortunately just the once. You can thank Windows insane file locking (easy to establish a lock, hard to make sure everyone let go, so the easiest way to overwrite a file is put it in the queue for overwriting at reboot time when you can be sure no-one is messing with it). Linux is so much saner in this aspect.
        • Re: (Score:3, Informative)

          Fortunately just the once. You can thank Windows insane file locking (easy to establish a lock

          To clarify what this means, Win32 API function CreateFile, which opens files, locks them for exclusive access if the argument in which lock flags are passed is set to 0. In other words, the default is "lock for everything", and you explicitly have to opt out of that by specifying things like (FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE).

          This has a minor advantage in that stupid people often forget to lock their files properly, and then applications crash (or silently corrupt data) because they do

          • Re: (Score:3, Informative)

            by Abcd1234 ( 188840 )

            To clarify what this means, Win32 API function CreateFile

            Actually, the real issue is that OpenFile does the exact same fucking thing. The result is that you can't replace things like existing DLLs on a live system because you can neither delete them nor overwrite them so long as an application has the DLL open (and that includes Windows itself).

            Linux, OTOH, thanks to it's Unix underpinnings, will happily let you delete an open file... the inode just goes away once all references to it have been closed. Me

  • Kudos (Score:5, Interesting)

    by Linker3000 ( 626634 ) on Thursday October 08, 2009 @07:59PM (#29688039) Journal

    Look, I know it's fashionable to make negative remarks about MS round here, but it's only fair to say 'well done' to them for bettering their previous high count. Hopefully they haven't run out of bugs to fix and they'll work hard to find and fix even more next time. Who knows, this time next year they could be fixing hundreds of bugs every month - and if we're lucky, some of them could be quite serious or critical - wouldn't that be just awesome!

    Go MS!

  • by Ralish ( 775196 ) <{sdl} {at} {nexiom.net}> on Thursday October 08, 2009 @08:00PM (#29688045) Homepage

    I was about to bitch about the submitter/moderator not RTFA, but it turns out, the article doesn't mention it either, so I'll clarify instead: thirteen updates are being released which together address thirty-four security vulnerabilities of varying severity across varying products (ten of which are targetted at Windows). So, that's NOT thirteen flaws (plenty more actually), just thirteen updates, some of which (all?) address multiple flaws in the particular system they are targetted at. Of course, this is just the advance notification, so full details about how many vulnerabilities each update addresses and the general information on them won't be released until the patches are next Tuesday. I think it's also worth nothing (although the summary of course neglects to mention it) that the good aspect of these updates are both major zero-day exploits (targetting IIS & SMB 2.0) are patched with these updates.

    And while I'm posting, why does Slashdot insist on linking to shitty tech magazine articles (poorly) summarising the raw and accurate data straight from Microsoft? Seriously, I'm not sure if it's some sort of aversion to linking to MS, but they're the ones doing the patching, so it follows that they have the best, newest, most accurate data on them, and they'll likely be the first to provide updates on their content. These articles are just summarising what Microsoft has published on their various web-sites, and being a summary, they provide a lot more information and raw data:

    Microsoft Security Bulletin Advance Notification for October 2009 [microsoft.com]
    October 2009 Bulletin Release Advance Notification [technet.com]

    • by dave562 ( 969951 )

      On some level Slashdot bills itself as a news aggregator. Information taken straight from software vendors aren't necessarily news articles. They often times contains the most accurate information. If the editors start posting microsoft.com articles, then they have to post apple.com articles, and adobe.com articles and pretty soon this isn't News for Nerds, it's Corporate PR Central.

      I'm of the opinion (how ever little that is truly worth) that articles about patch counts are completely worthless. Anythi

  • by MBCook ( 132727 ) <foobarsoft@foobarsoft.com> on Thursday October 08, 2009 @08:17PM (#29688111) Homepage
    Does it fix the problems with Windows 7? After reading this review [cracked.com] of a pre-release download, I'm a bit hesitant to use it.
  • I am using special exam software to take a grad school exam Wednesday morning. The version of the software which I'll be using was released TODAY. Would I be smart to turn off Automatic Updates on Monday, or is this just paranoia?
  • Nice! (Score:5, Funny)

    by rrohbeck ( 944847 ) on Thursday October 08, 2009 @09:43PM (#29688557)

    So where are the instructions for the patch party?

  • Does this mean they're releasing Windows 7 a full 10 days early, then?

  • ...so far!
  • So? (Score:3, Interesting)

    by Anonymous Coward on Friday October 09, 2009 @12:30AM (#29689259)

    So what?

    My Ubunutu Jaunty desktop downloaded 130mb of updates last night. And this isnt the first time either.

    I didnt see the /. community getting their nickers in a knot about it

  • Good in Microsoft (Score:3, Interesting)

    by sco_robinso ( 749990 ) on Friday October 09, 2009 @09:47AM (#29692965)
    I know Microsoft is often poked at, especially around these parts, for having so many vulnerabilities to patch, but at least there on the ball doing it. Not to mention, automatic updating has been the defacto standard now since XPSP2, so nowadays it's pretty hard not to be somewhat up to date. So my OS pulls down a batch of updates once or twice a month, big deal... I think Microsoft has done a good job with the hand of cards they've been dealt.

    Not to mention, WSUS in the enterprise is an excellent, free tool for centrally managing patch deployment.

    Number of patches and vulnerabilities aside, I think MS is a standout leader in this category.

You are always doing something marginal when the boss drops by your desk.

Working...