Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Internet Explorer Microsoft Bug Security Software IT Technology

No Patch On Tuesday For Internet Explorer Hole 63

An anonymous reader writes "Right on schedule, Microsoft on Thursday announced its usual advance notification for the upcoming Patch Tuesday. While the company is planning to release seven bulletins (two Critical and five Important) which address 12 vulnerabilities, there is one that is notably missing: a bulletin for the new IE vulnerability discovered on Saturday. For those who didn't see the news on the weekend, criminals started using a new IE security hole to attack Windows computers in targeted attacks. While IE9 and IE10 are not affected, versions IE6, IE7, and IE8 are."
This discussion has been archived. No new comments can be posted.

No Patch On Tuesday For Internet Explorer Hole

Comments Filter:
  • There is a fix (Score:4, Insightful)

    by AmiMoJo ( 196126 ) * on Thursday January 03, 2013 @05:24PM (#42468119) Homepage Journal

    Upgrade from XP and install IE9/10. What other manufacturer provides quick fixes for a decade old OS that is now three versions out of date?

    • Re: (Score:2, Informative)

      The difference is, most other companies don't charge you several hundred dollars for an operating system upgrade just to patch important software vulnerabilities. In fact, most other operating system distributors don't even charge a penny for such a basic service.

      • Re: (Score:2, Insightful)

        by Anonymous Coward

        The difference is, most other companies don't charge you several hundred dollars for an operating system upgrade just to patch important software vulnerabilities. In fact, most other operating system distributors don't even charge a penny for such a basic service.

        Which operating system distributors would that be? Not Apple; they haven't supported System 9 for years. Not Red Hat; they don't support any of their 2.0 kernel based releases either.

        • by jon3k ( 691256 )
          So Microsoft has publicly ended support for IE8 and doesn't offer anymore updates? If so, then paying for an update would be a reasonable expectation (they should have already known to upgrade). If it's still under support, then this isn't a very reasonable option.
        • Which operating system distributors would that be?

          Canonical?

        • FreeBSD. OpenBSD. NetBSD.
          Slackware, Debian, Arch, Gentoo, KNOPPIX, CRUX, FINNIX...
          FreeDOS, Haiku... and those are just a few that have specifically been around at least about a decade at no cost.

          Add others that are newer projects, spin-offs of older ones, and/or previously commercial distributions and a whole new world opens up:
          MINIX 3, DragonFly (BSD), PC-BSD (IX Systems), Ubuntu (Canonical), openSUSE, Fedora, Mandriva, Mageia, Scientific Linux, CentOS, Zenwalk, Salix, etc... the list goes on.

          Never mind

      • Apple generally charges $100 per upgrade and they only do fixes for 2 versions old, so they'll update 10.6 now, but not 10.5. At the rate they release, you have to update every few years to keep getting patches. RedHat charges $350-8600 per year depending on the options you want ($350 is for self support 2 socket x86, $8600 is for premium support 4 socket POWER). Oracle charges a retarded amount of Solaris support, it is kinda a hardware/software combo support and is thousands a year, and you have to uninst

        • by jon3k ( 691256 )
          You're comparing the costs enterprise products vs. consumer (and enterprise) products, not apples:apples. As far as I know, IE8 is still supported, and the end users paid for support for a period of (typically) 10 years.
          • Not to mention, Red Hat's business model is based pretty much completely on support... their source is open; nothing is stopping you from downloading the patches is source form and applying them yourself, or just using one of the clones (CentOS, Scientific Linux, etc.)

            I don't know about actual Solaris support costs, but I do know that Oracle is one company I will never give a penny to, so to me it doesn't really matter.

      • The difference is, most other companies don't charge you several hundred dollars for an operating system upgrade just to patch important software vulnerabilities. In fact, most other operating system distributors don't even charge a penny for such a basic service.

        They aren't charging you to patch the security problem, they are charging you to get you the hell off Windows XP, which they don't want to support going forward because it no longer represents a marginal ongoing income for them.

        Windows XP support was was announced dropped several times, finally dropped, and I understand that people don't like this, and that Microsoft had finally made an OS that was "good enough" that people don't see an incentive to "upgrade" to an OS that can only laughably be called "impr

        • They aren't charging you to patch the security problem, they are charging you to get you the hell off Windows XP, which they don't want to support going forward because it no longer represents a marginal ongoing income for them.

          Translation: We want even more of your money, and you can't get this security update until we've seen it in the form of a yet another complete OS upgrade. Don't like the new license or additional DRM/lockout features or Metro? Tough. Don't have a machine up to spec for our latest version? Then go buy a brand new one, toss that old one in the landfill. Don't want to pay us again for yet another overpriced OS upgrade just to get another security fix? Then go elsewhere.

          They are charging you because they

    • by Sycraft-fu ( 314770 ) on Thursday January 03, 2013 @05:41PM (#42468367)

      MS provides long support lifecycles, 10 years from release minimum and subject to extension, which XP has been. XP will continue to get updates until mid 2014.

      I'm sure they intend to fix it, they just haven't gotten the fix tested yet. MS can't just go and bash out a fix and release it and hope nothing goes wrong, they have to regression test their fixes and it is not a fast process.

    • The latest versions of every other browser run on Windows XP: Chrome, Firefox, Safari, Opera, and so on. Those latest versions also contain no publicly known security vulnerabilities according to Secunia. So I guess the answer is everyone but Microsoft provides quick fixes for that decade-old OS.
    • Upgrade from XP and install IE9/10. What other manufacturer provides quick fixes for a decade old OS that is now three versions out of date?

      I am astonished that anyone sane would measure from the start of the XP cycle which was unnaturally long from extensive problems as Microsoft not the user. That means that 2007 when Vista was released is a much more reasonable time....If it was any good. It wasn't it ran badly on most (all) of the machines at the time which lest many people waiting windows 2007. I have four machines in my house...only one supports Windows 7, Windows 8 is quite but none have a touch screen...making Windows 8 a no no for me.

      T

    • by gweihir ( 88907 )

      Far too complicated and of limited effectiveness. Just do not use IE at all.

    • What other manufacturer provides quick fixes for a decade old OS that is now three versions out of date? Red Hat and CentOS https://access.redhat.com/support/policy/updates/errata/ [redhat.com] http://wiki.centos.org/ [centos.org]
  • FixIt (Score:2, Insightful)

    by Anonymous Coward

    They did release a FixIt, but yeah no real patch its looking like until Feb.

    • by antdude ( 79039 )

      It will probably be an out of the bound release. MS have done this before with emergency fixes. Remember, we just had the holidays. People are back to normal lives now.

  • Is working as it should. Not a bug, but a feature only available in internet explorer.
  • They fought (clean and dirty) to become top dog on the OS and browser front. Now what?

    Botnets aren't composed of mostly Windows computers just because it's the most prolific (bought and pirated). It's also because of more than a decade of complacency.

    I hope we'll see more real competition on all sides for the company for all our sake. Please, MS, dip into that vast wealth of bought out resources and your own research to make genuinely better products going forward at least. Side note: it's fashionable to ba

  • What better way to convince IE6-8 users to stop being so stupid?

"The voters have spoken, the bastards..." -- unknown

Working...