Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×
Microsoft Security

Microsoft Kills Many Critical Flaws, Some 0-Days, Un-Trusts One Wildcard Cert 103

An anonymous reader writes: For this December Patch Tuesday, Microsoft has released twelve security bulletins, eight of which have been rated critical. Those refer to the cumulative security updates for Internet Explorer, Microsoft Edge, JScript and VBScript, and updates for Microsoft Windows DNS, Microsoft Graphics Component, Silverlight, Microsoft Office, and Microsoft Uniscribe. Microsoft also released a security advisory announcing the removal of a digital certificate from the Certificate Trust list (CTL).
This discussion has been archived. No new comments can be posted.

Microsoft Kills Many Critical Flaws, Some 0-Days, Un-Trusts One Wildcard Cert

Comments Filter:
  • by Anonymous Coward

    ... err, I mean, Windows 10.

  • by Anonymous Coward

    In other news Microsoft also released another 14 updates that increase telemetry, attempt to forcibly install Win 10, beat your children and do unspeakable things to the cat!

    • by XXongo ( 3986865 )

      In other news Microsoft also released another 14 updates that increase telemetry, attempt to forcibly install Win 10, beat your children and do unspeakable things to the cat!

      Oh, noes! Not the cat!

      KITTEH!

  • I have Windows Update on a pure as-needed basis and glad I do after hearing about the supremely unethical 'Hey! Upgrade to Windows 10! Hey!' nag that came in some updates.

    On another front a friend was having trouble with his boot drive and as we were shutting it down Windows jumped in to install a bunch of updates - that finished corrupting the boot drive and many, many hours were dedicated to recovery and repair.

    I'll give these patches a look but want no shady behavior out of the Redmond Mob.

    • by U2xhc2hkb3QgU3Vja3M ( 4212163 ) on Wednesday December 09, 2015 @03:33PM (#51089995)

      I want to punch the idiot at Microsoft who decided that "shutdown" means "the user can leave the PC running for hours".

      That guy never brought his PC to a LAN gaming session.

      • Re: (Score:3, Insightful)

        by gstoddart ( 321705 )

        Oh, sorry, Microsoft has decided it is their computer, and you may only use it according to how they see fit.

        They don't give a crap about what you want here, they're just going to automate this stuff to take away all the scary bits.

        Apparently you're not qualified to concern yourself with such things.

        • by Alumoi ( 1321661 )

          Oh, sorry, Microsoft has decided it is their computer, and you may only use it according to how they see fit.

          Your computer, their software. So, as long as you use their software you agree to bend over and take it in.

      • by tlhIngan ( 30335 )

        I want to punch the idiot at Microsoft who decided that "shutdown" means "the user can leave the PC running for hours".

        That guy never brought his PC to a LAN gaming session.

        Not to mention, not offering a way to do it and then power the PC up afterwards - why can't I go and select "Install updates and restart" when I leave on a Friday night? The PC will install the updates, take as long as it needs, then restart itself so I could remote into it during the weekend if I need to?

        Why do I want to shut it down an

  • by SeaFox ( 739806 ) on Wednesday December 09, 2015 @03:06PM (#51089835)

    Saw that there were several "important" updates available to me last night. I've disabled Automatic Updates, since I can't really trust Microsoft to not try and install Windows 10 behind my back, and instead have Windows Updates a startup item now so I can stay on top of new updates more easily.

    Haven't had a chance to go through what's listed there -- doesn't anyone know if there are any I need to be hiding from this batch?

    • I followed the links to the KB for the updates. One of the updates went to a blank page in the KnowledgeBase. So I didn't install that one.

      .
      There were also a couple of optional updates that looked as if Microsoft was trying to hide something in their KB description. So I didn't install them either.

      • They don't always make the KB articles available before pushing the updates. Check back later as it will eventually appear.

    • by AmiMoJo ( 196126 )

      The sly Windows 10 installer came back for me, despite having disabled and hidden it and blocked it via the registry previously. You can spot it because even if it doesn't say "Upgrade to Windows 10" it will have a variable install size (listed as say 20-200MB) or just be huge (2GB+).

  • KB3112343 (Score:4, Informative)

    by Anonymous Coward on Wednesday December 09, 2015 @03:06PM (#51089837)
    Warning, they are trying to sneak in yet another update to chuck Windows 10 down your throat. KB3112343 [microsoft.com] enables support for additional upgrade scenarios from Windows 7 to Windows 10.
    • Re:KB3112343 (Score:5, Informative)

      by hairyfeet ( 841228 ) <bassbeast1968@nOSpAm.gmail.com> on Wednesday December 09, 2015 @05:02PM (#51090895) Journal

      Well lucky for me and my customers I didn't see that one thanks to GWX Control Panel [ultimateoutsider.com] which I HIGHLY recommend, it allows you to set customers updates back to automatic without worry about getting "Win 10'd" as it kills Windows upgrades dead WITHOUT touching the critical security patches that aren't backdoor attempts at "Win 10'ing" the system.

      BTW for those that need a very easy and simple way to remove all that backported telemetry shit (funny they can't backport DX12 but they can all the Win 10 spyware) here is a handy .BAT file [alaya.net] that wiull scan for any of the telemetry or Win 10 shit and remove it. Its updated every month to keep up with the MSFT bullshit parade so just grab a new copy about a week after patch Tuesday and you're golden.

      Its fucking sad that they took what COULD have been a good OS and filled it so damned full of malware that we have to treat Windows Update as a malware vector and I really hope they get sued for this shit. I can't believe I'm saying this but....can we have Ballmer back? At least all he was doing was trying to (poorly) ape Apple and with something like Classic Shell it was easy enough to just remove the candyfloss, but I have yet to see anybody be able to show with a traffic analysis a way to 100% kill the spyware in Windows 10. Its so nasty I'm having to...gag, wretch...recommend Windows 8 as at least you can get it cheap, upgrade to 8.1, then get the GUI back with Classic Shell and use the .BAT to kill the spying, with Windows 10 its so baked in I seriously doubt anybody is gonna be able to wrench it out and leave a functional OS.

      • by yuhong ( 1378501 )

        Can you ask why you need 100%?

        • Because the telemetry is encrypted so I have NO idea what the 10% or whatever is sending? It could be sending my CC numbers, my browsing history, access to my cam and mike, I have no idea WHAT is being sent, only that I, the person that paid over a fricking grand for the system, have no control over it.
    • by yuhong ( 1378501 )

      This is the "Windows Update Client for Windows 7 and Windows Server 2008 R2: December 2015" update. This don't have the actual GWX client that nags etc.

  • by gstoddart ( 321705 ) on Wednesday December 09, 2015 @03:08PM (#51089851) Homepage

    How can any of us trust that when Microsoft puts out patches they're not also saying "fuck it, while we're here we'll just tinker with a few things and add stuff we've wanted for a while"?

    Microsoft are being such bastards about shoving Windows 10 up our collective asses I'm afraid at this point Microsoft has to be treated as a hostile and un-trusted entity -- they've pretty much decided that furthering their own interests is compatible with the update system which is supposed to provide us security.

    We don't trust you didn't write something horribly insecure, we don't trust that you aren't sneaking something in unrelated to security, and quire frankly we don't trust that you're going to do a good job of fixing these problems.

  • by QuietLagoon ( 813062 ) on Wednesday December 09, 2015 @03:12PM (#51089873)
    Windows Update took about an hour to scan for what updates I needed on each of the three PCs I updated yesterday.

    .
    This extreme slowness is a recent thing, occurring only for the last three four four months. I really takes the fun out of running Windows Update.

    • by Anonymous Coward

      Windows Update took about an hour to scan for what updates I needed on each of the three PCs I updated yesterday.

      .

      This extreme slowness is a recent thing, occurring only for the last three four four months. I really takes the fun out of running Windows Update.

      Haven't seen that happen myself with Windows 7 but I remember that near the end of XP's life Windows Update would run for a long time and often fail to finish at all.

    • I really takes the fun out of running Windows Update

      I didn't realise people run Windows update. I thought that you just get a list of updates pending to be installed and you can work your way through them as you desire. What is this scan thing you're doing?

  • by ITRambo ( 1467509 ) on Wednesday December 09, 2015 @03:41PM (#51090053)
    It almost seems that Microsoft has intentionally slowed updates for Windows 7. It's been taking 30 to 60 minutes to check and get a repsonse using Windows update on our Windows 7 machines. Windows 10, on the other hand, is rapid, but buggy with more than one failed update that required running a script in an elevated command prompt to get it removed, when not needed, or installed. Having experienced annoying and on one PC serious issues with Windows 10, our Windows 7 PC's are staying with Windows 7, with automatic updates disabled. I manually check now, with recommended updates turned off, since I lost all trust in Microsoft in the past few months thanks to sloppy work and buggy updates. I have been installing GWX Control Panel in most of our customer computers that are still running Windows 7 or 8.1, with their blessings and often at their request since they like their PC the way it is.
    • by QuietLagoon ( 813062 ) on Wednesday December 09, 2015 @04:42PM (#51090703)

      It almost seems that Microsoft has intentionally slowed updates for Windows 7...

      I wonder if it has something to do with Microsoft no longer doing service packs.

      .
      Nowadays, the Windows 7 windows update client has to pour through everything since SP1 to find the dependencies and omissions, in order to determine what updates need to be installed. It is almost as if the service pack team didn't tell the windows update team that service packs would be discontinued, so now the windows update process is basically flopping around in a dependency tree so large that is is falling over on itself. If Microsoft were to issue a SP2 for Windows 7, then the dependency tree would be small again and windows update would move more quickly.

      .
      Windows 10 doesn't have the slowness problem (yet) because the dependency tree is much smaller on the newer OS.

      Or, it could be just as you say, Microsoft is intentionally slowing down the update process for Windows 7, trying to put a hurt on the customer experience.

      • If Microsoft were to issue a SP2 for Windows 7

        Microsoft thinks that it did issue an SP2 for Windows 7. The name is a little misleading: "Windows 10".

  • 1. Don't install it.
    2. If you ignored step 1, then uninstall it.
    • by SeaFox ( 739806 )

      I seem to recall Silverlight being a system component your can't remove once your add, though.

  • Its cute ... you guys have warped 0-day into something utterly meaningless.

    The term was always stupid, you mean 'undisclosed'. It stopped being 0 day 24 hours after it was first discovered, regardless of when you found out about it.

    The reality is, unless someone on slashdot was actually writing it, its pretty unlikely you've EVER seen a 0 day exploit.

    You guys now days have no experience or clue about what words mean so you just start making shit up and using them in utterly stupid ways.

    • You're adorable. You think summaries should be accurate here. And more so, headlines. Just precious.

      Meanwhile, various tools let me criticize the idiots without giving the retards at Dashslot any revenue. Precisely because of this nonsense.

      I stopped caring, and voted with my wallet. Do the same, pp, and readers alike.

  • Shouldn't Internet Explorer be an optional removable application, since Microsoft now wants to push Edge as the default browser? I'm fine w/ that, b'cos I use a combination of Edge, Chrome and Palemoon. On the laptop, it's not a big deal, but on my Winbook tablet that has limited storage, I'd like to remove things like IE
  • There is no reason at all to ever run it. Your system will be perfectly safe. Worse IT professionals actually believe this??!

    Glad mine are turned on

  • ...installing this comprehensive necessary patch DOES actually also install Win10 automatically.

    Sorry.*

    -MS

    *not really.

  • Microsoft's "Critical Update" screwed up my iPhone 5S's update to IOS 9.2 to the point where it almost bricked the phone.

    I ended up spending 15 minutes with Apple Support trying to get the phone back using a Mac when ... the Mac announced it had an update to El Capitan and Xcode.

    Maybe it's time that manufacturers set aside unique days (of the month) for releasing their updates so that they all don't collide?

    Sorry, just bitching because I really didn't need to lose an hour on an iPhone update which is normal

  • I thought Microsoft Edge was elimated all the defects in the Microsoft browser?
  • Every time I start it up, its layout gets resetted. So annoying!

Multics is security spelled sideways.

Working...