Microsoft Patch Day Next Week
Posted by Tom Warren on 04 February 2005 - 08:40 · 71 comments & 8866 views
About the Author
Full name: Tom Warren
Forum name: creamhackered
Contact: via forum PM
Submissions: Normal · Headline
Full name: Tom Warren
Forum name: creamhackered
Contact: via forum PM
Submissions: Normal · Headline
Slashdot It!
Submit to reddit
Submit to blinklist
Bookmark on del.icio.us
Add to furl
Share on Facebook
Add to Windows Live
Add to Google- Advertisement
-
-
(1 reply)
#1 Posted by AMPSV on 04 Feb 2005 - 08:54
- Oh Joy
-
#1.1 Posted by Mystical112 on 09 Feb 2005 - 17:19
- i kno....im soo excited... they should make it a national holiday... hahah...
-
(1 reply)
#2 Posted by R1CK13 on 04 Feb 2005 - 09:02
- Better then nowt' a suppose
-
(1 reply)
#3 Posted by amdme3200 on 04 Feb 2005 - 09:10
- Wow 13 thats alot.
-
#4 Posted by oDD on 04 Feb 2005 - 09:10
- Lucky number of patches.
-
(2 replies)
#5 Posted by werejag on 04 Feb 2005 - 09:25
- wow i cant wait what bugs will we get this time?
....
ohhhh that said patches
same thing according to the track records of microsoft.
/m$ sheep on -
#5.1 Posted by weenur on 04 Feb 2005 - 16:28
- /reasonable human on
Software is never perfect. How can anyone fault another for trying to improve? I swear, I'll never understand the idiotic factionalism on this board. It reminds me of elementary school.
/irrational elitist response on -
#5.2 Posted by EduardValencia on 06 Feb 2005 - 17:09
- agree with you weenur
-
(4 replies)
#6 Posted by SquareSoft0 on 04 Feb 2005 - 09:31
- Understand that these updates have no specified product or anything before commencing any feces-launching. For all we know, the 9 OS patches are for XP pre-SP1. Unlike Secunia and some other groups, MS does the smart thing by finding / fixing patches without thoroughly explaining how to exploit every tiny flaw. Unpatched exploits should not be made publicly available, they should all be reported to the developers.
Remember, do not feed the trolls. They are to be mocked. -
#6.1 Posted by The_Decryptor on 04 Feb 2005 - 09:38
- From what i remember, a group tried that, and ms didnt release a patch until the group released a proof of concept exploit. Only then did ms make a patch.
Anyway, security through obscurity is bad, no matter what way you try to spin it. -
#6.2 Posted by Jugalator on 04 Feb 2005 - 10:09
- "Understand that these updates have no specified product or anything before commencing any feces-launching. For all we know, the 9 OS patches are for XP pre-SP1."
Yes, but it's more to the package than OS patches. One is classified "Important" and for the .NET Framework, another is "Critical" and for Office and Visual Studio, one is "Moderate" and for SharePoint / Office. But the others may be for pre-SP1... or post-SP2. We don't know yet.
"Unpatched exploits should not be made publicly available"
How are people affected by the unpatched flaws going to avoid it if they don't know what it is? Are they just going to let MS have them sit there clueless while being victims of hackers? At least if they publicize, say, IE having a problem with ActiveX sites due to an unpatched critical flaw, people could at least turn ActiveX support off meanwhile. The alternative being MS crossing fingers hackers aren't aware of it and exploiting it, since their users haven't been informed. I mean, not disclosing flaws isn't really the ultimate way of stopping hacks. There are thousands out there doing reverse engineering as a hobby.
Last edited by 21023 on 04 Feb 2005 - 10:14 -
#6.3 Posted by shao on 04 Feb 2005 - 11:41
- there's a difference between sending the proof of concept to microsoft to examine, and sending the proof of concept to every virus writer, every adware producer, and every other little ****wit to exploit. that's why more and more people are seeing the likes of secunia as attention seeking whores that really have no interest in the security of users' pc's, instead being dedicated to the self promotion of their petty little existances.
-
#6.4 Posted by Jon on 04 Feb 2005 - 12:28
- I disagree completely about Secunia, I've seen two comments about them recently but have no idea why, most of the attention seeking comes from random unknown 'security groups' on the likes of full disclosure, secunia.com simply lists them with minimal details that may lead to exploitation. Secunia.com is an *incredably* useful reference to a security admin, and the lists of exploits per application is the best I've seen.
-
(2 replies)
#7 Posted by cheesegoduk on 04 Feb 2005 - 09:44
- Sigh, *Goes to warm up SUS server*
-
#7.2 Posted by cheesegoduk on 05 Feb 2005 - 13:42
- Have a Wus box as well, tho it only patches IT staff's for the mean time until we're ready to change over
-
#8 Posted by bush on 04 Feb 2005 - 09:53
- yaay, patches! ms doing a great job
-
#9 Posted by Staind on 04 Feb 2005 - 09:55
- AutoPatcher's kind of out-of-date, and Windows hotfixes are in the majority in the list of the currently installed programs.
It's still good to hear that m$ is improving their products, but what if they figure out an irremediable bug?
-
#10 Posted by leesmithg on 04 Feb 2005 - 10:11
- It is good they're keeping us upto date.
-
#11 Posted by Ficman on 04 Feb 2005 - 10:52
- Good news...
-
(3 replies)
#12 Posted by take_the_veil on 04 Feb 2005 - 11:23
- Anyone who typed "m$" as a means to describe Microsoft in this thread should be shot. Get a ****ing life you repetative morons.
-
#12.1 Posted by shao on 04 Feb 2005 - 11:43
- agreed.
the inquirer are almost as bad insisting on doing a find replace on most articles, replacing microsoft with 'vole'. it's not big, and it's not clever, and it's one of the many reasons why i never visit their ****-infest cackhole of a site any more. rofl! -
#12.2 Posted by permissionToExterminate on 04 Feb 2005 - 17:15
- maybe they just did it so that you could get off
-
#12.3 Posted by Jazkal on 04 Feb 2005 - 19:48
- take_the_veil,
Get over it, would you prefer Micro$oft?
I'm not sure if "repetative" is a word or not, but I assume you meant "repetitive".
repetitive
adj 1: persistently continual; "the bluejay's insistent cry" [syn: insistent] 2: marked by tedious repetition
So yes, we use M$, because you know what we mean, and we avoid the "tedious repetition" of having to type out "Microsoft (the big bad corporation dedicated to taking your money and squashing the little guys)". Much easier to just type M$.
-
#13 Posted by RanCorX2 on 04 Feb 2005 - 11:35
- Nice, always good to squish more bugs.
-
#14 Posted by amanechoir on 04 Feb 2005 - 11:42
- I love Microsoft!
*Hugs his XP box*
-
(1 reply)
#15 Posted by Gowcra on 04 Feb 2005 - 11:54
- I love Microsoft. (i really do)
-
#16 Posted by Lenin on 04 Feb 2005 - 11:56
-
let's see...
-
#17 Posted by [DGS] on 04 Feb 2005 - 12:10
QUOTE The updates range from moderate to critical. 9 of the bulletins will effect Microsoft Windows and all 9 are critical. Other bulletins effect Microsoft SharePoint Service, Microsoft Office & Visual Studio, Microsoft .NET framework, Windows Media Player and the companies IM software; MSN Messenger.
Here comes MSN MESSENGER 7 !
-
#18 Posted by Gowcra on 04 Feb 2005 - 12:15
- NO!!!!!!!!!!!!!!!
-
(1 reply)
#19 Posted by scoobydoobie on 04 Feb 2005 - 12:16
QUOTE January 26, 2005 10:58AM
Apple Computer has issued a security patch to correct seven vulnerabilities in the OS X operating system, including flaws in the Safari browser, the Mac Mail e-mail program, the ColorSync system, and other parts of the OS.
QUOTE Linux (news - web sites) vendors have issued advisories and patches this week for a number of different vulnerabilities affecting the Linux operating system.... The patches mend nine security flaws, including issues with iprout2 denial of service, cross-site scripting and an mpg123 play list option buffer overflow.
Golly gee, seems they all have some security holes to patch.......
-
(2 replies)
#20 Posted by shichiroji4 on 04 Feb 2005 - 12:58
- As usual, M$ chalks up lotsa holes. They are supposed to sell us a secure OS and I can't believe there are actually ppl cheering M$ for releasing a fix for something that should never have happened.
Jeez have some authority as a consumer, will ya?
-
#20.1 Posted by epple on 04 Feb 2005 - 17:25
- It's the same with every OS out there.
Jeez get over it, will ya? -
#20.2 Posted by supersaiyanjericho on 04 Feb 2005 - 18:02
- I bet you just love MS not fix anything.
-
#21 Posted by Callisto~ on 04 Feb 2005 - 13:02
- Wow...
One of the funniest flaws I've seen so far is the Wordpad allows hackers to gain control of your computer one.
-
#22 Posted by bucko on 04 Feb 2005 - 13:04
- Will any of these be for Windows 2000 Pro or just XP? I'm not saying witch is best, :p just wondering.
-
(5 replies)
#23 Posted by carl0ski1 on 04 Feb 2005 - 13:18
- i dont understand MS
they release 13 patches at once right?
well they cant possibly finish them all at once
why dont they release them as they are completed
the delay as it stands is forcing upon their customers a widened the window of threat, and risk of exploit.
Are they trying to contribute to these exploit of flaws in their system?
-
#23.1 Posted by kioria on 04 Feb 2005 - 13:33
- May be most of the Windows XP clients are non-frequently-updating users? Not like you? So perhaps its better for millions of newbie-classified users to download and install all at once? Not only that, system administrator governing thousands of computers could do them all at once saving them a bit of time and trouble? You gotta understand that this does more good than bad. Saves a lot of trouble for millions people, better than having YOUR computer secure for a couple more days.
Owned. -
#23.3 Posted by carl0ski1 on 05 Feb 2005 - 10:35
- 23.1 that is the stupidest extremely uneducated guess i have ever heard.
almost everyone with auto matic update enabled is a frequent updater.
also there is noone forcing admins to implement a security patch made available today they can wait till the 8th of February (Tuesday routine Patch day)
23.2 i spose the dependency is the probable reason for MS routine delayed release of patches
-
#23.4 Posted by kioria on 05 Feb 2005 - 14:03
- Perhaps not carloski, I have fixed many computers in Sydney, almost no body utilised the function Automatic updates. And that suspiciously is the most studest extremely uneducated guess? Like less than 20 out of couple of hundred computers I inspected hadn't had a clue of what those bottom-right-hand-side blinking stuff was? Well guessed carloski, Automatic Updates exist, but hasn't been utilised properly.
-
#23.5 Posted by carl0ski1 on 09 Feb 2005 - 12:47
- #1.4 Reply by kioria
I still stand behind the comments that if a patch is developed and testing is finished on a thursday by MS it should be released by Friday and they should
not just decide to release them all on Tuesday the next week.
Symantec can vouch that some malicious programs that Exploit MS flaws (that potentially this patch would prevent) can sweep the internet infiltrating 1000's of PCs within hours.
Admins well like you?? Dont have to install them as they are released on Thursday you can wait till Tuesday.
Any customer with Always on Internet i enable install critical updates Automatically
as some people have a tendency not to be reliable and confident in using the windows update service.
and windows has a tendency to be unsafe.
-
#24 Posted by AminoSC on 04 Feb 2005 - 14:07
- For some ODD reason...patches from Microsoft make me happy. I love to see WU cranking up automatically.
It's FEB, wheres me LH beta 1???
-
(5 replies)
#25 Posted by george616 on 04 Feb 2005 - 14:09
- ARE THIS THE PREP FOR THE MSN 7
-
#25.1 Posted by EduardValencia on 04 Feb 2005 - 14:55
- YES IT IS,BUT PLEASE DON'T WRITE IN CAPS-LOCK
-
#25.3 Posted by bucko on 04 Feb 2005 - 15:21
- Hehe the nudging epidemic is going to happen soon! Think I will stick to trillian ¬_¬
-
#25.4 Posted by boogerjones on 04 Feb 2005 - 16:17
- << removed >>
Personal attack removed
Last edited by 36818 on 04 Feb 2005 - 20:44 -
#25.5 Posted by permissionToExterminate on 04 Feb 2005 - 17:17
-
-
#26 Posted by GRex on 04 Feb 2005 - 16:01
- Yipee! I think.
-
(1 reply)
#27 Posted by rIaHc3 on 04 Feb 2005 - 16:51
QUOTE Other bulletins effect Microsoft SharePoint Service, Microsoft Office & Visual Studio, Microsoft .NET framework, Windows Media Player and the companies IM software; MSN Messenger.
Just to repeat it; finally we'll get MSN Messenger 7
lol god it would be funny if they update 6.x to something else and not release 7 lol
-
(1 reply)
#28 Posted by qwexor on 04 Feb 2005 - 18:16
- Am I the only one that noticed that they used incorrect grammar in their report? "9 of the bulletins will EFFECT Microsoft Windows" Shouldn't that be replaced with "affect" ?
-
(4 replies)
#29 Posted by SimNet on 04 Feb 2005 - 20:26
- Yay, i love installing patches for ****ty ****
Overly-large and inappropriate image removed
Last edited by 36818 on 04 Feb 2005 - 20:45 -
#29.2 Posted by SquareSoft0 on 05 Feb 2005 - 01:30
- He seems trapped outside the "Don't like it -> Don't use it" paradox. Or he's a computer illiterate twit, either way.
-
#29.3 Posted by SimNet on 05 Feb 2005 - 02:46
- Wow, you give a whole new meaning on creating opinions on someone. Retard, It is obviously a joke. I only posted those pics to maybe make someone laugh not to receive bs from some retard like you. If i didnt like it, why the hell would i be using windows?
-
#29.4 Posted by SquareSoft0 on 05 Feb 2005 - 09:52
QUOTE Yay, i love installing patches for ****ty ****
That's why.
-
#30 Posted by SquareSoft0 on 05 Feb 2005 - 09:50
- *Messed up *
-
#31 Posted by JakeM741 on 05 Feb 2005 - 17:08
- does this mean MSN 7.0 will come out!?
-
(1 reply)
#32 Posted by s.a.m. on 05 Feb 2005 - 22:39
- Where does it say ALL 9 are critical. That's not what the advanced notice says.
-
#32.1 Posted by SquareSoft0 on 05 Feb 2005 - 23:47
- I know, but they have to please the "M$" trolls. Apparently "The greatest aggregate, maximum severity rating" translates to "ALL security ratings are TEH MAXORR!!!!11"
-
#33 Posted by Hekx on 06 Feb 2005 - 00:23
- I hope Automatic Updates does its business, it has been awfully quiet for a while.
I guess it is a matter of who gets to it first.
-
(1 reply)
#34 Posted by Amsterdam on 06 Feb 2005 - 05:08
- Get a Mac and dont have 13 patches in one week
-
#34.1 Posted by SquareSoft0 on 06 Feb 2005 - 08:29
- ^^^
Therefore it's a better product </sarcasm>
-
#35 Posted by cork1958 on 08 Feb 2005 - 12:05
- So, where are all the updates/patches at today then?
The updates range from moderate to critical. 9 of the bulletins will affect Microsoft Windows and all 9 are critical. Other bulletins affect Microsoft SharePoint Service, Microsoft Office & Visual Studio, Microsoft .NET framework, Windows Media Player and the companies IM software; MSN Messenger.
The patches will be available on February 8 via the Microsoft Security website or WindowsUpdate. 13 patches in one month is among the biggest ever released.
Unlike the Japanese launch, which offered a base PSP package for approximately $185 USD, North American buyers will only be able to get one bundle, the pricier PSP Value Pack. The good news is that the Pack comes standard with a good number of extras that help make the purchase worthwhile, including a 32MB Memory Stick Duo, headphones with remote control, battery pack, AC adaptor, soft case, and cleaning cloth. In addition, the bundle boasts a movie/music/game sampler UMD disc with non-interactive demos. On top of everything else, the first one million people to purchase a PSP in the US will receive a bonus UMD featuring the full feature film Spider-Man 2.
"PSP will evolve and elevate portable entertainment, giving users the freedom to play full 3D games, watch movies, listen to music and connect wirelessly on their terms, their time and their place," said Kaz Hirai, president and chief executive officer, Sony Computer Entertainment America. "More than ever, today's consumer demands access to entertainment outside the home without compromising quality. With more than 100 PSP game titles currently in development worldwide, and the ability to download and listen to digital music and view feature films with breathtaking screen quality, PSP lets users control their entertainment options, all in one package."
A preliminary list of launch titles to be released simultaneously with the handheld is available at the source webpage.