Microsoft is planning to deliver seven bulletins next week in its scheduled monthly update. The company has posted its advance notification for the upcoming Patch Tuesday security release, which it said will consist of two critical bulletins and five others rated as important. According to Microsoft, the critical bulletins …

COMMENTS

House rules Send corrections

This topic is closed for new posts.

Friday 6th June 2014 01:06 GMT Androgynous Crackwhore

Nothing to see here...

Wasn't this supposed to be the point of propitiatory software? That if you pay boatloads of money for something it shouldn't be riddled with gaping failures, and, that as no miscreant is allowed to see the code, there can't even be vulnerabilities anyway.

Wee dяam of яhetoric яeveяsal foя a change.

5 9
1. Friday 6th June 2014 07:02 GMT Anonymous Coward
  
  Re: Nothing to see here...
  
  I would have thought the point of propitiatory software would be to automate appeasement offerings to a deity on your behalf. As for the rest of us, what there is to see here is a list we can check to see if we've patches to push out for this proprietary software. Because that's what the notification is for.
  
  3 0
2. Friday 6th June 2014 08:13 GMT SF
  
  Re: Nothing to see here...
  
  Praise the Lord, Hallelujah! Repent, for the time is near..
  
  :] Keep the peace!
  
  Best regards,
  
  Ballmer S.
  
  0 0
3. Friday 6th June 2014 17:36 GMT TheVogon
  
  Re: Nothing to see here...
  
  "it shouldn't be riddled with gaping failures"
  
  Current versions of Windows have fewer security holes that are on average fixed faster than mainstream competitors like OS-X, SUSE or Red Hat - so they are not doing so badly!
  
  0 5
  1. Saturday 7th June 2014 02:23 GMT eulampios
    
    Re: Nothing to see here...
    
    Current versions of Windows have fewer security holes that are on average fixed faster than mainstream competitors like OS-X, SUSE or Red Ha
    
    It also have MUCH less software to fix. Come on, MS don't even maintain a pdf viewer of their own, the mentioned competitors have a few dozen or so...
    
    0 0
Friday 6th June 2014 06:01 GMT Byham

You are dreaming if you believe that any large body of code can be 'devoid of' bugs. That applies to all software public domain or not. Perhaps you have forgotten heartbleed already?

6 1
Friday 6th June 2014 07:36 GMT Hans 1

How many reboots are required ? I am bloody sure even if you just install the ie or office patch you will need to reboot. How does the monthly windows patch deployment affect your server uptime ?

Then again, window cleaners, aka microsoft certifiied sufarce experts, do not really have a choice, do they ...

4 6
1. Friday 6th June 2014 12:33 GMT Anonymous Coward
  
  Patch managements and updates have to be factored into uptime. Or are you one of those who still put their server uptime in their signature? I prefer a three minute reboot each month than an unsecure server... and if you have a cluster configuration users are not interrupted while a node reboots. For the matter when you patch most server applications you need to shutdown and restart them anyway.
  
  Anyway IE patches usually require a reboot, Office don't - unless your'se so stupid to keep Office open while updating it - but are you using Office on a server?
  
  0 1
  1. Friday 6th June 2014 17:39 GMT TheVogon
    
    "Patch managements and updates have to be factored into uptime."
    
    Not normally - Uptime measurements usually exclude planned outages.
    
    0 1
  2. Saturday 7th June 2014 02:31 GMT eulampios
    
    @LDS
    
    Anyway IE patches usually require a reboot
    
    Explain me please, why does it have to? Firefox, Chrome(ium) or any other browser would never do, moreover, on most competitors OS' very rarely do require reboots with very few exceptions.
    
    Office don't - unless your'se so stupid to keep Office open while updating it - but are you using Office on a server?
    
    Explain me this magic again please, can't you just restart the application without restarting everything? And btw, I heard of some very smart MS HPC systems doing all number-crunching in ... MS Excel of course :)
    
    0 0
2. Friday 6th June 2014 17:54 GMT Anonymous Coward
  
  Duh. One reboot. What moron would install each update separately?
  
  Companies decide if the updates are worth patching immediately or wait. Most have a maintenance window [where rebooting the server can be done].
  
  0 0
Friday 6th June 2014 08:05 GMT Gray

After all this time ...

... if they cannot fix that malware swamp called Windows OS (how many years do these security gaps exist before patches arrive?) then rational thought might demand that they back away from Windows 8/8.1 ... fall back to restore Windows 7 ... and concentrate on FIXING what they inflicted on their paying market! Perhaps after another few years, Redmond could focus on something for the fondle-slab market.

2 9
1. Friday 6th June 2014 08:10 GMT Anonymous Coward
  
  Re: After all this time ...
  
  How long has Linux been around...is it bug free?
  
  Thought not....
  
  7 2
  1. Friday 6th June 2014 11:05 GMT dogged
    
    Re: After all this time ...
    
    > How long has Linux been around...is it bug free?
    
    It's worse than that, Jim...
    
    This is Windows and Office so for a valid comparison you need to be looking at linux-distro-of-choice plus office-productivity-suite-of-choice which, for the record, had better include translators, a macro language, a database (this can suck, don't panic), a note-taking tool, a best-of-breed spreadsheet, a word processor, a desktop publisher, and HTML editor, an equation editor, a graph maker, billions of templates, a presentation application that everyone hates (this should be easy because all presentation software is hateful), hundreds of thousands of file converters, a form maker and fuckload of crap nobody understands.
    
    If your office suite of choice does not include all these, feel free to supplement it with other utilities.
    
    And then add up the bugs. How many will you find, I wonder?
    
    2 0
    1. Friday 6th June 2014 17:41 GMT TheVogon
      
      Re: After all this time ...
      
      "And then add up the bugs. How many will you find, I wonder?"
      
      Jeff Jones did a number of those comparisons. On a feature matched Linux distribution compared to Windows - Windows has a lower vulnerability count and a faster average fix time (less days at risk).
      
      2 2
      1. Sunday 8th June 2014 16:03 GMT Anonymous Coward
        
        Re: After all this time ...
        
        "Jeff Jones did a number of those comparisons. On a feature matched Linux distribution compared to Windows - Windows has a lower vulnerability count and a faster average fix time (less days at risk)."
        
        FFS, not this again.
        
        With friends like you TheVogon, Microsoft OS security needs no enemies in terms of reputation.
        
        You're under the perpetual illusion that the number of patches issued for an Operating System in some ways represents its relative level of actual security, and you continually pepper Windows and Open Source-related threads with ra-ra cheerleading posts about how much more secure Windows is as a platform, despite routinely failing to even comprehend, or read your own cited stats, or the small print that comes with them.
        
        Stuff that matters as much or more:
        Defence in Depth - comprehensive firewall, antivirus, and perhaps network quarantine policies, and the appropriate use of encryption.
        
        User training with regard to awareness of online threats and social engineering, and password selection
        
        Platform popularity and subsequent likelihood of selection as a target.
        
        Management of the balance between security and usability.
        
        Physical security (an issue far more often than some might imagine)
        
        I'm sure Reg readers can think of many other factors, but there's a starting point.
        
        Windows as a platform has come a long long way since the start of the millennium, but that in itself is (ironically) a sizable weakness. The sheer ubiquity of the OS, combined with the average training level of individual consumer and business users means that it will remain the most obvious target in the desktop and server space for the foreseeable future, to the extent that most Linux system compromises have the intent of providing a launchpad for Windows malware. In some respects this enormous volume of relatively ignorant and naive users is reflected in the phone market in terms of users of Android - secure enough with training, vulnerable by the sheer relative volume of users who barely comprehend the nature of the device they carry around with them.
        
        The takeaway: Planned and deployed correctly, administered and maintained correctly, Windows can be every bit as secure as OS X or Linux. In practice, the status of Windows will forever be that of primary target, because whether pirated or purchased Windows remains the OS that gets installed on Joe Public's PC. And while there's money to be made, Windows will be the target.
        
        0 0
    2. Friday 6th June 2014 18:19 GMT channel extended
      
      Re: After all this time ...
      
      And a ton of fluff that does nothing but slow me down or consume screen space with useless bling.
      
      0 1
  2. Friday 6th June 2014 13:00 GMT Julian Taylor
    
    Re: After all this time ...
    
    Well most Linux distros are free of charge so users can't really complain. But tell me, how long has Windows been around and has it ever been free of anything excepting credibility?
    
    Please do use small words .. I'm a Mint user so I don't really understand long phrases like "have you tried restarting your computer?".
    
    3 2
    1. Monday 9th June 2014 13:39 GMT dogged
      
      Re: After all this time ...
      
      > I'm a Mint user
      
      Really? You appear to have acquired a level of smuggery more commonly associated Mac cultists.
      
      0 0
2. Friday 6th June 2014 08:52 GMT Anonymous Coward
  
  Re: After all this time ...
  
  You assume that they know what is wrong in Windows and they don't want to fix it. While there is a remote possibility that this is true, it is much more likely that they don't know about these flaws.
  
  I can think of a million of different black helicopter theories to support the opposite view, but don't forget the "don't blame to malice what can be adequately explained by incompetence" motto. It is likely the case with Windows: it is a huge code base and they simply don't know where the vulnerabilities are.
  
  7 0
3. Friday 6th June 2014 17:57 GMT Anonymous Coward
  
  Re: After all this time ...
  
  Stop making us laugh. You think whatever OS you are using is better?
  
  Linux? How was the OpenSSL affecting you?
  
  OS X? Did they finally fix that java bug that was left unfixes for over 18 months?
  
  If you are telling me your OS gets no security updates then you must be running DOS 6.22.
  
  2 1
Friday 6th June 2014 08:35 GMT jason 7

I fired up my copy of Fedora yesterday.

That required 30 updates and a reboot.

After that it said there were 20 more...and another reboot.

How does anyone get any work done? Sheesh.

3 4
1. Friday 6th June 2014 11:27 GMT Hans 1
  
  Re: I fired up my copy of Fedora yesterday.
  
  Hm, trolling? Did you sed 's/Windows/Fedora/g' ? Was it bleeding edge or stable ?
  
  Why did it want to reboot twice and why did it not get all the packages in one go ? Something is fishy, there ... not seen anything like that, ever, in 15 years, on Slackware, Debian, Ubuntu, or Suse, but then again, YMMV. Note that I have even used bleeding edge versions on my production workstation but I tend to prefer stable ones now; too old for eye candy or new^H^H^Hbroken desktop environments.
  
  DISCLAIMER: I have never used Fedora
  
  4 4
2. Saturday 7th June 2014 02:45 GMT eulampios
  
  Re: I fired up my copy of Fedora yesterday.
  
  Shame on you, Jason. You forgot to use yum or the Update manager correctly, ie., you have to refresh it first and find all the latest updates or run the "yum update" command again.
  
  Anyways, on a Debian like system it's either refreshing the list of available updates (alternatively, if you're lazy, waiting some specified time) or running "apt-get update&&apt-get upgrade" command. Unlike on MS Windows, the upgrade is never incremental and always offers you the latest versions and all the available upgrades at the moment.
  
  0 1
Friday 6th June 2014 11:55 GMT present_arms

The only time you should reboot a Linux box is after a kernel update, there is no reason what so ever for there to be a reboot otherwise, or even close the programs you are using while updating. Some Distros however do ask the user to reboot if a propietry video driver has been updated, the isn't an necessity however but it is easier for the not so tech savvy from dropping to a command shell and using rmmod and modprobe after the update and restarting X. (I am aware that you can boot one kernel from another without rebooting the whole machine, but i don't know of a lot of cases where this is done outside of a server room) so i do find it suspect that Fedora would have needed 2 reboots after an update.

2 1
1. Friday 6th June 2014 12:14 GMT jason 7
  
  I wouldn't class having to reboot...
  
  ..it twice a major cause for concern. Its just rebooting.
  
  I booted it up, said it had X number of updates. I updated. It asked to reboot.
  
  I then rebooted and then it said there were some more available if I wanted them. So I did.
  
  No biggie. It hadn't been used for a month.
  
  I think the point is that its bizarre one OS gets crticised for updates...when they ALL get updates.
  
  Shrugs.
  
  1 2
  1. Friday 6th June 2014 12:23 GMT present_arms
    
    Re: I wouldn't class having to reboot...
    
    The thing that gets me about Windows (I do have 7 installed) is that you have to reboot after IE gets updated, i mean wtf. I understand that IE is tied to the OS but dayums, this includes having to reboot for office, also wtf. then you get to the reboot it shuts down and it updates what it can, then you have to wait on the boot process to update what it couldn't during the shutdown sequence. although compared to XP it got better with the number of reboots needed for an update cycle. This is why my linux machine has an uptime so far of 8 Months and my windows box seems to be rebooted monthly,
    
    0 0
  2. Saturday 7th June 2014 02:54 GMT eulampios
    
    Re: I wouldn't class having to reboot...
    
    I booted it up, said it had X number of updates. I updated. It asked to reboot.
    
    Next time you need to update the information what needs to be updated, since it would not check if the list of updates is up-to-date by default, otherwise, wait for some time or force the update manager to check for the latest updates.
    
    0 0
2. Friday 6th June 2014 12:49 GMT Anonymous Coward
  
  Think that Windows 7 and later doesn't require a reboot if you update the video driver... anyway even under Linux a lot of applications are restarted after an update. Sure, Windows is more restrictive in overwriting an open file, and that's what leads to reboots.
  
  1 1
  1. Friday 6th June 2014 15:49 GMT present_arms
    
    I agree, if a service has been updated in Linux (cups for instance) then that service is restarted, I was thinking more of userland apps,, say firefox, i can be typing this now as apt-get purges firefox from the filesystem and still be able to use firefox until i close it. Don't get me wrong Windows does do some things nice, updating isn't one of them.
    
    2 0
Monday 9th June 2014 07:55 GMT Bladeforce

Why is it...

GNU pacthes BEFORE it is in the media yet Microsoft merrily plod away and wait until the last minute...

Microsoft employee, "We need to get these pacthes out ASAP"

Microsoft manager, "Noooo we cant disrupt our antiquated patch model"

Microsoft employee, "But, but its so 10 years ago this model"

Microsoft manager, "Look, our high management are so antiquated they dont want to change"

Microsoft employee, "Why dont they want to change?"

Microsoft manager, "Look do as we say or you'll be on your arse and we'll replace you with cheap labor from the far east"

Microsoft Employee, "Thats against my rights as an American citizen!"

Microsoft manager, "hahahaha you have no right as a windows user/designer, we sold those rights to the NSA years ago"

Microsoft employee, "Fuck that, America is as bad a Chine or Russia, I'm off"

1 1