Forgot your password?
typodupeerror
Windows Operating Systems Software IT

Microsoft to Release 7 Patches Next Week 110

Posted by Zonk
from the that's-quite-a-lot-of-patching dept.
craters writes "Microsoft plans to release 7 patches next week for Windows and Office. From the article: 'In the monthly pre-patch notification it sends out five days prior to unveiling fixes, Microsoft said that at least two of the seven will be rated Critical, which by the company's definition means that the vulnerability can be remotely exploited.'"
This discussion has been archived. No new comments can be posted.

Microsoft to Release 7 Patches Next Week

Comments Filter:
  • by mporcheron (897755) on Friday February 10, 2006 @03:44PM (#14689560)
    It appears there is a conflict at Redmond.  In one case they are fixing a bug which has yet to be discovered, in another they are fixing a bug which has existed for around nine months.

    It's about time they came up with a proper strategy other than randomly fixing the bugs they want to fix.

    Martin
    • A   L A T E   F I X   I S   F I N E   T O O
      • A L A T E F I X I S F I N E T O O

        Well, it's better than no fix or for that matter, a poke in the eye with a sharp stick. But it doesn't exactly give you the warm fuzzies to know that Windows is vulnerable to a remote exploit a significant amount of the time - keep an eye on Eeye's upcoming advisories [eeye.com]. There seems to have been at least one remote exploit on this list most times I've looked at it over the last couple of years. That's one of the reasons Windows isn't safe without a properly config

    • by flooey (695860) on Friday February 10, 2006 @03:58PM (#14689661)
      It appears there is a conflict at Redmond. In one case they are fixing a bug which has yet to be discovered, in another they are fixing a bug which has existed for around nine months.

      It's about time they came up with a proper strategy other than randomly fixing the bugs they want to fix.
      It looks unusual from the outside, but it doesn't necessarily mean that they don't have a proper strategy. Some bugs are easy to fix, some are difficult. Some are more important, some are less important. Some are likely to cause software to stop working, some aren't. Since there's no way to know just what was involved in each bug at this point (and we'll probably never know what the source looks like as it relates to the bugs), just because it looks funny doesn't mean they're not prioritizing properly.
    • Assuming that M$ actually cares (yes, possibly an exaguration) I will assume that they are fixing the bugs as they are able to and get the fixes tested. It may have taken 9 months to fix the one mentioned so that, based on their tests, the fix does not crash the system. I realize the M$ bashing is fun (and I participate often myself) but I think that this issue is pretty clear.
    • Um, it's quite simple, mayhap some bugs are very easy to fix, to regression test, to ensure nothing else breaks with the patch, or possibly lies on a well known area within the OS or a smaller module. Maybe another that takes a while longer to fix is much harder to pin down and properly resolve.

      One would think most people would understand common stuff like this.
    • In one case they are fixing a bug which has yet to be discovered

      I'd love to be using whatever magic powers that allow them to do that.
    • It appears there is a conflict at Redmond. In one case they are fixing a bug which has yet to be discovered, in another they are fixing a bug which has existed for around nine months.

      It's about time they came up with a proper strategy other than randomly fixing the bugs they want to fix.


      It appears there is a conflict in the Linux community. In one case they are developing features which no one else has done, in another they are developing features that have existed in other OSes for years.

      Linux really nee
    • ... a bug which has yet to be discovered

      How do you know that?

  • by 0110011001110101 (881374) on Friday February 10, 2006 @03:44PM (#14689561) Journal
    FTFA - Microsoft will also issue one non-security, high-priority update to Windows, and will update the Windows Malicious Software Removal Tool to, at the least, account for the parasitic Kama Sutra/MyWife/Nyxem worm that caused a stir last week.

    Ohhhh man... it figures.. right when I had my spyware pickup line down to a science...

    Example:

    Me: Well maam, I can fix the problem.
    Hot Housewife: Great! Whats it going to take?
    Me: Well I've been reading some websites on good ways to deal with myWife.
    Hot Housewife: mmmmHmmmm
    Me: ANd then we'll look and see if I can find my article on Kama Sutra, and get to work.
    Hot Housewife: Screw the article.. why don't you just start checking out my ports now!

    Please delay this patch for a couple more weeks, until my viagra laden penis enlargment pills and kingly inheritance arrive from my new friends in Nigeria, thus negating my need for cheesy spyware pickup line attempts.

  • timing? (Score:5, Funny)

    by mctsonic (231767) on Friday February 10, 2006 @03:51PM (#14689618)
    Happy VD from Microsoft!
  • by bogaboga (793279) on Friday February 10, 2006 @03:56PM (#14689650)
    I hope it's not business as usual; in other wards, small sized patches.

    Why?

    Because on my Windows 2000 system, the size of the patches 33 in number so far, is bigger than the OS itself! And some quaters say 33 is pretty conservative because M$ puts more than one patch in the so called "hot fix" as seen in the Control Panel. I am already afraid, not to mention a patch that might break other software!

    • by MSFanBoi2 (930319) on Friday February 10, 2006 @04:30PM (#14689864)
      I just checked, you are not correct.

      There have been 27 critical and high level patches released for Windows 2000, since SP4 was released. Which are a total of just over 31 MB in size.

      SP4 itself is 132 MB.

      The Windows 2000 Server base install is just over 1.3 GB with most of the standard features.

      132+31=163, which is far FAR short of 1.3 GB.

      FUD possibly?
      • I beg to disagree.

        Save for Media Player, Firefox and M$ Office2000, I installed nothing else. I have watched my free hardidsk size reduce every time a patch is installed. I guess some of the hotfixes belong to those other pieces of software on my machine.

        • Possibly you have system restore turned on? The previous poster is correct about the size of the hotfixes. Since Windows 2000 came out I have never seen a Windows hotfix break a piece of software. Yes I have heard of Service Packs breaking things if you're stupid enough to be an early adopter, but have never seen a hotfix break anything.
          • Hot fixes do cause issues, but it's very very rare. In all I have seen maybe a handful of computers, (three that I can remember off the top of my head) that reacted negatively to a Microsoft hot fix since Windows 2000 was released.
        • So you upgraded to MediaPlayer 9 (10 isn't available for 2000) which is 13.2 MB.
          Microsoft Office 2000 Service Patches and hotfixes is only 62 MB which includes the latest SP.

          Firefox is tiny.

          So even adding in these comes to another 75 MB. Plus the previous 168 MB or so, is still quite a bit less than even 1/4 of a Windows 2000 install.

        • I have watched my free hardidsk size reduce every time a patch is installed.

          That's because all those hotfixes save backups of the files they replace, so they can be uninstalled.

      • by Anonymous Coward
        Hi all,

        I just re-installed Win2K SP4 + security rollup1 in mid-January with no applications. I happen to have saved a list of the 29 patches that Windows update then wanted me to install:

        MS03-008
        MS03-011
        MS04-028
        MS05-025
        MS05-026
        MS05-027
        MS05-030
        MS05-032
        MS05-036
        MS05-037
        MS05-038
        MS05-039
        MS05-040
        MS05-042
        MS05-043
        MS05-044
        MS05-045
        MS05-046
        MS05-047
        MS05-048
        MS05-049
        MS05-050
        MS05-051
        MS05-052
        MS05-053
        MS05-054
        MS05-055
        MS06-001
        MS06-002

        You're probably wondering about MS03-008 and MS03-011. Service Pack 4 didn't include updates
      • by Anonymous Coward
        Please, spreading FUD about Microsoft is like setting off a stink bomb in a landfill.
      • Hah, 1.3 gigs. My fresh, default Windows 2000 load comes in at 450 megs. That's Professional, not server.
      • Just as an aside in your 2k calculations does that include swapfile? I can easily run an install of 2k (fresh with no temp files,inet files, etc) 800MB
  • Anyone know when the date is when MS will stop making security patches for Windows 2000?

    I've been avoiding getting newer versions of Windows with any of my new machines I've gotten or made for quite a few years now, and have no plans on ever using Windows XP on my home systems. Will I have to look to third parties for future flaws found in the various Windows 2000 bugs that will be discovered?

    • Yes, you can find them at http://www.linux.org./ [www.linux.org]

      Seriously though, what's your objection to Windows XP? I mean, it uses a little more memory, but not much... And it has cleartype! I have a stinkpad with 128MB and I'm dying to upgrade the memory so I can run XP just to get that.

      • Maybe XP has nothing he wants enough to purchase an upgrade or a new PC. Like many users, I have window themes and cleartype turned off in XP. I can't stand the softness of cleartype. With those disabled it looks and works like 2000 (mine looks more like '95), but a little heavier, with the need to reactivate if I make any substantial hardware replacements. XP is like a Windows 2000 PlaySkool edition.
        • Most of us are using a corporate version of Windows XP. Even if you have a license for XP Pro (I do) there are reasons to use the corporate version of pro, namely the lack of activation. And you definitely don't need a new PC. Anything that Win2k will run on, XP will run on, with the exception that you might need more memory.
      • Re:Windows 2000? (Score:3, Insightful)

        by Phillup (317168)
        Seriously though, what's your objection to Windows XP?

        I don't know about the original poster... but I like to know that 10 years from now I can install the OS and use it in whatever emulater I'm using at that time. (Right now it is VMWare)

        Product activation is a HUGE objection for me. (and not just for some time in the future...)

        After paying for an OS I really don't think it is anyone's business how many times I reinstall it, as long as I'm not using it on more systems than licensed for.

        And I sure as hell a
    • Re:Windows 2000? (Score:5, Informative)

      by MadTinfoilHatter (940931) on Friday February 10, 2006 @04:15PM (#14689747)

      Anyone know when the date is when MS will stop making security patches for Windows 2000?

      Windows 2000 will be supported for 5 + 5 years since it's an enterprise product. Home level products are supported for 5 + 0 years (except XP Home which got two years more to live.) See http://support.microsoft.com/gp/lifepolicy [microsoft.com] for details.

    • Re:Windows 2000? (Score:3, Informative)

      by jproudfo (311134)
      Security updates will be available until Windows 2000 leaves the Extended Support phase of the Microsoft Support Lifecycle. According to http://support.microsoft.com/lifecycle/search/?sor t=PN&alpha=windows+2000 [microsoft.com], that's in 2010.
    • Anyone know when the date is when MS will stop making security patches for Windows 2000?

      I think it's onto extended support now, which means it will get security fixes for another four and a half years or so.

  • by Anonymous Coward
    There's no cause to panic yet, because this doesn't _necessarily mean a worm can happen (ie, doesnt breach the SP2 firewall, or work in outlook, or IM, or get past HTML filtering in most web email providers). Based on the past, more likely is that they are talking about an IE only exploit. If the remote exploit is just in IE that it means is that if you visit a malicious website .. they can infect your computer. Yes, a danger .. but if you are paranoid and only go to selected websites .. you're reasonably s
  • by Dekortage (697532) on Friday February 10, 2006 @04:09PM (#14689716) Homepage

    Microsoft warned users...

    I don't use Windows systems often, but most of my colleagues and friends do. How exactly has Microsoft warned its users? Pop-up windows? Ads in the local paper? Public service announcements on cable television? Are the requirements for Microsoft repairing computer-disabling software bugs the same as, say, General Motor's obligations for repairing automobile-disabling engineering mistakes (e.g. recalls)?

    • by flooey (695860)
      Are the requirements for Microsoft repairing computer-disabling software bugs the same as, say, General Motor's obligations for repairing automobile-disabling engineering mistakes (e.g. recalls)?
      No, they're not. Between current software liability law (or rather, the lack thereof) and EULAs, Microsoft doesn't have any legal obligation to fix anything, let alone let you know that a fix might be available.
      • Between current software liability law (or rather, the lack thereof) and EULAs, Microsoft doesn't have any legal obligation to fix anything, let alone let you know that a fix might be available.

        I'm not aware of a single software producer of any kind that admits liability for anything, other than by specially arranged contract. Even the GPL has the "no warranty" clause.
    • by Anonymous Coward


      How exactly has Microsoft warned its users? Pop-up windows?

      Security mailing list for admins. Windows Auotmatic Update for users (you can set it to notify you, notify and download, or notify, download and install).

      Say what will you will about MS, but the Windows Update thingy is about as stupid-proof as it could be. Anyone getting rooted because they didn't have an available patch I have no sympathy for. I use SUSE at work and the susewatcher is more like the "Custom" update feature, which I assume most /. W
  • Among those patches (Score:3, Interesting)

    by dtfinch (661405) * on Friday February 10, 2006 @04:10PM (#14689719) Journal
    is the Kama Sutra remover that's no longer of any use now that they've waited so long to release it. Now they're just kicking those 3 infected users while their down. They're basically saying "Now that it's deleted all your documents, here's that removal tool we decided not to release a couple weeks ago, so you wouldn't be bothered with an unscheduled patch release."
  • So what? (Score:4, Insightful)

    by MSFanBoi2 (930319) on Friday February 10, 2006 @04:22PM (#14689795)
    I don't see what the big deal is, both Linux and MacOS get patched. Some more often than others...
    • True but the effect of the patches will be on a far great audience suceptable to certain nasty flaws/worms/corrupt media files etc. I'm not saying that Linux/Mac patches aren't important, but the scale to which MS patches effect hundreds of 1000's corporate and home users is a big deal. I personally feel this should be broadcasted with hopes of creating better awareness for patching any OS being used at home/work.
  • so all of the linux/OSX fanboys and start flaming Microsoft yet again. Sure, they have vulnerabilities in their product, so does everyone else. If anything, being the security professional that I am, Microsoft has made me MONEY over the last few years. BTW, I use linux ALL of the time.
  • I'm not saying this isn't good news, but it's not very big news, is it?
    I mean, do we need a frontpage story just because MS releases a patch? Don't they do it more or less regularly?

    And besides, why should we care since all of us here use either Linux or BSD?
  • by devinoni (13244) on Friday February 10, 2006 @05:04PM (#14690171)
    Maybe Microsoft will release updated virus definitions once a month too.
  • Let's see, there's one patch for gluttony, because the Windows software is bloated.

    There's another patch for lust, so Google Desktop won't track your pr0n habits.

    There's supposedly a patch for sloth, but I'm too lazy to see what it does.

    There's a patch for wrath, you son-of-a-bitch!

    There's a patch for envy, it will nullify Firefox.

    There's a patch for pride and that just leaves one patch for greed, but Micro$oft will fix that sooner or later.

  • Looks like Microsoft is trying to patch there image.
  • The posts start out provocatively talking about "hot fixes", "KamaSutra", "fingering", "port scanning"... But I get worried when the conversation moves to "virii" and "worms".
  • Oh Great (Score:4, Funny)

    by aquatone282 (905179) on Friday February 10, 2006 @05:49PM (#14690530)
    7 reboots.
  • Is one of the patches for the Access lawsuit which requires you to patch office xp? To bad SCO doesn't sell indemnity insurance for Microsoft products, they're barking up the wrong tree with Linux.
  • Translation: Until next week, if you run Windows there are at least seven ways to pwn you.
  • CooL...I have automatic updates. Nothing here to see.
  • I'm in the middle of downloading about two dozen patches for Suse 10.0

    At least they're issuing patches

1 Mole = 25 Cagey Bees

Working...