Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Windows Operating Systems Software Security

Microsoft Takes a 'Patch Tuesday' Break 151

Phill0 submitted a ZD story about Microsoft's week off which says "Microsoft has no new security updates planned for Tuesday, despite at least five zero-day vulnerabilities that are waiting to be fixed. The patch break could be a welcome respite for IT managers still busy testing the dozen fixes Microsoft released last month. Also, many IT pros may be occupied with the switch to daylight saving time, which at the behest of Congress, is happening three weeks earlier this year. "
This discussion has been archived. No new comments can be posted.

Microsoft Takes a 'Patch Tuesday' Break

Comments Filter:
  • Yeah, we're all tired this month. Zero-day, shmero day.
    • Re: (Score:1, Interesting)

      Yeah, I mean, screw it. Who cares about security vulnerabilities, viruses and spyware? If we did, none of us would be using Windows, that's for sure... ;)
      • Actually that caught my eye too: "at least five zero-day vulnerabilities are waiting to be fixed." It's the number of unpatched vulnerabilities that matters, not the number that were discovered by black hats before white hats. In any case, I'm not even sure it makes sense to say "this is a 0-day exploit" if it's something that was discovered a month ago (regardless of who discovered it first).
        • Re:Zero Day (Score:4, Insightful)

          by operagost ( 62405 ) on Friday March 09, 2007 @09:25AM (#18288330) Homepage Journal
          "Zero-day vulnerability" is totally meaningless. Even the proper "zero-day exploit" makes no sense after zero-day. Totally useless garbage speak, just the marketroids and talking heads who make up words like "factoid" because somehow the word "fact" is not descriptive enough.
          • Re:Zero Day (Score:4, Informative)

            by wordsnyc ( 956034 ) on Friday March 09, 2007 @10:33AM (#18289034) Homepage
            http://www.word-detective.com/101800.html#factoid [word-detective.com]

            Blame it on CNN -- they started the whole ruckus by taking a perfectly good word and twisting it.

            "Factoid" is one of those rare words that were undeniably invented by an identifiable individual, in this case Norman Mailer, in his book "Marilyn," published in 1973. The Oxford Dictionary of New Words defines "factoid" thus: "A spurious or questionable fact; especially something that is supposed to be true because it has been reported (and often repeated) in the media, but is actually based on speculation or even fabrication." Norman Mailer himself defined "factoids" as "facts which have no existence before appearing in a magazine or newspaper, creations which are not so much lies as a product to manipulate emotion in the Silent Majority."

            Mailer invented the word by combining "fact" with "oid," a scientific suffix meaning "resembling or having the form of, but not identical to." Needless to say, "factoids" in Mailer's sense are the antithesis of serious reporting, and to accuse a journalist of trafficking in "factoids" was a grave insult, at least until CNN came along.
            • by jadenyk ( 764614 )
              Windows-Securityoid?
            • Someone should have told Norman about these words: rumor and lie.
              • Someone should have told Norman about these words: rumor and lie.


                Norman Mailer was not exactly unskilled in the use of language; a "factoid" might be either a rumor or a lie, but is distinguished from either in the perception of authority and the mechanism by which that perceived authority is attained. The terms overlap, but are usefully distinct.

    • by ack154 ( 591432 )
      Ya... who needs to patch holes in Windows when people might run their own code on a 360! Oh the humanity!
    • Zero Time (Score:1, Troll)

      by twitter ( 104583 )

      Ah, the sad life of a Windoze admin. So busy testing endless and useless security patches that they never have time to look at anything else. It's almost like M$ planned it that way.

      • That's the life of a very bad admin. A good admin doesn't need to do any of that because the patches worked without a hitch.
        • A good admin doesn't need to do any of that because the patches worked without a hitch.

          Tell me what a good admin can do to make sure M$ does not break someone else's program. Even if M$ were not malicious, they can't know what other non free companies have done on any given computer and will break things with changes.

          A good admin will also keep up with the ever changing tools M$ and others throw out, and this causes even more wasted time. I've seen ambitious young admins spending months of weekends r

          • A good admin will also keep up with the ever changing tools M$ and others throw out, and this causes even more wasted time. I've seen ambitious young admins spending months of weekends reading four inch thick books on things like Visual Studio, knowing .NET is just around the two year away corner.

            That's like saying that keeping up with the different releases of apache (first 1.x, then 2.x) is a waste of time, so we should all just lag behind in terms of technology. Apache 2 was just the natural evoluti
      • This is opposed to the heart-stoppingly exciting life of posting anti-MS FUD on a Linux news site?

        I think I'd rather take the 'endless' patching.
      • Ah, the sad life of a Windoze admin. So busy testing endless and useless security patches

        Frankly if any large corporation (or "big dumb company" in twitterspeak) didn't test patches before rolling them out onto production machines, patches to anything on any system, then they would be utterly moronic.

        Helpful reminder: Linux software has patches and security updates too. Those patches and security updates need to be tested to make sure they don't break anything like any other. It really shows you've never do
        • One of my biggest fans misses the point again:

          It really shows you've never done any systems administration or anything, considering you seem to think testing is "useless". Do you seriously think F/OSS is completely perfect and magically heals itself if things go wrong?

          The testing, of course, is required. It's the patch that's useless. It should be obvious by now that patching will never fix Windows security problems. The whole exercise is a waste of time and that may be intentional.

          There's no magi

          • Re: (Score:3, Insightful)

            by jb.hl.com ( 782137 )
            The testing, of course, is required. It's the patch that's useless. It should be obvious by now that patching will never fix Windows security problems. The whole exercise is a waste of time and that may be intentional.

            Patching will never fix *any* security problems in *any* system on desktop use. Most, if not all software, has vulnerabilities of some kind. You can't just dismiss Windows because it has holes in it, when there are holes in open source software as well.

    • Re:Zero Day (Score:5, Informative)

      by SilentChris ( 452960 ) on Friday March 09, 2007 @09:24AM (#18288320) Homepage
      You obviously don't work in an enterprise.

      These last 2 weeks have been crazy. Monstrous. Patches for Windows, patches for Exchange, patches for Outlook, patches for Java, patches for Oracle, patches for Act, patches for Blackberries, patches for Treos, patches for that weird-ass cell the COO uses and no one else does. Patches to replace patches. Patches to undo the damage other patches have made. I firmly place blame on the software companies for waiting this long to sort things out, but this says it all: http://support.microsoft.com/kb/914387 [microsoft.com] NINETEEN REVISIONS. That's the most for an MS KB article ever.

      Yes, there are zero-day vulnerabilities out there. However, considering the potential trainwreck that's going to happen Monday, no admin in their right mind would install new patches on Tuesday. No admin worth their salt would do so anyway: usually you wait a few days for the early adopters to fish out the bugs and MS to release any new versions. You let your security hardware and software (which has barely needed to be patched) deal with any potential problems. That's just smart business sense.

      For those of you admining a handful of servers, serving basic stuff like webpages, laughing at the work some people have to do for this, that's great. Enjoy yourselves. For the rest of us with a real workload: hundreds of servers and tens of thousands of desktops, all with software on top of software that may or may not be compatible with each other patchwise, this last few weeks have been a living hell. A couple people getting their Word documents hosed is nothing compared to payroll systems not working, trade systems coughing up blood, etc. I'll hand that responsibility off to Symantec and friends -- I've got more important stuff to worry about.
      • by raddan ( 519638 )
        No shit. I've put in about 70 hours this week. The Exchange DST tool is the most hacked together piece of shit software I've seen in a long time. I fear what other software is out there that I missed. What little things will break because timestamps are different on the endpoints-- like DNS's rndc and VPN traffic. Too many things to think about.

        Congress can kiss my ass after this worthless piece of legislation, which further reinforces my impression that having people who write laws full time and ge

    • Gee, I wonder if this will screw up all those Microsoft shills who like to quote "studies" (from guys like Rob Enderle) that "prove" Microsoft is "faster" than OSS in fixing security holes...

      Nah. They'll just fall back on the idea that OSS has MORE security holes - because a Linux distro comes with 2,000 packages instead of nothing like Windows.

      You notice they never add in the Symantec security holes to the Windows total when they're discussing how security holes are to be counted. But they'll add in the SS
  • by instantkamera ( 919463 ) on Friday March 09, 2007 @08:41AM (#18287926)
    So they were allowed an extension to their "Avoid Releasing Decent Software" Decade vacation?
  • by FredDC ( 1048502 ) on Friday March 09, 2007 @08:48AM (#18288010)
    At least they can't break anything new this week!
  • DST (Score:5, Insightful)

    by Chicken04GTO ( 957041 ) on Friday March 09, 2007 @08:54AM (#18288038)
    Stupid congress and their DST. How much energy do they think we will save by moving up DST 3 weeks? How much economic loss will be caused by companies all over the place busting their ass trying to get all kinds of systems pathced and working right...?

    Idiot congresspeople.
    • by PornMaster ( 749461 ) on Friday March 09, 2007 @09:00AM (#18288096) Homepage
      Are we going to have to re-patch everything in a year or two when they change it back?

      On the good side, we found out what doesn't come back up automatically after a reboot on the Sun systems that needed the libc patch, too.
    • Re: (Score:1, Interesting)

      by Anonymous Coward

      How much energy do they think we will save by moving up DST 3 weeks?

      Simple answer: 100,000 barrels of oil daily. [foxnews.com]

      How much economic loss will be caused by companies all over the place busting their ass trying to get all kinds of systems pathced (sic) and working right...?

      It's already law. If you don't like it, too bad.

      Idiot congresspeople.

      Harsh truth: you're no match for lobbyists.

      • The question was rhetorical. Instead of mucking with the time zone and such, there are other far more sensible ways to save energy.

        Too bad? So that means I am not allowed to complain about it? Do my complaint insults Prince Dubya?

        No match for lobbyists? Really? Thanks for keeping me enlightened. Go back to bed Mr. cranky pants.
        • I know you love to play the victim, but that was pretty weak. The question was rhetorical. Instead of mucking with the time zone and such, there are other far more sensible ways to save energy. To coin a phrase, two rights don't make a wrong. Just because there are alternatives doesn't mean that this isn't good. Too bad? So that means I am not allowed to complain about it? Do my complaint insults Prince Dubya?
          Straw man argument. No match for lobbyists? Really? Thanks for keeping me enlightened. Go bac
    • by maxume ( 22995 )
      It is a glorious tradition. I can't think of any other reason to do it. The change also allows congress to follow another glorious tradition, doing stuff that they can say they did.

      Seems about par for the course when you throw in a bit of democracy though.
    • On the other hand, not adaptable == badly designed system.
    • Re: (Score:3, Insightful)

      by Billosaur ( 927319 ) *

      How much energy do they think we will save by moving up DST 3 weeks?

      It has nothing to do with saving energy. It's about Congress and the Administration wanting to look like they're doing something about our dependence on foreign oil. There's very little energy savings to be had: these new weeks come in the heart of winter, where a few extra hours of daylight in the evening won't matter because who's going outside when it freezing, and more importantly, people will still have to be heating their homes and offices regardless. And since it will be darker in the morning, when

      • Re:DST (Score:4, Insightful)

        by The_Wilschon ( 782534 ) on Friday March 09, 2007 @10:56AM (#18289388) Homepage
        In a significant and large portion of the country, March is the heart of spring. I saw people studying out under trees yesterday because the weather was beautiful. It is 64F right now. I turned on my air conditioning briefly because my apartment got uncomfortably hot yesterday.

        If you don't live in Maine, this makes a heck of a lot more of a difference than you apparently realize. (Yes, restricting to only Maine is an exaggeration, too. Deal with it. You know what I mean by it anyway.)
      • where a few extra hours of daylight in the evening won't matter

        You don't get "few extra hours of daylight". It's the same day. You don't get an extra hour of sleep. You don't get anything. You simply do everything one hour earlier.

      • Bingo.
        This originally came from the global warming crowd, and according to them would be one of the easiest to implement and would produce measurable results.
        Just image what will happen if they are listened to for other things and we implement things like forbidding air travel for vacations .
    • I've never really understood why they didn't just make DST permanent. In other words, get rid of the whole spring-forward/fall-back business, and just move the time zones in the U.S. up an hour, if that would give us more daylight in the evenings, when apparently we want it.

      It's all just a psychological game, anyway; the actual amount of daylight obviously never changes, it's just that people really hate having to get up before their clock says they should, and thus it's necessary to fudge the clocks so tha
      • It's all just a psychological game, anyway; the actual amount of daylight obviously never changes

        Ummm ..... no actually, the amount of daylight changes continuously throughout the year. From the winter solstice until the summer solstice, the days keep getting longer. From the summer solstice to the winter solstice, they get shorter. The vernal and autumnal equinoxes are the midpoints of that transition. The time of sunrise and sunset change throughout this whole cycle, by quite a range

        DST is designed to

        • I'm aware of that -- I should have been more clear. I was stating something more obvious: the day doesn't actually get magically "longer" as a result of Daylight Savings Time. There's still the same number of minutes of daylight on a particular day in the year, regardless of whether you bump the clocks backwards or forwards an hour. It's all just a mind game to get people up earlier, and thus let them make use of more daylight, so that the day seems longer. But the day is the same length whether you're awak
          • However, what I'm not clear on, is whether the daylight actually shifts earlier and later in the day, in addition to becoming longer and shorter (i.e., does the "median daylight time" or 'middle of the day' actually move, or does it grow shorter and longer at both ends equally?)

            The following isn't very definitive, it was the first thing I could find on a quick google search:
            link [halesowenweather.co.uk].

            AFAIK, it does vary quite a bit by the season. If you look here [stardate.org] you can do some of the calculations. At my location, there seems

            • Yes, but it's symmetric about noon. However minutes "late" sunrise is, sunset will be "early." OP was questioning whether there might actually be times/places where the whole windows was actually shifted.
              • Yes, but it's symmetric about noon. However minutes "late" sunrise is, sunset will be "early." OP was questioning whether there might actually be times/places where the whole windows was actually shifted.

                Oh, I know what he's asking -- I'm just not qualified to answer it. =)

                The stuff I provided makes me think that it's not symmetric about noon. I would think it would vary by lattitude to an extent -- that's why the North ends up all dark for winter, and then all light in the summer. But, I guess that too

      • by mandelbr0t ( 1015855 ) on Friday March 09, 2007 @11:15AM (#18289722) Journal

        I don't get why we don't just push all the U.S. time zones forward an hour and leave them there, and get rid of this fall/spring switching.
        Because you share them with Canada, and we really need the spring-forward/fall-back. If we stuck with summer time, the sun would set at 3:30pm in mid-winter. If we stuck with winter time, the sun would rise at 4:30am in mid-summer. Either way, I'm glad the clock changes back and forth. That being said, I don't think there's anything to be gained by moving only 3 weeks, except to put some money in IT consultants' pockets.
        • No, it makes no sense in Canada, because the length of the day is so variable. In the middle winter, where I live, the sun rises approximately 9 am MST and falls about 4:30 pm (the offset is because I live on the western edge of Mountain time). In the middle of summer, the sun is up from about 2:30 am to 11:00 pm, MDT, with twilight adding another two hours of light to those figures. Dayling Saving Time makes sense for approximately two months of the year, if you're a late riser: April and September. Other
      • It's all just a psychological game, anyway; the actual amount of daylight obviously never changes, it's just that people really hate having to get up before their clock says they should, and thus it's necessary to fudge the clocks so that people get up earlier, and don't waste daylight and end up having it dark in their (clock-proscribed) "evening."

        So it's a psychological game... it's one that pays off both mental health and in energy consumption. Double plus good.

        Here [webexhibits.org]'s a ton of info on DST, including r

      • by Joe5678 ( 135227 )
        It's not permanent because that would cause too much darkness through much of the year. The foxnews article somebody else linked to explained how they actually tried this in the 70's and fatalities among school children went up because they were waiting for the bus in the dark.

        What they should do is eliminate DST, and instead implement a Daylight Hours portion of the year where Government agencies (including schools) are required to adjust their operating hours to start and finish an hour earlier. Then en
    • DST is actually horribly harmful. One of the stated reasons for it was to provide more light for agricultural workers, but that's a bunch of bullshit. Neither crops nor livestock give a shit what time it is. They care when the dawn comes. So it screws up the farmer's dealings with the rest of the world. When we switch to/from DST, automobile accidents increase, IIRC by 16%, for about a two week period. But anyway, don't take my word for it [72.14.253.104]...

    • Money is neither lost nor created. It only changes form and location.
    • It's not about energy, regrdless of the name of the bill it was in, it's about money- more specfically, commerce. Not as many people go shopping when it's dark out. That downtown just isn't as much fun to walk around when it's dark out. Conversely, when it's still light out (after work) people are more likely to go out and... that's right, spend money shopping. Bean counters figured out that the economy will generate [x] more dollars a year with an extra hour of daylight. That's tax revenue folks.... th
    • by tres ( 151637 )

      Daylight Savings Time change is direct result of tourist lobbies on the 101st (Republican controlled) congress.

      Just another short-sighted, profit-driven change made without taking into account the costs.

  • I clicked on the no new security updates planned [com.com] link and I got this, which doesn't actually say anything at all:

    Microsoft Security Bulletin Advance Notification
    Updated: February 13, 2007
    Security Bulletin Advance Notification

    The next security bulletin advance notification is scheduled for March 8, 2007, and will outline information for the March 13, 2007 security bulletin release.
    • Go to the source. Microsoft has a link here [microsoft.com]Bottom line is there are some SUS and WSUS updates, but no critical IE or OS component updates this month.
      • It's ok, the original link works now. Oddly it seems Microsoft hadn't updated that page for the public yet (it now says "Updated: March 8, 2007").
  • maybe (Score:3, Funny)

    by mastershake_phd ( 1050150 ) on Friday March 09, 2007 @09:06AM (#18288140) Homepage
    Maybe nothing needs patching!? Ya, that must be it.
  • "Microsoft has no new security updates planned for Tuesday, despite at least five zero-day vulnerabilities that are waiting to be fixed. The patch break could be a welcome respite for IT managers still busy testing the dozen fixes Microsoft released last month. Also, many IT pros may be occupied with the switch to daylight saving time, which at the behest of Congress, is happening three weeks earlier this year. "

    Maybe it's because they don't have any patches to release?
    • Re: (Score:2, Funny)

      by thetroll123 ( 744259 )
      Don't be absurd. The simple explanation is that it's another evil Microsoft conspiracy to take over the world. How can you not see that?
  • DST fiasco (Score:4, Insightful)

    by Vexler ( 127353 ) on Friday March 09, 2007 @09:35AM (#18288434) Journal
    They had since August 2005 to address this, but the software patch only came out in early February of 2007. Then, they had the gall to change the instructions no less than four times while I was preparing to upgrade (KB930879 was updated three times while I was reading it two Thursdays ago), along with a new version of the upgrade tool that were substantially different from what the instructions said. Even the consulting firm we hired only got it to work this past Sunday night.

    Microsoft blew it, folks. This is not to say that OSS does it much better, although Red Hat and FreeBSD (two other OSs we use) nailed the patch months ago. But when you are a $50B company and could only produce the detritus that is the DST patch, there is no excuse for it.
    • by sharkey ( 16670 )

      And had the gall to charge US $4000 per product for it as well.

      • No shit they blew it! $4000 for a patch?!? Oh I will be upgrading my Exchange 2000 boxen soon, just not to anything Micro$oft! When Leopard comes out, XServers [apple.com] are going to be pretty high on the list of candidates!

        Putting the screws to us with client licensing? Strike one...
        Windows Vista? Strike two...
        $4 grand for a patch?!? Strike three...you're outta there.

    • I think the DST change shows one of the problems of MS. Microsoft these days has spread itself very thin. They are too busy focusing on Vista. And Office. And competing with Google. And Apple. And the problems with the EU. And lawsuits.
      • by Vexler ( 127353 )
        Yes, I would agree that they are spreading themselves too thin. But two of the things you mentioned can only be blamed on Microsoft itself: The EU situation and the lawsuits. Those are not "market forces" like Apple or Google that Microsoft can say, "Well, they are our direct competitors and we have no choice but to deal with them and protect our market share." Getting sued because they are an aggressive and ruthless monopoly is solely their fault.
        • Well, competing with Apple and Google is really their fault because in they way the chose to compete. They chose to enter into new markets that Apple and Google have. Apple has always competed with MS on OS. Apple on their own decided to get into the MP3 player industry. Now MS wants a piece of that and thus MSN Music and now the Zune were born. Google and MSN have always sort of competed on search. But MS looks like they are trying to do everything that Google is doing on the internet.

          These moves ar

    • This is not to say that OSS does it much better, although Red Hat and FreeBSD (two other OSs we use) nailed the patch months ago.

      Actually, the Java that RedHat uses is based on gnu libraries that have their own tracking of DST. And the patch for that came out....Monday. Yes, this last Monday. Six days before the changeover.

      Watchguard released a patch for their firewall product *yesterday*. And I see Sun just posted a big red warning on their Java Update page *today* warning about how it breaks back
  • by Anonymous Coward
    which is probably the real reason for no patches this Tuesday..........

    Perhaps they need a good lawyer like the ones at http://www.bozolawyers.com/ [bozolawyers.com]
  • by RancidMilk ( 872628 ) on Friday March 09, 2007 @11:20AM (#18289812)
    Microsoft: "These are not the flaws you are looking for"
    Customer: "These are not the flaws I was looking for"
    Microsoft: "Go home and rethink your life"
    Customer: "I will go home and rethink my operating system decision"
    Microsoft: "What??? No! Your Life! Rethink your Life!"
    Customer: "Rethink my li.... nux. I need Linux."
  • yeah, that's it, they all switched to vista and their computers won't access the MS codebase any more.

    thank you, glad to have cleared that up.
  • by pe1chl ( 90186 )
    Also, many IT pros may be occupied with the switch to daylight saving time, which at the behest of Congress, is happening three weeks earlier this year.

    As a European, what mostly occupies me is deleting all those "field notices" that Cisco mails me about the DST issue. It looks like they send a separate mail for every product they sell and have ever sold, telling me that it needs to be patched. Not all on a single day or all in a single mail, but spread over a month time.
    And the profiles that you can defi
    • Living in Europe or anywhere else in the world it does effect you; if your users do business with Americans(Canada also switched). If you do business with US or Canada then it is likely they have meetings or phone calls scheduled with them in which case if you don't update the systems and then update the scheduler then they will be off.
  • I really don't understand this. All software should support arbitrary dates for DST start and end.

    I am from Brazil and here we don't have fixed dates for DST. The stupid government change them every year. But at least every single piece of software produced here supports changing the DST period. You shouldn't have to patch anything but just change some configuration file (ok, changing the configuration file is still patching, but you got my point). How hard is this?

    And probably most of those new patches *st
  • Also, many IT pros may be occupied with the switch to daylight saving time, which at the behest of Congress, is happening three weeks earlier this year.

    Windows admins can't install patches next tuesday, because they're too busy installing patches which have to be done by this Saturday to be of any use.

    What, are they going to go on a 4-day bender after the DST upgrades?

    • What, are they going to go on a 4-day bender after the DST upgrades?
      no they will be cleaning up after all the breakage and fixing things that are still using the old rules and therefore causing problems.

"The following is not for the weak of heart or Fundamentalists." -- Dave Barry

Working...