Stories
Slash Boxes
Comments

SoylentNews is people

Microsoft Patch Tuesday - No Love for February -- Postponed Until March

posted by cmn32480 on Friday February 17 2017, @08:07AM   Printer-friendly
from the they-didn't-want-to-interrupt-our-anniversary-party dept.

martyb writes:

Following an initial report that Microsoft's Patch/Update Tuesday would be delayed comes the notice that it will actually be postponed. Oh, and there is a zero-day SMB exploit currently in the wild for which Microsoft intended to release a patch last Tuesday. That fix, and all the others scheduled for February, have been postponed to be released on March's Patch Tuesday.

Here are some stories that lay things out:

Many businesses have regular processes in place to test and roll out patches on their systems; how has this postponement affected you?

Original Submission

 
This discussion has been archived. No new comments can be posted.
Microsoft Patch Tuesday - No Love for February -- Postponed Until March | Log In/Create an Account | Top | 15 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Interesting) by zocalo on Friday February 17 2017, @10:20AM

    by zocalo (302) on Friday February 17 2017, @10:20AM (#468159)
    Does the postponement affect processes? Not really. You work through the processes - test, then deploy what's available at the appropriate points, and go home. Doesn't really matter if the number of patches from MS is zero or some other random number, you still have Adobe and other vendors you might be dealing with at the same time. Lack of MS patches just means there's less to do.

    Does the postponement affect operations? Almost certainly, and if not then it probably should have done. There's a zero day out for SMB that is being actively exploited, which most locations will still be vulnerable too even if they are not actually making use of the functionality, so that means that you need to figure out some kind of bandaid (most attacks are internal, remember?), put it in place, and then manage it for a whole month until MS finally gets the patch out.

    Frankly, I'd have preferred it if MS had split the difference and announced they were going to push out the critical patches either the following Tuesday or (at a pinch) the one after to lessen the damage, and defer the rest until March. Yes, it's some extra work for everyone, but better that than being the focus of the next round of "$luser_corp hacked!" headlines (unless you're Yahoo!, in which case just get it over with and die already) and a week ought to be enough time to schedule something in. I guess that's not so easy for MS to do now that all the patches are rolled up into one big bundle though, is it? I hope everyone that gets owned in the next month thinks of that when MS is next saying how this mandatary "rollup or nothing" approach is a good idea.
    --
    UNIX? They're not even circumcised! Savages!
    Starting Score:    1  point
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   3