posted by
cmn32480
on Friday February 17 2017, @08:07AM
from the they-didn't-want-to-interrupt-our-anniversary-party dept.
from the they-didn't-want-to-interrupt-our-anniversary-party dept.
Following an initial report that Microsoft's Patch/Update Tuesday would be delayed comes the notice that it will actually be postponed. Oh, and there is a zero-day SMB exploit currently in the wild for which Microsoft intended to release a patch last Tuesday. That fix, and all the others scheduled for February, have been postponed to be released on March's Patch Tuesday.
Here are some stories that lay things out:
- Microsoft cancels February Patch Tuesday despite 0-day in wild | Ars Technica
- Microsoft shelves all February security updates | Computerworld
- Microsoft's monthlong patch delay could pose risks | Computerworld
- February 2017 security update release – MSRC
Many businesses have regular processes in place to test and roll out patches on their systems; how has this postponement affected you?
This discussion has been archived.
No new comments can be posted.
Microsoft Patch Tuesday - No Love for February -- Postponed Until March
|
Log In/Create an Account
| Top
| 15 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(Score: 2, Funny) by Anonymous Coward on Friday February 17 2017, @08:42AM
You'll get your updates right before your next presentation.
(Score: 0) by Anonymous Coward on Friday February 17 2017, @06:44PM
Don't worry, you'll get updates during your next presentation.
FTFY.
(Score: 1, Insightful) by Anonymous Coward on Friday February 17 2017, @08:54AM
I hope you enjoy your east indian overlord.
(Score: -1, Offtopic) by Anonymous Coward on Friday February 17 2017, @12:59PM
I call'em ragheads. To hell with the PC police.
(Score: 0) by Anonymous Coward on Friday February 17 2017, @07:52PM
If you encounter someone from India who is wearing a turban, it is unlikely to be a Muslim.
Turban wearers from India are most likely Sikhs.
They are a minority there.
One of the things required of a Sikh is to always carry a dagger [google.com] in order to defend the weak and oppressed.
The Sikh precepts are as noble as those of any religion that I have encountered.
-- OriginalOwner_ [soylentnews.org]
(Score: 3, Interesting) by zocalo on Friday February 17 2017, @10:20AM
Does the postponement affect operations? Almost certainly, and if not then it probably should have done. There's a zero day out for SMB that is being actively exploited, which most locations will still be vulnerable too even if they are not actually making use of the functionality, so that means that you need to figure out some kind of bandaid (most attacks are internal, remember?), put it in place, and then manage it for a whole month until MS finally gets the patch out.
Frankly, I'd have preferred it if MS had split the difference and announced they were going to push out the critical patches either the following Tuesday or (at a pinch) the one after to lessen the damage, and defer the rest until March. Yes, it's some extra work for everyone, but better that than being the focus of the next round of "$luser_corp hacked!" headlines (unless you're Yahoo!, in which case just get it over with and die already) and a week ought to be enough time to schedule something in. I guess that's not so easy for MS to do now that all the patches are rolled up into one big bundle though, is it? I hope everyone that gets owned in the next month thinks of that when MS is next saying how this mandatary "rollup or nothing" approach is a good idea.
UNIX? They're not even circumcised! Savages!
(Score: 1, Interesting) by Anonymous Coward on Friday February 17 2017, @12:02PM
gone are the days where you could selectively install or un-install windows components.
now you have to install everything or throw the baby out with the bathwater ...
with XP it was possible to install/un-install certain components, like i remember, "outlook lite", "MSN", "netBEUI", "Unix services" etc.
maybe if they made a more "module" like system where every component doesn’t require every other component to be available, they could
get around tackling all these code-problems in a more sane manner?
Maybe start with the module called "internet explorer" which should just be a html "code" rendered for a TCP/IP network-stack without cancer-like tentacles into the base operating?
(Score: 2) by GungnirSniper on Friday February 17 2017, @02:04PM
It's been almost ten years since MinWin fell off the radar. They don't know how to made Windows efficient, if they ever did.
My gamer box, which rarely gets updates, is still "Downloading updates" at 0% as it has for the last day and a half. Linux would never even take an hour to determine what it needs, even on a rusty Pentium III with a dying hard disk.
Tips for better submissions to help our site grow. [soylentnews.org]
(Score: 0) by Anonymous Coward on Friday February 17 2017, @08:37PM
Linux would never even take an hour to determine what it needs, even on a rusty Pentium III with a dying hard disk
I just don't understand people who tolerate the MICROS~1 update paradigm.
Having M$ take over your box, leaving it unusable for long periods (hours?; days??) is just insane.
We previously discussed an actual example of that paradigm of unwanted, invasive, clumsy updating.
German Basketball Team Relegated to Lower Division Due to Untimely Windows Updates [soylentnews.org]
It never was a proper way to do things.
...and the Windoze Registry was a horrible idea from the very start.
Needing to restart the OS for a minor tweak or an added app??
How could anyone ever think that was a proper design choice?
It makes me cringe whenever I see Windoze on a box in a medical environment.
It's frightening to think what might happen in the middle of a procedure.
With Linux, the download for an update is a background process and the installation is a separate process and, again, a -background- process.
Not only does it not grab total control of your system, you can wait so that the update doesn't even take away that tiny bit of resources from what you are doing; you can execute the update when you are away from the box, giving it maximum resources (in the PIII example).
...and, as you note, Linux updates don't take an eternity to finish.
It must be awful having a jones for a Windoze-only game that simply must be satiated and having to deal with the associated MICROS~1 nonsense.
-- OriginalOwner_ [soylentnews.org]
(Score: 5, Funny) by Gaaark on Friday February 17 2017, @12:08PM
how has this postponement affected you?
I had a good chuckle!
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 5, Funny) by gidds on Friday February 17 2017, @01:51PM
Er, sorry, run that past me again?
From Wiktionary:
So a postponement is a delay — it can't be the one without the other! Which makes that summary line completely meaningless.
I guess it depends on whether it's talking about Patch Tuesdays in general (in which case it makes sense to talk of it being delayed, postponed, put off, rescheduled, held back, and deferred) or about the specific Patch Tuesday that was due to occur in February (which isn't being delayed or postponed, but is actually being flat-out cancelled!). I guess either would fit — but you can't just mix them up willy-nilly!
(Sorry; I'm a pedant. I can't help it.)
[sig redacted]
(Score: 0) by Anonymous Coward on Friday February 17 2017, @01:58PM
I think it's meant in the sense that until now it was delayed until further notice, but now it has been re-scheduled to next month.
(Score: -1, Offtopic) by Anonymous Coward on Friday February 17 2017, @03:40PM
I think we should wait until the next president and let the people decide before putting new patches in place. The founding fathers would have wanted it that way.
(Score: 0) by Anonymous Coward on Saturday February 18 2017, @06:08PM
This scenario was predictable (and in fact I said as much at work when MS first announced they were shifting to an all-or-nothing deployment model). The only surprise is how few months it took for this scenario to play out. If they were trying to increase security, they failed massively.
(Score: 0) by Anonymous Coward on Saturday February 18 2017, @06:22PM
P.S. the justification for switching to aggregate patches was to make it harder for black hats to reverse engineer individual fixes and develop exploits before MS customers could complete testing and deploy updates. Fundamentally this is security through obscurity, and basic risk analysis should have made it clear that the marginal delay in reverse engineering wasn't worth the increased risk of a scenario like this month's delay (especially since individual patches had previously caused enough problems in GA to require them to be pulled back). In the end, this process change was security theatre and about needing to appear to address a problem.