Forgot your password?
typodupeerror

June Windows Update To Be Biggest in a Year 220

Posted by Zonk
from the patch-early-patch-often dept.
Supersonic1425 writes "The BBC reports that this month's security update from Microsoft will be the one of the biggest this year. Nine of the patches are for Windows — one classed as critical — two are for Office and one for the Exchange e-mail server software." From the article: "At least one of the loopholes being patched is already being actively exploited by malicious hackers. ... Microsoft is not only tackling security problems but also the fallout of a legal case that the software giant lost."
This discussion has been archived. No new comments can be posted.

June Windows Update To Be Biggest in a Year

Comments Filter:
  • by chachacha (833677) on Tuesday June 13, 2006 @08:43AM (#15523171)
    ...a long week.
  • by dsginter (104154) on Tuesday June 13, 2006 @08:43AM (#15523178)
    Just when XP is nice and patched and secure, they'll release Vista and start the process all over again.

    Yummy.
    • by geobeck (924637) on Tuesday June 13, 2006 @10:03AM (#15523613) Homepage

      I think patch days like today are an indication that XP will never be "patched and secure." And probably, neither will Vista.

      But if you're switching to Mac, beware of the purists [slashdot.org] who seem to think Mac use is a royal privelege or something.

    • WHAT OS is "nice and patched and secure"?

      Every OS has flaws right now. While some might announce their flaws right when discovered, and others try to hide them until they have a patch, they all have holes right now that just have not been discovered.

      Yes, Vista will have patches. So will OSXII. So will FC6. It is flawed code by flawed people. Deal with it.

    • Software is too dynamic to reach a 'finished' state for something as complex as an operating system. There is always something to fix, improve, or some new bug/vulnerability to patch. No, XP will never reach that 'golden' state where it doesn't have problems/security holes. Rather M$ will just move it's focus to Vista (mistakenly early I suspect, as the majority of user base is most likely just getting to XP now), and open up that new can of worms.

      On a side note, this is the precise reason M$ needs to b

      • Your last sentence is correct and is, at the same time, the reason I think Vista is going to be a mess. The key word is "legacy".

        If you want to shed many of the problems plaguing Windows you are going to have to stop tacking on old code for the sake of backwards compatibility. Apple has made major breaks with old software and then provided "bridge" software to help users over the hump (Classic to support pre-X apps, Rosetta to run pre-Intel binaries).

        Unfortunately, it doesn't look to me like this is where
  • by Anonymous Coward on Tuesday June 13, 2006 @08:46AM (#15523195)
    How much in lost revenue is all this Microsoft Patching costing the real economy?
    • How much in lost revenue is all this Microsoft Patching costing the real economy?

      And perhaps more interesting:
      How much more would it cost not to patch?

      How much more would it cost to patch a comparable number of linux installations.
      • Just remember to count the majority of your application patches against the windows update time, too. With Linux, most of the applications I use are managed by the distribution and updated automatically for me, instead of having nine update managers running all the time when I'm running programs, or at each program start. (Adobe Reader, Sun Java, the Windows update system, Firefox does its own updates, Macromedia products all check for updates, et cetera.)
  • ActiveX (Score:4, Interesting)

    by Jaruzel (804522) on Tuesday June 13, 2006 @08:49AM (#15523208) Homepage Journal
    The bigger problem here is that this update enforces the ActiveX patch that was released a while back, y'know the one that causes inline ActiveX controls to not fire up, but to display that 'Click Here to Active This Control' message instead.

    Not a major problem out on the Internet, but many Corporates have internal web apps where this patch is going to screw things up royally.

    -Jar.
    • Re:ActiveX (Score:5, Informative)

      by bheer (633842) <rbheer AT gmail DOT com> on Tuesday June 13, 2006 @08:54AM (#15523236)
      Not a major problem out on the Internet, but many Corporates have internal web apps where this patch is going to screw things up royally.

      IIRC, the workaround is to make sure your [object] tag is written out using (Java|VB)script. If you visit macromedia.com they use this technique and have a tutorial about it written up. And to be fair, MSDN's been letting developers know about this for ages.

      • Yes, very true. However the Internal Web Services team, are rarely the Desktop Updates Team, and in my experience (15 years in Financial IT) the two never talk. Also a lot of web apps are 'off the shelf' and the people that maintain them internally don't have the skills to rejigg the HTML - and also may not be aware that the vendor has or hasn't provided a workaround patch.

        Either way, this patch release _must_ be managed correctly within the corporate IT space.

        -Jar.
      • Re:ActiveX (Score:2, Informative)

        by Pirogoeth (662083) *
        Here's the page [adobe.com] to which you probably were referring.

        Microsoft has a tutorial on their MSDN site [microsoft.com] which discusses this as well.

    • The bigger problem here is that this update enforces the ActiveX patch that was released a while back, y'know the one that causes inline ActiveX controls to not fire up, but to display that 'Click Here to Active This Control' message instead.

      Not a major problem out on the Internet, but many Corporates have internal web apps where this patch is going to screw things up royally.


      The fix is trivial [microsoft.com]

      Takes a minute to implement.
    • So, you click the control, and it works. I'm not sure I see the "royal screw up" to be honest.
  • Clarification (Score:5, Informative)

    by BrynM (217883) * on Tuesday June 13, 2006 @08:50AM (#15523217) Homepage Journal
    From TFA:
    Microsoft had to re-engineer Internet Explorer to stop a technology known as ActiveX automatically starting when users visit some websites. MS may have done this as a result of the Eolas suit, but the rest of us can consider it a security patch ;)
    • Re:Clarification (Score:3, Interesting)

      by bheer (633842)
      Microsoft had to re-engineer Internet Explorer to stop a technology known as ActiveX automatically starting when users visit some websites.

      Huh? Flash would be out of business then. What the post-Eolas IE actually does is prevents the user from interacting with the ActiveX control until 'activated' with a click. (The control's running fine meanwhile, which means it can also be a security risk.) Also, this applies to controls put on pages with an honest-to-gosh [object] tag. If you write your [object] tag dyn
      • What the post-Eolas IE actually does is prevents the user from interacting with the ActiveX control until 'activated' with a click. (The control's running fine meanwhile, which means it can also be a security risk.)
        Ahhhh, then we can just consider it security Vista style being rolled out early. (thanks for the objet tag info BTW)
  • by obender (546976) on Tuesday June 13, 2006 @09:04AM (#15523288)
    From TFA:
    On its security blog Microsoft wrote: "We strongly recommend that those of you who are still running these older versions of Windows upgrade to a newer, more secure version
    Well, I folowed their advice and upgraded from 32 bit linux to amd_64 linux. Now I have no Macromedia Flash player and there's no hourly trunk build of Firefox.
  • I was sitting here wondering why my laptop hadn't started to automatically update....

    Then I realised I was booted into Ubuntu.

    *slinks off into the night*
  • The Mac way (Score:2, Insightful)

    by k1980pc (942645)
    I don't feel windows sending critical updates should cause any flare-ups. Putting your system on automatic updates and let windows update the system is easy enough. One thing I would like Windows to do is something like my Mac - Every critical release being a new version number for my OS - I really love the feeling-of-security when my OS goes from 10.4.5 to 10.4.6
    [ It's another matter that 10.4.6 had made my system un-bootable and I had to reinstall 10.4.2 from disc ]

    But I cannot understand why ppl raise a
    • "I would like Windows to do is something like my Mac - Every critical release being a new version number for my OS - I really love the feeling-of-security when my OS goes from 10.4.5 to 10.4.6"

      Mac Security Updates don't change the OS version number.
      If you examine Apple's Security Updates here [apple.com], you'll see that the updates that are called "Security Updates" don't change the OS version number. The updates that do change the version number are called "Mac OS X Update" (e.g. "Mac OS X 10.3.9 Update").
  • by s31523 (926314) on Tuesday June 13, 2006 @09:24AM (#15523394)
    With respect to:
    "We strongly recommend that those of you who are still running these older versions of Windows upgrade to a newer, more secure version, such as Windows XP SP2, as soon as possible."
    I think anyone who is still running windows 98 would be better off switching to Linux. I would have to beleive most software running under 98 could be run under Linux using Wine/Crossover Office, or alternatives found. More than likely, most 98 users just have some office type applications and never upgraded because they didn't need the fancy new OS. My old office still has 98 on many computers just because the people using them run basic apps that get by with what they have, and upgrades would be costly (relative of course, some small businesses would be hurt by 10K in computing upgrades). With so many security holes are known, and support is ending, AND newer Linux distros are pretty darn close to "it just works", we may see small pockets of Linux migration.
  • by internewt (640704) on Tuesday June 13, 2006 @09:33AM (#15523447) Journal
    From the article:

    At the same time as information about the update was being released, Microsoft mentioned that it will not be able to patch Windows 98 and ME against a loophole discovered in April 2006.

    Fixing this bug in the ageing software would require a major re-write of the Windows Explorer program used in these old copies of the operating system.

    Microsoft is not prepared to undertake this work, given that all support for Windows 98 and ME ends on 11 July 2006.

    So even though Microsoft have stated that they support 98 and ME until 11th July 2006, they will not support those two OSes today?

    Yes, people are crazy if they rely on 9x in anyway, but when Gates says he'll support it until a date I'd expect support to be provided, even it means some changes to the shell. And we all know how much exageration is used when a job is being avoided... ("major re-write of the Windows Explorer").

  • I find it interesting that illegal copies of Windows aren't able to update the fix for the legal settlement. Microsoft have finally changed their WGA tool to "Do not allow update unless user PC submits 'Yes it's valid'" from "Do not allow update unless user PC submits 'No i'm not valid'", i thought it was odd the way their system worked before.

    This is why i'm using Autopatcher XP [autopatcher.com] (Annoying forum-based website), you can download the updates off them, see the details and unselect all the crap you don't want, without having to go through Microsoft and Windows validation. You just have to wait a while before they release the newest version.
    • I could be wrong, but I thought that you could still use the Automatic Updates feature without WGA validation, and that only launching Windows Update would prompt you to verify your legit copy of Windows.
      • True, although saying that i clicked the "Enable auto-updates" feature on the MS Update page and made sure to choose "Inform me of updates before downloading or installing them" option, i didn't want WGA installing on my PC.

        5 minutes later i see a Security Centre icon in the bottom right and it's downloading and installing updates i didn't even agree to.

        Windows Genuine Advantage "Your install is not valid" here i come...
        • That's strange, although I have heard others echo similar comments. I can't verify this at all, since my XP computer at work is set to "notify me only" and it does just that -- a popup windows appears saying "new updates are available, please click here to start downloading". If I do nothing and reboot, the same keeps happening until I finally choose to install.

          I guess this thread [emailbattles.com] is to what you are referring, or something similar. Again, I have never seen this firsthand.
    • Or just use windizupdate.com [windizupdate.com] if you use firefox. Nice way to admit to the world that you're using a pirated copy though, bud. :)
  • A company closed associated with ours (a very large telecoms company in Europe) seems to have fallen off the map since about 12.30 today.

    Coincidence?

"Turn on, tune up, rock out." -- Billy Gibbons

Working...