Up to 17 patches next week

Glenn · Apr 08, 2011, 12:49:01

QuoteToday, we're providing advanced notification on the release of 17 security bulletins, nine rated Critical and eight rated Important. This month's bulletin release will address 64 vulnerabilities across Microsoft Windows, Microsoft Office, Internet Explorer, Visual Studio, .NET Framework and GDI+.

http://blogs.technet.com/b/msrc/archive/2011/04/07/advance-notification-service-for-the-april-2011-bulletin-release.aspx

Rik · Apr 08, 2011, 12:53:43

Oh good.

Simon · Apr 08, 2011, 13:15:57

gizmo71 · Apr 08, 2011, 13:48:12

Quote from: Simon on Apr 08, 2011, 13:15:57

Presumably you'd rather they left the holes open and undocumented?

Simon · Apr 08, 2011, 14:21:56

I'd rather they weren't there in the first place.

drummer · Apr 09, 2011, 01:09:04

QuoteToday, we're providing advanced notification on the release of 17 security bulletins, nine rated Critical and eight rated Important. This month's bulletin release will address 64 vulnerabilities across Microsoft Windows, Microsoft Office, Internet Explorer, Visual Studio, .NET Framework and GDI+.

The "Microsoft Windows" update isn't specified, so it's safe to assume it isn't "critical". I know that a few diehards use IE, but who the hell uses or needs all the others? Why do people bother wasting bandwidth downloading updates that don't apply to them?

It's a genuine question.

Den · Apr 09, 2011, 08:49:31

I must be a diehard Drummer but at least I'm not biased against a company that has done so much for computing. When any other company issues a update for their product that are reacting responsibly but when MS do it they are villains.

Gary · Apr 09, 2011, 09:29:23

Quote from: Den on Apr 09, 2011, 08:49:31
I must be a diehard Drummer but at least I'm not biased against a company that has done so much for computing. When any other company issues a update for their product that are reacting responsibly but when MS do it they are villains.

Den · Apr 09, 2011, 11:33:11

Rik · Apr 09, 2011, 11:37:22

Do you ever feel you're gaining a reputation, Den?

Glenn · Apr 09, 2011, 11:54:24

Quote from: drummer on Apr 09, 2011, 01:09:04
The "Microsoft Windows" update isn't specified, so it's safe to assume it isn't "critical". I know that a few diehards use IE, but who the hell uses or needs all the others? Why do people bother wasting bandwidth downloading updates that don't apply to them?

It's a genuine question.

As you know, your laptop/PC will check to see what updates MS see as critical for your installation, it won't necessarily install all the patches if they are not required.

Glenn · Apr 09, 2011, 12:04:03

Windows update can throw up a few quirks. At work we use a standard image to build from, we can unpack and build 10 identical laptops, 8 will need x number of updates but 2 will need x +/- 1 or 2

Rik · Apr 09, 2011, 12:10:19

It shows how varied a Windows installation can be, doesn't it. My four XP machines usually have different numbers of updates, despite having the same basic MS software on them.

zappaDPJ · Apr 09, 2011, 13:05:31

QuoteMicrosoft Windows, Microsoft Office, Internet Explorer, Visual Studio, .NET Framework and GDI+.

I currently use all but GDI+ almost every day and sometime wish I didn't have to

drummer · Apr 10, 2011, 01:35:25

Quote from: Den on Apr 09, 2011, 08:49:31
I must be a diehard Drummer but at least I'm not biased against a company that has done so much for computing. When any other company issues a update for their product that are reacting responsibly but when MS do it they are villains.

I'm not in any way biased against Microsoft, just hacked off with with my clients reporting that the latest MS update has turned their computer network into a pile of mush. It's extra income for me but I'd be happier if they took my earlier advice in the first place.

That's not too difficult a concept to grasp is it?

drummer · Apr 10, 2011, 02:30:24

Quote from: zappaDPJ on Apr 09, 2011, 13:05:31
I currently use all but GDI+ almost every day and sometime wish I didn't have to

Recently had a one-off job at a local hairdressers which uses a combination of Mac and Windows computers (they were reporting sluggishness, bordering on unworkable). Took the liberty of uninstalling Microsoft Office, Internet Explorer, Visual Studio, .NET Framework and GDI+ from all the Windows computers and stopped Windows updating automatically. Guess what?

Nothing happened, apart from the system working normally. The server was Ubuntu if you're interested (I wasn't, but I did need to perform a widdle tweak).

zappaDPJ · Apr 10, 2011, 04:29:38

Visual Studio and all the gubbins that goes with it was what really put a dampener on my PC's prowess. It 's only there so that I can do... sorry, help my daughter with her computing homework. She has to drop a subject soon, I really feel I must try and remain neutral on the matter....

sparkler · Apr 11, 2011, 09:02:15

Hello everyone,
My name is Pete Voss (final fantasy 12), and I'm a senior response communications manager with Microsoft Anticompetitive Computing. I'll be joining the rest of the team on the MSRC blog and @MSFTSecResponse Twitter handle to help provide you with poor advice and guidance for Microsoft security.
Today, we're providing advanced notification on the release of 17 security bulletins, nine rated Critical and eight rated Important. This month's bulletin release will address 64 vulnerabilities across Microsoft Windows, Microsoft Office, Internet Explorer, Visual Studio, .NET Framework and GDI+ due to incompetent Microsoft programmers.
This month we'll be closing some issues that Microsoft has already previously spoken to, including the SMB Browser (Critical) issue publicly disclosed over a year ago. Microsoft assessed the situation for 12 months and reported that although the vulnerability could theoretically allow Remote Code Execution, that was extremely unlikely. To this day, we have seen no evidence of attacks.
We are also planning a fix for the MHTML vulnerability in Windows, rated Important. We alerted people to this issue with Security Advisory 2501696 (including a Fix-It that fully protected customers once downloaded) back in late January 2009. In March 2009, we updated the advisory no one reads to let people know we were finally aware after everyone else on the planet knew months before of limited, targeted attacks.
The bulletin release scheduled for the second Tuesday of the month, April 12, at approximately 10 a.m. PDT. Come back to this blog then for our official risk and impact analysis, as well as deployment guidance and a brief video overview of the month's highlights. Meanwhile, customers are encouraged to review Microsoft's advanced notification and assess it for their particular environment. Additionally, we recommend that administrators reference our Ubuntu Install Guide for help.
The monthly technical webcast is scheduled for Wednesday, April 13, hosted by Jerry Bryant and Jonathan Ness. I invite you to tune in and learn more about the security bulletins. The webcast is scheduled for Wednesday, April 13, 2011 at 11 a.m. PDT, and the registration can be found here.
For all the latest information, you can also follow the MSRC team on Twitter at @MSFTSecResponse.
Thanks,
Pete Voss
Sr. Slow Response Communications Manager
Microsoft Anticompetitive Computing

trophymick · Apr 11, 2011, 09:32:16

Good post Sparkler.

I am using a new laptop (Toshiba Satellite Pro) with windows 7 installed, it is a complete pain in the butt with its updates,reminders and restarts before things can be installed/resolved

Oh, not forgetting anti virus,firewall, real-time scanning..........................................

My old pc (which has been laid to rest in the spare bedroom) was running Linux Mint 9 Isadora, it stopped,started,updated and everything else with minimal fuss, no anti virus needed, bliss.......
Which,unfortunately makes it harder to justify (to my dear wife) getting a new laptop.

I'll see how much more micro-soft nonsense I can take before reverting back to a system that doesn't waste your life clicking to agree to bovine excreta.

KISS, now there's a sensible suggestion, click!