back to article Using a thing made by Microsoft, Apple or Adobe? It probably needs a patch today

Microsoft is wrapping up the summer with a dump of 14 bulletins for various security vulnerabilities in its products, while Apple and Adobe are following up with fixes of their own. The September edition of Patch Update Tuesday sees fixes released for critical issues in Windows, Windows Server, Internet Explorer, Edge, Flash …

Page:

  1. AlexS

    Arse. That is all.

    1. earl grey
      Coat

      you too the word right out of my....

      Erm... well, you get the picture.

      Getting my coat.

  2. joed

    brilliant idea MS

    "Microsoft's update for Adobe Flash Player on Windows and Windows Server." - exactly what true server needed. It's surprising these fools have not bundled their crappy Silverlight as well (though number of admins fell for it anyway and pushed it down the line). Probably time to move back to safe W7 platform (especially that I've disabled cumulative updates that keep turning on unwelcome features on 10).

    1. Adam 1

      Re: brilliant idea MS

      It doesn't install it. It just updates it if you're "brave" enough to still have it installed.

      1. Dan 55 Silver badge

        Re: brilliant idea MS

        MS should push out an update for servers which uninstalls the damn thing.

    2. Steve Davies 3 Silver badge

      Re: brilliant idea MS

      Don't worry, Slitherlight is still there as an optional update that keeps on being offered even if you have hid it 100 times.

      Go on, you know you want it... :)

    3. macjules

      Re: brilliant idea MS

      Let's see, a company with a somewhat dodgy reputation for updates or patches is trying to fix what is probably the buggiest application in the world. Microsoft claiming to be updating Flash fills me with as much trepidation as I might feel upon hearing that the Samsung battery team are designing batteries for Tesla.

      1. Anonymous Coward
        Anonymous Coward

        Re: brilliant idea MS

        upon hearing that the Samsung battery team are designing batteries for Tesla.

        Samsung SDI is one of the Tesla battery suppliers, although Panasonic is the major supplier for now.

    4. Korev Silver badge

      Re: brilliant idea MS

      ""Microsoft's update for Adobe Flash Player on Windows and Windows Server." - exactly what true server needed."

      For a database server, no; for VDI etc it could make sense.

      1. Alumoi Silver badge

        Re: brilliant idea MS

        "For a database server, no; for VDI etc it could make sense."

        Only if VDI stands for Venereal Disease Infection.

  3. oldcoder

    As soon as you said "Microsoft" you need patches, no matter what the other operating systems actually need - even if they were perfect.

    I'm still waiting for the enterprising virus writer to create a workable virus that installs Linux or BSD and then moves on to the next Windows system...

    1. Anonymous Coward
      Anonymous Coward

      I'm still waiting for the enterprising virus writer to create a workable virus that installs Linux or BSD and then moves on to the next Windows system...

      What, and leave a system behind that actually works reliably using far fewer resources? Management would die of shock as they'd have to come up with new ways to waste budget (you know, because of that wonderful idea that an unspent budget means a smaller budget for next year)..

  4. ~mico
    Black Helicopters

    it's 2004 all over again?

    > can be exploited by simply opening an image file

    MS16-106 looks surprisingly like the good old MS04-028 to me. A very convenient backdoor, at least till it lasts (and I bet the fix will reintroduce it in some other place). C'mon, Microsoft, admit it - ... wait, what's that light outside?

  5. Syntax Error

    It just illustrates how poor software programming is these days.

  6. Syntax Error

    Software development

    It just illustrates how poor software programming is these days.

    1. Mark 85
      Trollface

      Re: Software development

      So what's the career path for developers... from Adobe to MS or vice versa? Enquiring minds and all that.

      1. Anonymous Coward
        Anonymous Coward

        Re: Software development

        Are you trying to claim that back in the "good old days" developers produced less buggy code? The only difference was that the programs did far less and were thus far less complex, so I suppose to that extent they were less buggy but definitely no less buggy in terms of "bugs per kLOC", and of course you didn't have to worry about downloading patches because there was no internet!

        You were lucky if they produced fixes at all, and if they did that you found someone who had got it off a BBS somewhere and could let you copy it onto a floppy.

        1. Dazed and Confused

          Re: Software development

          The only difference was that the programs did far less and were thus far less complex, so I suppose to that extent they were less buggy but definitely no less buggy in terms of "bugs per kLOC"

          Anther advantage that the code of yore had was that it was typically fresh and had been built end to end by the same team, so there was a chance that someone understood it. These days programmers are often building on top of ages old code which no one fully understands (on a line by line basis, coz it's just too big).

        2. Hans 1
          Happy

          Re: Software development

          >The only difference was that the programs did far less and were thus far less complex, so I suppose to that extent they were less buggy but definitely no less buggy in terms of "bugs per kLOC", and of course you didn't have to worry about downloading patches because there was no internet!

          Exactly, that's why your program should be as short as possible, ideally below that 1 kLOC. Creating overly complex monolithic programs creates bugs. Keep your programs small and simple, let them work together to do what you want, now, that should be the solution.

          Have clear guidelines as to how the different micro-programs are to behave, e.g. what argument syntax they take ... a dream come true system. Why does nobody design a system like that ? Oh wait, we have just invented UNIX, again!

          1. Anonymous Coward
            Anonymous Coward

            Re: Software development

            Care to explain how to build a web browser out of an army of small 1000 line programs? And why, even if you do, it is somehow magically going to be less buggy than a monolithic browser with the same kLOC count? Having programs that are 1000 lines in size is really no different than having functions than are 1000 lines in size, but no matter how small you make your functions you can still have bugs in them. And if they become one liners to avoid bugs, then you just push the bugs into the interfaces between them.

            1. illiad

              Re: Software development

              If you think it was THAT simple, there would be 1000's of browsers, not around 4 main ones...

              (do note that many ''{insert company name here} browser" programs are just a 'shell' around IE or one of the four... }

              and then WHAT do you want it to do???

              If it was a car, would you mind if it looked like this??

              http://www.wired.com/images_blogs/autopia/2009/11/top-gear-ev.jpg

        3. JLV

          Re: Software development

          Good points. Not to mention that most of that, rather impressive, list only makes sense to aggressively patch (and research) in the context of widespread exposure to public networks - ie the Internet. Ditch the Internet* with your time machine and apps have a considerably easier life, security-wise.

          Ah, the good old days.

          * ditch Flash? Now that's more doable.

    2. Fred Flintstone Gold badge

      It just illustrates how poor software programming is these days.

      In context, I rather love the irony of you posting that twice :)

      1. Bloakey1

        "It just illustrates how poor software programming is these days."

        The first one had a syntax error in it.

    3. Roo
      Windows

      Re: Software development

      "It just illustrates how poor software programming is these days."

      I suspect that particular vuln only works due to fundamental design flaws introduced with NT 4.0 over 20 years ago. MS were told at the time rolling more stuff into the ring 0 was a dumb idea, but rather than take advice and fix it, their PR & dev teams chose to tell customers it was a good idea because it made their pinball game run faster.

  7. Winkypop Silver badge
    Meh

    I patch

    Therefore I am

    1. big_D Silver badge

      Re: I patch

      They also forgot to mention Google, they had a lot of patches for Chrome and Android this month as well - and I am still waiting for Nougat to be made available to my Nexus 5X.

      I would patch, if I could...

      1. big_D Silver badge

        Re: I patch

        Moaning pays off! The Nougat update turned up on my phone about 22:00 last night. My wife's Nexus 5X is still waiting.

  8. Anonymous Coward
    Anonymous Coward

    It's not the brand, but the software...

    Modern software as a whole seems to be fully relying on patching. From games which are released while the product actually wasn't fully finished right down to open source projects where small caveats are found during usage which then also need to be fixed through patching. I know: sometimes a new version gets released. But is that really so much different from releasing a patch?

    This thing doesn't stop with Microsoft, Adobe and Google....

    1. Tomato42
      Childcatcher

      Re: It's not the brand, but the software...

      it may not look like this, but I have on high authority that software is written by humans and it's common for humans to err

      where are the robotic overlords where you need them!?

    2. Pascal Monett Silver badge

      Patching, in itself, is not the issue

      having patches means the software is maintained, which is a Good Thing (TM), because the threat landscape evolves constantly. It is ridiculous to imagine that any group of developers, however smart they may be, could preconceive every single possible threat scenario that will crop up.

      Given the complexity required of today's software, that must interface almost with everything under the Sun, some bugs obviously slip through as well. It is nice to have those bugs squashed in a timely manner.

      The issue is not with the patching. The issue is with the fuckups that insufficient whiteboarding and testing introduce into patches that pretend to solve something and either don't, or fuck something else up along the way.

      I am prepared to accept that a patch does not wholly solve a problem. Writing software is difficult and I know by experience that edge cases are a maddening nuisance to deal with.

      I cannot accept that a patch bricks a computer, or otherwise trashes an entire environment. That can only happen when next to no testing was ever done, in a case of "oh that problem ? Just flip the bit to 0 and we're done with it". Seems obvious, but even when it is, test, test and test again, especially when your customer base numbers in the millions.

      And I accept that, even when you do test against every single scenario your PC catalogue has, there's always some extreme case that slips through. PCs are the ultimate hardware platform, they can modified in uncountable ways.

      But if you fuck up a console, you deserve to be fired, if not shot.

  9. allthecoolshortnamesweretaken

    What do you mean, "probable" ?

  10. cd / && rm -rf *
    WTF?

    "Adobe, who posted an update for Flash Player that addresses 29 CVE-listed security flaws"

    Another 29 patches?!

    http://www.cvedetails.com/vulnerability-list/vendor_id-53/product_id-6761/Adobe-Flash-Player.html

    892 vulns. What a bunch of cockwombles. Why am I reminded of the old adage about a car being a bucket of rust held together only by the paint?

    1. Anonymous Coward
      Trollface

      Don't know you, vulnerability counts roll over like an odometer, and have only three digits. They are racing to 1000, and then they'll claim they are bug free!

    2. Hans 1
      Stop

      >892 vulns. What a bunch of cockwombles. Why am I reminded of the old adage about a car being a bucket of rust held together only by the paint?

      892 CVE's. What a bunch of cockwombles. Why am I reminded of the old adage about a car being a bucket of rust held together only by the paint?

      TFTFY, a single CVE can describe multiple vulns ...

  11. Anonymous Coward
    Trollface

    Obviously

    Agile methods are the cause of this fiasco.

    1. Dan 55 Silver badge
      Trollface

      Re: Obviously

      Not many eyes this time?

    2. hplasm
      Happy

      Re: Obviously

      Nah- DevOps, shurely?!?

  12. N2
    Facepalm

    Easy journalism?

    You might as well publish this headline, every day for eternity.

  13. Anonymous Coward
    Alert

    Telemetryj

    And par for the course, on Win 8.1U1 here it tried to activate the Telemetry service. Again.

  14. wyatt
    Thumb Up

    Nothing trying to push Win10 still? Better I suppose. I'll give it a week for the issues to be ironed out.

    A number at my company did question the continued use of Silverlight in the software we sell years ago. We never did get an answer as to why we were still using it. Fortunately (?) we are moving some over to HTML5.

  15. Michael H.F. Wilkinson Silver badge
    Coat

    I would expect ...

    that whether any statement containing the phrase

    "so updating your <insert device of choice here> will work as expected."

    provides any comfort depends on you expectations.

    If your device has just been bricked by a faulty update, your expectations may be lower than expected

    I expect I should now get my coat. The one with "Great Expectations" in the pocket please

  16. MrKrotos

    iPatch

    Has the fruity firm patented that yet?

    1. Peter Gathercole Silver badge

      Re: iPatch

      Previous history. In the late 1970's and 1980's AT&T Exptools (and probably other tool packages - V7 Addendum tape springs to mind) had a utility to edit i-nodes on a UNIX file system that was called ipatch. I probably have a paper copy of the man page somewhere.

      1. Alistair
        Windows

        Re: iPatch

        @PeterG.

        I have the same reaction every time someone fires up the "Has apple copyrighted iPatch yet?" question.

        The only time they get a different reaction is on "Talk like a pirate day".

        <nice to know I'm not the only old fart that got to play with AT&T nix in the day.>

  17. Sgt_Oddball
    Flame

    That explains that then....

    Office internet has been flaky all morning with machines randomly hogging all of the bandwidth (perfect for when you're trying to figure out why your new server is spitting out emails again to outlook.com/gmail.com et all).

    Flames. Because thats what I want to do all of the kit right now.

    1. sabroni Silver badge

      Re: That explains that then....

      So you'll be all over windows 10 update sharing mechanism then...

      Thought about configuring the office machines to come to life and update themselves in the middle of the night? That's how my home win 7 box does it. The how I used to have my home box configured till MS started sneaking in telemetry with every update....

  18. Black Betty

    So sorry you lost all your data because of something we did.

    Now read the fine print, even though the damage is entirely down to something we've done, we're not responsible.

    1. sabroni Silver badge
      Happy

      Whoah, Black Betty!

      Don't slam the lan!

      (I know it doesn't make sense!!!)

      1. werdsmith Silver badge

        Re: Whoah, Black Betty!

        Does if you are old enough to remember Ram Jam.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like