Network News

X My Profile
View More Activity

Patch Tuesday Comes Twice in April

Microsoft Corp. today said it plans to release at least five software updates next week to plug several security holes in its Windows operating system and other software.

Security Fix will have more details on the fixes soon after they are released Tuesday as part of Microsoft's regularly scheduled monthly patch process. On Tuesday of this week, the company issued an emergency patch to fix at least seven vulnerabilities in Windows, including one that hackers have been exploiting to break into vulnerable machines.

Microsoft may not be the only large software vendor issuing updates next week. A number of other companies, most notably Apple, have been known to take advantage of "Patch Tuesday" to issue their own security updates. Microsoft took a pass on Patch Tuesday last month, but Apple used the occasion to push out fixes that plugged at least 46 individual security holes. Apple also issued another bushel of patches on February's Patch Tuesday.

By Brian Krebs  |  April 5, 2007; 3:52 PM ET
Categories:  New Patches  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Yoo-Hoo! Do You Yahoo?
Next: Happy Birthday Security Fix

Comments

i hope they pstch rthdcpl.exe

Posted by: billo64 | April 6, 2007 3:01 PM | Report abuse

Microsoft is not responsible for that executable. Realtek is. That is for the Realtek HD soundcard chip that came with your motherboard.

Posted by: Richard B. | April 6, 2007 3:35 PM | Report abuse

According the reports, the ANI exploit is only being realized from 100 web sites presently. And while I think patches are necessary and all exploits or defects should be handled over time with a patch program, doesn't it seem odd that no one has been identified on any one of these 100 sites that are causing this mischief? If they know what sites are pushing the problem, then why aren't they going after the operators of those sites? Have you heard of anyone being arrested or even identified with these sites? It's high time we start looking at the problem for what it is, obviously the software needs to be repaired as ways to attack it are identified, but the problem is really coming from a small handful of operators. If you know which websites are perpetrating this ilk, than you know who to go after, plain and simple. 2 cents.

Posted by: Dodge | April 6, 2007 3:38 PM | Report abuse

It is high time that MS issues a new service pack for XP. It is darned hard to download all the patches issued since Win XP SP2 came out August 6, 2004. All these little hot fixes don't integrate very well into the OS. Windows Vista may be the greatest thing since peanut butter, but not all of us have it, yet.

Posted by: C. Baker | April 6, 2007 4:45 PM | Report abuse

Notice how quiet it is when they talk of MAC having TONS of security issues.......I find this rather symbolic of just who the crackpots are making all the negative comments on a similar MS article......anyone agree?

Posted by: Master Guru | April 6, 2007 7:56 PM | Report abuse

I had an alert for a MS critical update - it was only the WGA which I had already. After the icon remained for days I decided what could it hurt to do it again. After the update I lost my Realtek - the DLL problem.

Posted by: charles | April 7, 2007 2:34 AM | Report abuse

I had an alert for a MS critical update - it was only the WGA which I had already. After the icon remained for days I decided what could it hurt to do it again. After the update I lost my Realtek - the DLL problem.

Posted by: charles | April 7, 2007 2:36 AM | Report abuse

Posted by: Wayne | April 7, 2007 12:47 PM | Report abuse

Posted by: Wayne | April 7, 2007 12:48 PM | Report abuse

I concur that Microsoft should issue Service Pack 3 for Windows XP. But, according to Paul Thurrott from Windows IT Pro:

"And What About Windows XP Service Pack 3?

And although I'm ranting a bit, let's dredge up Windows XP Service Pack 3 (SP3), which was delayed from 2005 to 2006 to 2007 and now to 2008. If you were looking for any glimpse into the mind of Microsoft, this is it: I think that the company has completely abandoned XP, and doesn't plan on shipping XP SP3. My guess is that Microsoft will do what it did with the final Windows 2000 service pack: Claim years later that XP SP3 isn't necessary and just ship a final security patch rollup. Even if XP SP3 is shipped in 2008, it's the worst kiss-off to any Microsoft product I've ever seen, and you'd think the company would show a little more respect to its best-selling OS of all time.
But the reality is that Microsoft is looking ahead to new revenue and not behind to money that's already in the bank. And although hundreds of millions of people will be running XP for years to come--despite Microsoft's best efforts to sell them a newer Windows version--the company has absolutely no plans to actually support those customers, which goes against Microsoft's publicly stated life cycle support plans. And it really freaks me out. It should freak you out as well."

Posted by: TJ | April 7, 2007 2:37 PM | Report abuse

What really freaks out Microsoft:
That many, if not most, 98/2000/ME/XP users will avoid Vista completely. If your machine works, why tinker with a new one with a whole new set of buggy software?

Thus, MS' decision to limit support and patches for 2000/XP and eliminate them entirely for 98/ME. Their hope is that spyware and malware infestations will gradually force users to upgrade. With a Windows monopoly, MS actually has a monetary incentive NOT to provide security patches or build secure long-lasting products.

Think of each security "fork in the road" of the last few years and look at which direction MS chose to go. A few examples:

1) Discontinuing 98/ME updates entirely even though these OS' still have significant user bases. Given the shoddy nature of their initial releases, MS has an obligation to continue patching them.

2) For vulnerabilities revealed after July 2006, MS doesn't release any test results about whether they affect 98/ME. See no evil, hear no evil, speak no evil.

3) Windows Defender only works on XP or higher.

4) Malicious Software Removal Tool only works on 2000 or higher.

5) No more service packs for 2000.

6) A manual download of Win 2000 Update Rollup 1 requires you to pass Genuine Advantage.

7) a virgin Office 2000 installation, without the first service pack SR-1, can't be updated or even REMOVED without the original CD. God help you if you should find such an installation in your network.

8) Win 2000 users can't update their Internet Explorer past I.E. 6 SP1.

9) MS Baseline Security Analyzer requires 2000 or higher. And for the newer version 2.0, you must pass Genuine Advantage to get it.

Posted by: Ken L | April 8, 2007 6:00 PM | Report abuse

@Ken

While I share your concern, there is a point where any software maker has to drop support for old products. Windows 9x is just an accident waiting to happen regarding security, not to mention a 10+ year old OS. Windows 2000 is now 8 years old. XP with Service Pack 2 is circa 2004, which is still a relevent software product.

The line has to be drawn somewhere. Most would argue that starts with the XP products (Windows XP, Office XP), although many will argue it should start at the 2000 line. The point is though that Microsoft appears to be drawing the line at Vista/Office 2007 at the expense of XP. That is a foolish mistake!

Posted by: TJ | April 9, 2007 7:49 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company