Microsoft struggles with patch

Microsoft on Tuesday released a slew of patches for Windows and Office, but a glitch prevented the company from pushing the updates out automatically.

The patches, which include critical fixes for both Office and Windows, can be manually downloaded from Microsoft's Web site. Early on Tuesday, the fixes were not available via Microsoft's more automated tools, and Microsoft said its technical teams were "working around the clock" to solve the updating problems.

"Due to technical difficulties experienced on the Microsoft Update platform, security updates released today are not currently available via Microsoft Update, Automatic Updates, Windows Server Update Services or Windows Update v6," the software maker said.

The issue was resolved by late afternoon Tuesday and the patches were sent out via the automatic updating service, Microsoft said.

The company had said last week to expect 11 patches. However, a representative for the software maker said on Tuesday that a planned critical Windows patch "did not meet the quality bar" and so was not issued.

Tuesday's 10 security bulletins, which include six critical fixes for both Office and Windows, are designed to fix more than two dozen flaws in Microsoft's software--the largest bunch so far this year, said one security company.

"Although there are only 10 patches, they address 26 vulnerabilities, and it's the largest release for Microsoft this year," said Jonathan Bitle, manager of technical accounts at Qualys. "This could be overwhelming for IT managers because they'll have to navigate what to patch and which to patch first."

The second-largest release was in August, when Microsoft's 12 patches put right 23 flaws. A CNET Reviews rundown of the October bulletins can be found here.

Antivirus company Symantec said the updates include patches for Office flaws for which exploit code already exists, including an Excel vulnerability that surfaced in July and a Word exploit that emerged last month.

"The quantity of Microsoft Office vulnerabilities this month illustrates this emerging attacker focus, and users should consider the installation of these patches to be a critical component of a smart security strategy," Symantec Security Response director Oliver Friedrichs said in a statement.

IT administrators may want to work particularly quickly in deploying three of the patches--MS06-057, MS06-058 and MS06-060-Qualys' Bitle said.

Microsoft also noted that it expects to release Windows Internet Explorer 7 later this month, with the browser update scheduled to be delivered shortly thereafter via Windows Update and Automatic Update. The company said it is providing a blocker tool that will allow businesses to prevent their computers from receiving the new browser. Businesses that don't want IE7 should have the blocking tool in place by November 1, Microsoft said.

[Microsoft_Facts]

Another day, another M$ vulnerability and broken patches

Patch. Patch the patch, patch the patches patch. BSOD. Get a Mac/Linux/something else PC.

[mjm01010101]

riiight....

Funny you mention that. Even newer Linux distros far outpatch older Microsoft distributions. Ubuntu 6.06 has well over 100 patches and it's only 4 months old. Yes several require rebooting. http://www.ubuntu.com/usn

OSX has had more and more patches applied to it as time goes on. Don't think it's immune.

[Ryo Hazuki]

Another day, another M$ hater and ridiculous posts

Another day, another M$ hater and ridiculous posts
Slash M$. Slash M$ for patching, slash M$ for patching the patches. Then they come with the same old excuse of the BSOD (I haven't seen a single BSOD in more than a year using WinXP, if you have then you mustn't know how to work with computers). Yes, get a non-M$ PC and then spend the rest of your life using converters to share your files with your friends and figuring out how to run your favourtite software on your new machine.

[Penguinisto]

Dear Lord... haven't they heard of mirrors?

It's the one big, beautiful thing I love ab't running RH Linux (Fedora Core 5), even on my work machinery. If the main d/load site is down when I want patches, there are literally dozens of alternate repository sites that I can point at and get the goods. Same with SuSE (YaST), Debian, etc etc etc... all large Linux distros have that facility.

I'll stick w/ Linux for the critical server stuff, thanks much.

/P

[ChazzMatt]

here's the problem

They are running their Windows server software. IF they ran UNIX for their servers they would have no trouble. I remember when Microsoft bought Hotmail and they were embarrassed to learn that they had to continue to rely upon UNIX to run it well, they little Windows server software couldn't handle that kind of scale. Took them like 5 years to totally replace all the UNIX and make it completely Windows. And so I bet that's why Hotmail frequently has the outages and glitches they do. Hotmail is always having server problems. Look it up on Wikipedia if you don't believe me or so some research.

And this is another example. The mirrors idea is so right and logical that Microsoft would never consider it.

[Seaspray0]

Dear Lord, have you heard of round robin DNS resolution?

By using a round robin DNS resolution, you can direct users to muliple hosts providing the information from a single name space. Do you think google or yahoo are feeding the webpages from one server? Of course not! The clients are split between the hosting servers by round robin DNS. If you repeatedly ping their site, you will receive several IP addresses as the DNS can resolve you to the next available server.

[Seaspray0]

Dear Lord... haven't you heard of round robin DNS?

By using a round robin DNS resolution, you can direct users to muliple hosts providing the information from a single name space. Do you think google or yahoo are feeding the webpages from one server? Of course not! The clients are split between the hosting servers by round robin DNS. If you repeatedly ping their site, you will receive several IP addresses as the DNS can resolve you to the next available server.

[Ryo Hazuki]

Dear Lord... Do you know you don't even need that?

You go to the Microsoft Update website and manually download the patches yourself like I did. And what do you do when to play games or run all the wonderful software around the Internet?

I'll stick w/ Windows for anything computer-related, thanks much too.

[rcrusoe]

Re: Hotmail on UNIX

As I recall, there were occasional "sightings" of Hotmail UNIX
servers on the net for a couple of years after MS said they had
finished the conversion to Windows. This made a lot of people
suspect that MS had just put a Windows front end on the UNIX
system while they continued to work on the conversion.

It made sense for MS to convert Hotmail to Windows, for
marketing reasons, but not for performance, security, or if they
had to purchase licenses - cost reasons.

Bugfix Tuesday must be h3ll at Hotmail. Assuming they even
attempt to patch their machines, the lights in the city probably
dim out when they reboot thousands of s2003 servers. :)

[Ryo Hazuki]

Hotmail on Unix

Yes, it made sense for Microsoft to convert Hotmail to Windows:
Marketing reasons: yes;
Performace: same (same experience as before);
Security: same (didn't have any security-related problems with Hotmail before and continue not to have);
Cost: yes (more expensive to support Unix/Linux servers than Windows servers at it is proven).

Bugfix Tuesday at Hotmail doesn't exist, in case you don't know. But what I think it must be hell is a Linux user to play a game or run his/her favourite software. And asusming they even attempt to patch their machines (never had any problem with Windows Live Mail), there are no reports of lights diming out in the city - so you should come back from your dreams to reality - and they must be very happy about the money they are saving for not having Unix. :)

[mattumanu]

Read the article again please...

Microsoft isn't having trouble with manual updates, ie, manual download and install of patches. They are having trouble with the AUTOMATIC UPDATES, which has actually happened in the past not just to microsoft, but to apple as well.

I didn't have any trouble getting the updates, and they work fine. Usually this stuff comes through automatically since I have automatic updates turned on. Most people for some reason or another turn off automatic updates. It's thier loss.

[qwerty75]

It is their gain

Turning on automatic updates is a mistake for several reasons.

1. It is just another attack vector.

2. Can you say "WGA spyware"? Even if you don't allow it to atuomatically install everything(a terrible idea), see 1.

MS waits so long between patches that having this crap on is a total waste and ironically makes you more vulnerable.

[wbenton]

Tough Job Ahead

Thanks to Microsoft's past record of breaking things that previously worked... the advice:

>>>IT administrators may want to work particularly quickly in deploying three of the patches--MS06-057, MS06-058 and MS06-060-Qualys' Bitle said.<<<

Are having to bite their thumbs on this one.

If Microsoft would not break things which previously worked... it would make the IT manager's task MUCH easier.

Likewise, if Microsoft is struggling with Patch tuesday... maybe they shouldn't try to bundle so many together in a single monthly release and just release them as they're available... like the rest of the security world!!!

FWIW