back to article Edge joins Explorer in bumper crop of security patches

It's Patch Tuesday the second day of the week in the month of November and Microsoft and Adobe have pushed out their security updates. Joining the perennial favorites Flash and Internet Explorer comes new kid on the block, Edge. Top line news: no zero days this month but there are four critical updates and eight important ones …

  1. This post has been deleted by its author

  2. Mark 85 Silver badge

    Before I drop the drawbridge to have a look at this.....

    Is this part of it a Trojan Horse that Win7 users will get that includes all the Win10 "Get it now" updates and folderol? <peers head over parapet><wonders if it's a trap as we've seen it before>

    I'll go have a peek and report back as to whether it's a trap or not... <sigh> a dark and dirty job but someone's gotta' take a peek.

    Edit... seems the coast is clear... <keeping fingers crossed as the GWX Blocker might be stopping them>

    1. Havin_it
      Alert

      Re: Before I drop the drawbridge to have a look at this.....

      Sounds like your blocker's working. I uncorked WinUpdate today and found SEVEN items that I wouldn't touch with yours. That GWX-blocking reg hack that appeared last month must have been nuked :(

      KB3035583 - GWX itself.

      KB2952664

      KB2999226

      KB3021917

      KB3068708

      KB3075249

      KB3080149 - All mention telemetry and/or "compatibility with the next version of Windows".

      Oddly, another W7 box on auto-update hadn't received any of these and didn't seem to want them upon checking. It's a little less beefy and hasn't had the same update diet, mind.

      Note: There is NOTHING authoritative about the above list; it's just the obvious dangleberries I identified from the KB notes.

  3. elDog

    It's hard to have an original comment about the drip/dribble/stream of updates from MS/Adobe

    So I won't even try.

    Isn't Edge supposed to be so bleeding "edge" that it has left all the poor coding practices that MS practices in the dust?

    No such luck with poor Adobe. Same old, same old.

    I do wonder about the push to move all the Win7/8 users to this wonderful new Win-XI platform. Looking like some isolated VMs running on a solid OS is the way to tame these beasts.

    1. a_yank_lurker Silver badge

      Re: It's hard to have an original comment about the drip/dribble/stream of updates from MS/Adobe

      "Isn't Edge supposed to be so bleeding "edge" that it has left all the poor coding practices that MS practices in the dust?' - Same trash just a new package.

    2. RIBrsiq

      Re: It's hard to have an original comment about the drip/dribble/stream of updates from MS/Adobe

      There's no bug-free code. If you believe there is, then I have any number of bridges and famous landmarks to sell you.

      printf("Hello World!");

      ...probably has plenty enough bugs in it. Presumably in the implementation of printf() or in other hidden code supporting it.

    3. TheVogon

      Re: It's hard to have an original comment about the drip/dribble/stream of updates from MS/Adobe

      "Isn't Edge supposed to be so bleeding "edge"

      Edge is IE11 minus all the legacy cruft. So there is some shared code.

      "that it has left all the poor coding practices that MS practices in the dust?"

      IE has had fewer bugs than say Google Chrome and Safari for years now.

      1. Charlie Clark Silver badge

        Re: It's hard to have an original comment about the drip/dribble/stream of updates from MS/Adobe

        Edge is IE11 minus all the legacy cruft. So there is some shared code.

        Largely true. I think Edge has no officially forked from the IE 9 branch that was itself a rewrite of existing code.

        IE has had fewer bugs than say Google Chrome and Safari for years now.

        This is both false and misleading: exploits in IE are more dangerous than in Chrome or Safari because of the way it's hooked up in the OS.

        1. Anonymous Coward
          Anonymous Coward

          Re: It's hard to have an original comment about the drip/dribble/stream of updates from MS/Adobe

          "This is both false and misleading: exploits in IE are more dangerous than in Chrome or Safari because of the way it's hooked up in the OS."

          Checking Secunia shows it's not false. And IE / Edge runs as a standard user under Windows, and by default runs in protected mode, so that's also not true. Just check say Pwn2Own...Chrome / Safari usually fall faster than IE.

  4. SecretSonOfHG

    Windows 10+Edge: now you have two browsers to patch

    Said it a while ago and got a lot of downvotes, but that's what is happening.

    1. TheVogon

      Re: Windows 10+Edge: now you have two browsers to patch

      "Said it a while ago and got a lot of downvotes, but that's what is happening."

      Quite correct - not sure why you got downvotes again.

      Worth noting though that IE is only there for compatibility and most people wont even launch it. Once Edge is more of an established and complete solution, IE will die. As presumably most people will be applying all security patches anyway, it's not really any extra overhead.

  5. Tommyinoz

    Reboot reboot reboot

    Microsoft calls it patch Tuesday. I call it reboot Wednesday.

    I think my description is more accurate.

    1. Gotno iShit Wantno iShit

      Re: Reboot reboot reboot

      No they don't and they never have. The sane world has called it Patch Tuesday but not Microsoft.

      This has clearly irritated Microsoft so rather than do the sane thing and fall into line they are instead phasing Patch Tuesday out. Instead of a predictable, reliable schedule of updates that the world can plan for Microsoft is soon going to start pushing out whatever they like whenever they like and for added fun not tell us what updates are about any more. Planning for the arrival and deployment of f##k knows what, f##k knows when is going to be an 'opportunity' for the sane world.

      It is an effective way for Microsoft to persuade the world to stop using the term Patch Tuesday. It is not, by any stretch at all sane.

      1. Anonymous Coward
        Anonymous Coward

        Re: Reboot reboot reboot

        "Patch Tuesday. It is not, by any stretch at all sane."

        PatchEveryDay © PatchAnyDay ©

        1. This post has been deleted by its author

      2. Tommyinoz

        Re: Reboot reboot reboot

        Windows is an absolute dogs breakfast when it comes to updates. And as you point out, it's getting worse. I'm not just talking about Windows updates. The issue is, when you install 20 different pieces of software, you end up with 20 different updater programs running on your computer. You have no centralised control over this crap, you find updaters in your scheduled tasks, running as a service, in your startup, in your sys tray, and the software themselves pulling down updates while you are using them. It's a dogs breakfast!

        1. Anonymous Coward
          Anonymous Coward

          Re: Reboot reboot reboot

          "PatchEveryDay © PatchAnyDay ©"

          Welcome to the world of Linux ©

          "when you install 20 different pieces of software, you end up with 20 different updater programs running on your computer."

          Windows Store fixes that.

          1. Anonymous Coward
            Anonymous Coward

            Re: Reboot reboot reboot

            "Welcome to the world of Linux"

            Nothing wrong with that. And they are for the most part very small, non-disruptive and they sure as hell don't break things, so we don't fear them either.

            "Windows Store fixes that."

            In theory one day it might. Once it's more widely adopted and all legacy software goes away. If that happens. Looking at the Mac app store I don't like the chances.

    2. TheVogon

      Re: Reboot reboot reboot

      Yep - annoying that Microsoft didn't completely remove the requirement for patching reboots in Windows 10 / Server 2016. Things have got better in recent Windows versions but reboots are still too frequent. I think that Oracle own a patent on live patching technology though which probably explains it to a degree...

  6. Anonymous Coward
    Anonymous Coward

    Still have a Win7 machine lying around? Cross your fingers that you can still logon after installing MS15-115 (KB3097877) https://www.reddit.com/r/techsupport/comments/3seu7e/flashing_login_screen_windows_7/

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like