Arse. That is all.
Using a thing made by Microsoft, Apple or Adobe? It probably needs a patch today
Microsoft is wrapping up the summer with a dump of 14 bulletins for various security vulnerabilities in its products, while Apple and Adobe are following up with fixes of their own. The September edition of Patch Update Tuesday sees fixes released for critical issues in Windows, Windows Server, Internet Explorer, Edge, Flash …
COMMENTS
-
Wednesday 14th September 2016 01:34 GMT joed
brilliant idea MS
"Microsoft's update for Adobe Flash Player on Windows and Windows Server." - exactly what true server needed. It's surprising these fools have not bundled their crappy Silverlight as well (though number of admins fell for it anyway and pushed it down the line). Probably time to move back to safe W7 platform (especially that I've disabled cumulative updates that keep turning on unwelcome features on 10).
-
Wednesday 14th September 2016 06:44 GMT macjules
Re: brilliant idea MS
Let's see, a company with a somewhat dodgy reputation for updates or patches is trying to fix what is probably the buggiest application in the world. Microsoft claiming to be updating Flash fills me with as much trepidation as I might feel upon hearing that the Samsung battery team are designing batteries for Tesla.
-
Wednesday 14th September 2016 01:39 GMT oldcoder
As soon as you said "Microsoft" you need patches, no matter what the other operating systems actually need - even if they were perfect.
I'm still waiting for the enterprising virus writer to create a workable virus that installs Linux or BSD and then moves on to the next Windows system...
-
Wednesday 14th September 2016 07:30 GMT Anonymous Coward
I'm still waiting for the enterprising virus writer to create a workable virus that installs Linux or BSD and then moves on to the next Windows system...
What, and leave a system behind that actually works reliably using far fewer resources? Management would die of shock as they'd have to come up with new ways to waste budget (you know, because of that wonderful idea that an unspent budget means a smaller budget for next year)..
-
-
Wednesday 14th September 2016 02:19 GMT ~mico
it's 2004 all over again?
> can be exploited by simply opening an image file
MS16-106 looks surprisingly like the good old MS04-028 to me. A very convenient backdoor, at least till it lasts (and I bet the fix will reintroduce it in some other place). C'mon, Microsoft, admit it - ... wait, what's that light outside?
-
-
-
Wednesday 14th September 2016 07:04 GMT Anonymous Coward
Re: Software development
Are you trying to claim that back in the "good old days" developers produced less buggy code? The only difference was that the programs did far less and were thus far less complex, so I suppose to that extent they were less buggy but definitely no less buggy in terms of "bugs per kLOC", and of course you didn't have to worry about downloading patches because there was no internet!
You were lucky if they produced fixes at all, and if they did that you found someone who had got it off a BBS somewhere and could let you copy it onto a floppy.
-
Wednesday 14th September 2016 09:24 GMT Dazed and Confused
Re: Software development
The only difference was that the programs did far less and were thus far less complex, so I suppose to that extent they were less buggy but definitely no less buggy in terms of "bugs per kLOC"
Anther advantage that the code of yore had was that it was typically fresh and had been built end to end by the same team, so there was a chance that someone understood it. These days programmers are often building on top of ages old code which no one fully understands (on a line by line basis, coz it's just too big).
-
Wednesday 14th September 2016 12:14 GMT Hans 1
Re: Software development
>The only difference was that the programs did far less and were thus far less complex, so I suppose to that extent they were less buggy but definitely no less buggy in terms of "bugs per kLOC", and of course you didn't have to worry about downloading patches because there was no internet!
Exactly, that's why your program should be as short as possible, ideally below that 1 kLOC. Creating overly complex monolithic programs creates bugs. Keep your programs small and simple, let them work together to do what you want, now, that should be the solution.
Have clear guidelines as to how the different micro-programs are to behave, e.g. what argument syntax they take ... a dream come true system. Why does nobody design a system like that ? Oh wait, we have just invented UNIX, again!
-
Wednesday 14th September 2016 15:47 GMT Anonymous Coward
Re: Software development
Care to explain how to build a web browser out of an army of small 1000 line programs? And why, even if you do, it is somehow magically going to be less buggy than a monolithic browser with the same kLOC count? Having programs that are 1000 lines in size is really no different than having functions than are 1000 lines in size, but no matter how small you make your functions you can still have bugs in them. And if they become one liners to avoid bugs, then you just push the bugs into the interfaces between them.
-
Wednesday 14th September 2016 19:02 GMT illiad
Re: Software development
If you think it was THAT simple, there would be 1000's of browsers, not around 4 main ones...
(do note that many ''{insert company name here} browser" programs are just a 'shell' around IE or one of the four... }
and then WHAT do you want it to do???
If it was a car, would you mind if it looked like this??
http://www.wired.com/images_blogs/autopia/2009/11/top-gear-ev.jpg
-
-
-
Thursday 15th September 2016 05:20 GMT JLV
Re: Software development
Good points. Not to mention that most of that, rather impressive, list only makes sense to aggressively patch (and research) in the context of widespread exposure to public networks - ie the Internet. Ditch the Internet* with your time machine and apps have a considerably easier life, security-wise.
Ah, the good old days.
* ditch Flash? Now that's more doable.
-
-
-
Friday 16th September 2016 09:33 GMT Roo
Re: Software development
"It just illustrates how poor software programming is these days."
I suspect that particular vuln only works due to fundamental design flaws introduced with NT 4.0 over 20 years ago. MS were told at the time rolling more stuff into the ring 0 was a dumb idea, but rather than take advice and fix it, their PR & dev teams chose to tell customers it was a good idea because it made their pinball game run faster.
-
-
Wednesday 14th September 2016 05:15 GMT Anonymous Coward
It's not the brand, but the software...
Modern software as a whole seems to be fully relying on patching. From games which are released while the product actually wasn't fully finished right down to open source projects where small caveats are found during usage which then also need to be fixed through patching. I know: sometimes a new version gets released. But is that really so much different from releasing a patch?
This thing doesn't stop with Microsoft, Adobe and Google....
-
-
Wednesday 14th September 2016 13:49 GMT Pascal Monett
Patching, in itself, is not the issue
having patches means the software is maintained, which is a Good Thing (TM), because the threat landscape evolves constantly. It is ridiculous to imagine that any group of developers, however smart they may be, could preconceive every single possible threat scenario that will crop up.
Given the complexity required of today's software, that must interface almost with everything under the Sun, some bugs obviously slip through as well. It is nice to have those bugs squashed in a timely manner.
The issue is not with the patching. The issue is with the fuckups that insufficient whiteboarding and testing introduce into patches that pretend to solve something and either don't, or fuck something else up along the way.
I am prepared to accept that a patch does not wholly solve a problem. Writing software is difficult and I know by experience that edge cases are a maddening nuisance to deal with.
I cannot accept that a patch bricks a computer, or otherwise trashes an entire environment. That can only happen when next to no testing was ever done, in a case of "oh that problem ? Just flip the bit to 0 and we're done with it". Seems obvious, but even when it is, test, test and test again, especially when your customer base numbers in the millions.
And I accept that, even when you do test against every single scenario your PC catalogue has, there's always some extreme case that slips through. PCs are the ultimate hardware platform, they can modified in uncountable ways.
But if you fuck up a console, you deserve to be fired, if not shot.
-
-
Wednesday 14th September 2016 06:54 GMT cd / && rm -rf *
"Adobe, who posted an update for Flash Player that addresses 29 CVE-listed security flaws"
Another 29 patches?!
http://www.cvedetails.com/vulnerability-list/vendor_id-53/product_id-6761/Adobe-Flash-Player.html
892 vulns. What a bunch of cockwombles. Why am I reminded of the old adage about a car being a bucket of rust held together only by the paint?
-
Wednesday 14th September 2016 12:16 GMT Hans 1
>892 vulns. What a bunch of cockwombles. Why am I reminded of the old adage about a car being a bucket of rust held together only by the paint?
892 CVE's. What a bunch of cockwombles. Why am I reminded of the old adage about a car being a bucket of rust held together only by the paint?
TFTFY, a single CVE can describe multiple vulns ...
-
-
Wednesday 14th September 2016 09:19 GMT wyatt
Nothing trying to push Win10 still? Better I suppose. I'll give it a week for the issues to be ironed out.
A number at my company did question the continued use of Silverlight in the software we sell years ago. We never did get an answer as to why we were still using it. Fortunately (?) we are moving some over to HTML5.
-
Wednesday 14th September 2016 10:08 GMT Michael H.F. Wilkinson
I would expect ...
that whether any statement containing the phrase
"so updating your <insert device of choice here> will work as expected."
provides any comfort depends on you expectations.
If your device has just been bricked by a faulty update, your expectations may be lower than expected
I expect I should now get my coat. The one with "Great Expectations" in the pocket please
-
Wednesday 14th September 2016 11:13 GMT Sgt_Oddball
That explains that then....
Office internet has been flaky all morning with machines randomly hogging all of the bandwidth (perfect for when you're trying to figure out why your new server is spitting out emails again to outlook.com/gmail.com et all).
Flames. Because thats what I want to do all of the kit right now.
-
Wednesday 14th September 2016 11:33 GMT sabroni
Re: That explains that then....
So you'll be all over windows 10 update sharing mechanism then...
Thought about configuring the office machines to come to life and update themselves in the middle of the night?
That's how my home win 7 box does it.The how I used to have my home box configured till MS started sneaking in telemetry with every update....
-
-
Wednesday 14th September 2016 12:23 GMT illiad
HUH, I have had win7 on various PCs for years now... switched off updates, NEVER use IE, NEVER use outlook, or any other MS crap...
I use pale moon, a version of firefox that does not have the stoopid geek stuff, just works properly.. :)
NOTE!!! Pale moon is N O T a speed freak, N O T a 'I have fancy functions' freak...
JUST a browser that works well for BROWSING (y'know, the thing it is made for?? )