back to article Put down the eggnog, it's Patch Tuesday: Fix Windows boxes ASAP

Microsoft has kicked out its December batch of software security fixes, the final Patch Tuesday of 2017. Redmond has addressed 32 CVE-listed vulnerabilities in Edge, Windows, and Office, as well as a hole in Internet Explorer last seen in the early-oughts. Get patching as soon as possible. Leading this month's Patch Tuesday …

  1. This post has been deleted by its author

  2. arctic_haze
    Happy

    Wrong title

    It should be "It is almoast 2018 and compiled HTML help (CHM) files can infect your Windows".

    1. Anonymous Coward
      Anonymous Coward

      Re: Wrong title

      "can be exploited by an attacker to snatch a victim's NTLM hash"

      But NTLM hashes are disabled by default on modern Windows versions.

      1. bombastic bob Silver badge
        Devil

        Re: Wrong title

        "disabled by default on modern Windows versions."

        a good number of people are probably STILL running XP because of how SUCKY "Ape" and Win-10-nic are. [yes, didn't take long to take the opportunity to get some 'digs' in on Win-10-nic]

        and I wouldn't call anything newer than 7 "modern". That term has been used in such oxymoronic ways that it's lost its real meaning.

  3. Anonymous Coward
    Anonymous Coward

    IE and Edge

    Still as shit as ever.

    1. Anonymous Coward
      Anonymous Coward

      Re: IE and Edge

      Because other browsers don't have security and bug update.

      Checks Vivaldi change log for today's update...Chromium Security updates.

      1. Anonymous Coward
        Anonymous Coward

        Re: IE and Edge

        Came here to post the same thing. Why are there security issues with Edge? I thought it was built from the ground up? What a pile of shit.

        1. chivo243 Silver badge
          Headmaster

          Re: IE and Edge - Forgot a word!

          I thought it was built from the ground up? What a pile of shit.

          I thought it was built from the ground up? What a steaming pile of shit.

          1. Kiwi
            WTF?

            Re: IE and Edge - Forgot a word!

            I thought it was built from the ground up? What a pile of shit.

            I know, right? So hard to see how people could ever have gotten that idea.

            I mean, MS says things like "As we announced recently, Microsoft Edge hosts a new rendering engine, Microsoft EdgeHTML." and "But Microsoft Edge has done more than just re-write the rendering engine. Here we describe the security mitigations baked into the Microsoft Edge browser." and "The largest change in Microsoft Edge security is that the new browser is a Universal Windows app.", and "Microsoft Edge is a brand new browser, with new goals and requirements." (all at https://blogs.windows.com/msedgedev/2015/05/11/microsoft-edge-building-a-safer-browser/) - but there's NOTHING there that could imply that Edge is "a brand new browser" is there? And calling it "a brand new browser" and describing several new features and a new way the "app" runs in Windows of course in no way implies that it is "a brand new browser".

            What a steaming pile of shit.

            As are most posts that try to say MS never claimed or implied that it was a complete re-write from scratch Claimed? Maybe not. Implied? Often.

        2. Anonymous Coward
          Anonymous Coward

          Re: IE and Edge

          "Why are there security issues with Edge? I thought it was built from the ground up?"

          Edge is just a rebranded IE. IE became a punchline in the browser/tech world, Microsoft needed to polish the turd and make it more palatable.

          https://en.wikipedia.org/wiki/EdgeHTML

          No reason to use Edge unless you're a hardcore Microsoft fan, you're too lazy to download/install another browser... or you're just unfortunate enough to be in the Windows 10 S prison, where Edge is the prison food served to you and you have no choice.

          1. Duffy Moon

            Re: IE and Edge

            I use Edge to watch streaming content, as I remember reading ages ago that it was the only browser that gave 1080p on Windows 10. If anyone knows different, I'm happy to be disabused.

            1. Dan 55 Silver badge

              Re: IE and Edge

              It's the only browser that does 4K Netflix. If you're happy with 1080p then use any browser you like, which is probably a good idea as Edge is IE11 with the ActiveX bits #ifdef'd out and an even more horrid UI.

            2. Anonymous Coward
              Anonymous Coward

              Re: IE and Edge

              "If anyone knows different, I'm happy to be disabused.

              (FTFY -- this is the Comments section)

            3. bombastic bob Silver badge
              Trollface

              Re: IE and Edge

              "it was the only browser that gave 1080p on Windows 10."

              downloading videos and watching them offline with VLC or mplayer gets me whatever resolution is available for the content on FREEBSD and LINUX [and without the slurping].

          2. Captain Badmouth
            Happy

            Re: IE and Edge

            "Edge is just a rebranded IE. IE became a punchline in the browser/tech world, Microsoft needed to polish the turd and make it more palatable.2

            So edge is proof you can't sharpen a turd either...

            1. Joe User

              Re: IE and Edge

              "So edge is proof you can't sharpen a turd either..."

              Actually, MythBusters proved that you can polish a turd.

              https://www.youtube.com/watch?v=yiJ9fy1qSFI

              But in the end, you still have just a turd, even if it is nice and shiny.

      2. Snorlax Silver badge
        Facepalm

        Re: IE and Edge

        @ Lost all faith...:"Because other browsers don't have security and bug update."

        The AC didn't claim that other browsers "don't have security and bug update."

        He said that IE and Edge are shit, which is true.

    2. Anonymous Coward
      Anonymous Coward

      Re: IE and Edge

      "Still as shit as ever."

      But still less shit than Chrome which is on over 1500 patches / holes.

      1. Anonymous Coward
        Anonymous Coward

        Re: IE and Edge

        "But still less shit than Chrome which is on over 1500 patches / holes."

        Chrome has had 1523 vulns reported since September 2008, so an average ~170 per year.

        Edge has had 350 vulns reported since August 2015, so an average of ~175 per year.

        Of those, over 60% of those Edge vulns involved remote code execution, versus around only 6% for Chrome.

        So Chrome is indeed much better than Edge in terms of its security reputation.

  4. Anonymous Coward
    Boffin

    Top Xmas tip

    Never do preventative maintenance after boozing

    1. Dan 55 Silver badge

      Re: Top Xmas tip

      But what if I'm a sysadmin of MS products and need booze just to get through the day?

      1. bob, mon!
        Pint

        Re: Top Xmas tip

        What if it's not preventative?

        Before or after, there *will* be boozing....

    2. Doctor Syntax Silver badge

      Re: Top Xmas tip

      Never do percussive maintenance after boozing.

      1. Chemical Bob
        Windows

        Re: Top Xmas tip

        "Never do percussive maintenance after boozing."

        Better to perform it *while* boozing

    3. InfiniteApathy
      Pint

      Re: Top Xmas tip

      Pfffft, spoil sports aren't invited to patchy-drinky

    4. Anonymous Coward
      Anonymous Coward

      Re: Never do preventative maintenance after boozing

      Right, why ruin a perfectly good drunk

  5. Snorlax Silver badge

    Over the Edge

    Those three people who use Edge better get patching...

    1. Anonymous Coward
      Anonymous Coward

      Re: Over the Edge

      Looks like all three read your comment :-D

  6. Sp1tf1r3
    Thumb Down

    Out of Band? No it wasn't.

    Popping in a security fix at the same time as updating the signatures is the normal way of MMPE to update (like most AV engines) and makes sense. As does the not tying your AV engine to the monthly Microsoft Update where the update could be pulling the rug out from underneath the AV engine..

    The quote from the Security Tech Center article where it states that....

    Why was this released before the normal December Security Update Release on December 12, 2017

    The Microsoft Malware Protection Engine is released along with anitmalware signatures. These releases don’t always contain security updates and are not bound to a monthly cadence.

  7. Wibble

    Edge off

    Do you need to patch Edge after it's been used to download a proper browser?

    Pity it can't be deleted

  8. WibbleMe

    Had to re-install my Realtek audio drivers after the update today. Only did a clean build last week.

    1. Kiwi
      Linux

      Had to re-install my Realtek audio drivers after the update today. Only did a clean build last week.

      Takes me back to the pre-XP days, having to reinstall your machine from scratch every 6 months or so.

      Although, usually in that case it was a build up of garbage and disk fragmentation making it slower that made it more desirable to rebuild, NOT having an update bork your drivers yet again that caused the need for a rebuild from scratch!

      (Happy coz although I've done updates, I've been running this install for years across various Mint versions and also various bits of hardware - still runs faster than a fresh Windows install on the same hardware!)

  9. Anonymous Coward
    Anonymous Coward

    "Put down the eggnog"

    Eggnog?! What's this yank-pandering nonsense? "Shaun Nichols in San Francisco" my ass... no-one drinks that crap here!

    I'll continue to observe the ancient tradition of grabbing a bottle of the Christmas beverage since time immemorial from Tesco and guzzle *that* while I incompetently fix your server, ta very much.

    1. DuchessofDukeStreet
      Pint

      Re: "Put down the eggnog"

      Ahem, may I refer you to my late Lancastrian grandmother who not only drank eggnog as her traditional Christmas drink, was known to make her own on occasion. As children, one of our Christmas treats at granny's was a (very weak) bright yellow eggnog. Things went mildly astray when a newly married and very young aunt was tasked with mixing the drinks and failed to realise that the luminous yellow substance was alcoholic and poured it almost neat.

      1. John H Woods Silver badge

        Re: "Put down the eggnog"

        LOL "Things went mildly astray" for me too, due to a lack of alcoholic knowledge. I didn't drink alcohol until I was much older, so when teenage me was told, by a barista in bologna, that an excellent winter drink was Cointreau and fresh OJ warmed with the steam nozzle of an espresso machine, I just filed it under "good to know"

        Years later, I had an espresso machine; a cold winter's day popped that nugget back of the stack and I suggested to my friends that they might like to try this. Not realising Cointreau is about 40%, I mixed it 50:50 with OJ, handed it out and everyone said it was marvellous. 10 minutes later I was the only one still conscious.

        1. Spacedinvader
          Trollface

          Re: "Put down the eggnog"

          Pfft, lightweights!

    2. Doctor Syntax Silver badge

      Re: "Put down the eggnog"

      "I'll continue to observe the ancient tradition of grabbing a bottle of the Christmas beverage since time immemorial"

      From the link: The technical people at IDV’s research and development department in Harlow had concocted some “heather and honey” traditional-style liqueurs

      I may have a still unopened bottle at the back of my pantry shelf, given to us some years ago by a cousin who'd had it given to them - a chain of events you might find informative.

      But years ago when we, for some reason, took a ferry from Dublin instead of Larne, we came across a promotion for it. The poor girl who was trying to organise it had a supply of those minuscule plastic thimbles they use for such occasions and was trying to ration it out. She ran into a gaggle of old dears from the back streets of Belfast (to judge by the accents). After a few minutes she was looking a bit stressed. Before long they'd wrested control of the supply from her and by the time we docked in Holyhead they were all rolling drunk.

      1. WolfFan Silver badge

        Re: "Put down the eggnog"

        But years ago when we, for some reason, took a ferry from Dublin instead of Larne, we came across a promotion for it. The poor girl who was trying to organise it had a supply of those minuscule plastic thimbles they use for such occasions and was trying to ration it out. She ran into a gaggle of old dears from the back streets of Belfast

        She tried to get between a bunch of Belfast biddies and free alcohol? Whatever was she thinking?

        1. Doctor Syntax Silver badge

          Re: "Put down the eggnog"

          "Whatever was she thinking?"

          Something along the lines of "Stop the boat, I want to get off" as far as I could make out.

  10. Flakk

    YMMV

    Loaded the 2017-12 Cumulative Update for Windows 10 Version 1709 for x64-based Systems (KB4054517) this morning. Upon reboot, it seems that the OS lost track of my profile. Many of my apps refused to start (*cough*Office 365*cough*). Uninstalling the update returned my machine to functionality.

    This one may need to bake a few additional days.

  11. Pink Duck
    FAIL

    Trusted security?

    Late 2017 and Microsoft still don't code sign SmartScreen.exe

  12. Destroy All Monsters Silver badge
    Windows

    All very well, but...

    Why is this story illustrated with a disgruntled brat with attitude who to all evidence needs a good spanking to get back into line?

    Is it an allusion to the Blue Wonder of Redmond?

  13. Anonymous Coward
    Anonymous Coward

    Damn you ms - damn you to hell!

    Came in (aus), started the puter and then wrote a horrendous sql query.

    Executed it, went to save it - because it worked , but before I could save it, Puter shutdown to install the updates. Didn’t even get the (these applications are preventing windows to shutdown) screen.

    Windows 7 Professional

    1. Doctor Syntax Silver badge

      Re: Damn you ms - damn you to hell!

      "Executed it, went to save it"

      Lesson learned. Write it, save it, try it. Then edit, save and try as necessary until it works.

      And if it updates stuff, start with BEGIN WORK but leave the COMMIT or ROLLBACK to be entered by hand.

  14. Anonymous Coward
    Anonymous Coward

    FTFY

    "Put down the eggnog, it's Patch Tuesday: Fix Windows boxen ASAP"

    Spellchecker needs guidance, smells like vanilla creep.

  15. FlamingDeath Silver badge

    Cowboys

    Ere Mush, lets blindly sneeze at the screen and declare it software

    An analogy, a builder builds a house

    The doors and windows fall out

    Like I said, COWBOYS

  16. Kiwi
    Facepalm

    "...a fix for a Business Logic Error..."

    Can we get one of those for the idiots over at MS?

    Come on mickey$loth, it's almost 2018. This shit should long be done with.

    Help files as an infection vector? SMB? STILL? Bloody hell.

    Hey, how about tell the world to fuck off, shut your doors, and drink a bunch of "kool aid". Release the source though so those who really imagine they want to still use your crap despite all logic to the contrary can continue to do so and actually fix these bugs you should've dealt with a long time ago.

    And come on businesses, get rid of them from your systems.. Start demanding the vendors of those small few products that you can't get for other systems actually make them for other systems.

    The MS security nightmare needs to end.

  17. Anonymous Coward
    Anonymous Coward

    Windows Update borked

    Just re-installed Win7

    200 patches launched....

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like