Put down the eggnog, it's Patch Tuesday: Fix Windows boxes ASAP Microsoft has kicked out its December batch of software security fixes, the final Patch Tuesday of 2017. Redmond has addressed 32 CVE-listed vulnerabilities in Edge, Windows, and Office, as well as a hole in Internet Explorer last seen in the early-oughts. Get patching as soon as possible. Leading this month's Patch Tuesday …
This post has been deleted by its author
"disabled by default on modern Windows versions."
a good number of people are probably STILL running XP because of how SUCKY "Ape" and Win-10-nic are. [yes, didn't take long to take the opportunity to get some 'digs' in on Win-10-nic]
and I wouldn't call anything newer than 7 "modern". That term has been used in such oxymoronic ways that it's lost its real meaning.
I thought it was built from the ground up? What a pile of shit.
I know, right? So hard to see how people could ever have gotten that idea.
I mean, MS says things like "As we announced recently, Microsoft Edge hosts a new rendering engine, Microsoft EdgeHTML." and "But Microsoft Edge has done more than just re-write the rendering engine. Here we describe the security mitigations baked into the Microsoft Edge browser." and "The largest change in Microsoft Edge security is that the new browser is a Universal Windows app.", and "Microsoft Edge is a brand new browser, with new goals and requirements." (all at https://blogs.windows.com/msedgedev/2015/05/11/microsoft-edge-building-a-safer-browser/) - but there's NOTHING there that could imply that Edge is "a brand new browser" is there? And calling it "a brand new browser" and describing several new features and a new way the "app" runs in Windows of course in no way implies that it is "a brand new browser".
What a steaming pile of shit.
As are most posts that try to say MS never claimed or implied that it was a complete re-write from scratch Claimed? Maybe not. Implied? Often.
"Why are there security issues with Edge? I thought it was built from the ground up?"
Edge is just a rebranded IE. IE became a punchline in the browser/tech world, Microsoft needed to polish the turd and make it more palatable.
https://en.wikipedia.org/wiki/EdgeHTML
No reason to use Edge unless you're a hardcore Microsoft fan, you're too lazy to download/install another browser... or you're just unfortunate enough to be in the Windows 10 S prison, where Edge is the prison food served to you and you have no choice.
"But still less shit than Chrome which is on over 1500 patches / holes."
Chrome has had 1523 vulns reported since September 2008, so an average ~170 per year.
Edge has had 350 vulns reported since August 2015, so an average of ~175 per year.
Of those, over 60% of those Edge vulns involved remote code execution, versus around only 6% for Chrome.
So Chrome is indeed much better than Edge in terms of its security reputation.
Popping in a security fix at the same time as updating the signatures is the normal way of MMPE to update (like most AV engines) and makes sense. As does the not tying your AV engine to the monthly Microsoft Update where the update could be pulling the rug out from underneath the AV engine..
The quote from the Security Tech Center article where it states that....
Why was this released before the normal December Security Update Release on December 12, 2017
The Microsoft Malware Protection Engine is released along with anitmalware signatures. These releases don’t always contain security updates and are not bound to a monthly cadence.
Had to re-install my Realtek audio drivers after the update today. Only did a clean build last week.
Takes me back to the pre-XP days, having to reinstall your machine from scratch every 6 months or so.
Although, usually in that case it was a build up of garbage and disk fragmentation making it slower that made it more desirable to rebuild, NOT having an update bork your drivers yet again that caused the need for a rebuild from scratch!
(Happy coz although I've done updates, I've been running this install for years across various Mint versions and also various bits of hardware - still runs faster than a fresh Windows install on the same hardware!)
Eggnog?! What's this yank-pandering nonsense? "Shaun Nichols in San Francisco" my ass... no-one drinks that crap here!
I'll continue to observe the ancient tradition of grabbing a bottle of the Christmas beverage since time immemorial from Tesco and guzzle *that* while I incompetently fix your server, ta very much.
Ahem, may I refer you to my late Lancastrian grandmother who not only drank eggnog as her traditional Christmas drink, was known to make her own on occasion. As children, one of our Christmas treats at granny's was a (very weak) bright yellow eggnog. Things went mildly astray when a newly married and very young aunt was tasked with mixing the drinks and failed to realise that the luminous yellow substance was alcoholic and poured it almost neat.
LOL "Things went mildly astray" for me too, due to a lack of alcoholic knowledge. I didn't drink alcohol until I was much older, so when teenage me was told, by a barista in bologna, that an excellent winter drink was Cointreau and fresh OJ warmed with the steam nozzle of an espresso machine, I just filed it under "good to know"
Years later, I had an espresso machine; a cold winter's day popped that nugget back of the stack and I suggested to my friends that they might like to try this. Not realising Cointreau is about 40%, I mixed it 50:50 with OJ, handed it out and everyone said it was marvellous. 10 minutes later I was the only one still conscious.
"I'll continue to observe the ancient tradition of grabbing a bottle of the Christmas beverage since time immemorial"
From the link: The technical people at IDV’s research and development department in Harlow had concocted some “heather and honey” traditional-style liqueurs
I may have a still unopened bottle at the back of my pantry shelf, given to us some years ago by a cousin who'd had it given to them - a chain of events you might find informative.
But years ago when we, for some reason, took a ferry from Dublin instead of Larne, we came across a promotion for it. The poor girl who was trying to organise it had a supply of those minuscule plastic thimbles they use for such occasions and was trying to ration it out. She ran into a gaggle of old dears from the back streets of Belfast (to judge by the accents). After a few minutes she was looking a bit stressed. Before long they'd wrested control of the supply from her and by the time we docked in Holyhead they were all rolling drunk.
But years ago when we, for some reason, took a ferry from Dublin instead of Larne, we came across a promotion for it. The poor girl who was trying to organise it had a supply of those minuscule plastic thimbles they use for such occasions and was trying to ration it out. She ran into a gaggle of old dears from the back streets of Belfast
She tried to get between a bunch of Belfast biddies and free alcohol? Whatever was she thinking?
Loaded the 2017-12 Cumulative Update for Windows 10 Version 1709 for x64-based Systems (KB4054517) this morning. Upon reboot, it seems that the OS lost track of my profile. Many of my apps refused to start (*cough*Office 365*cough*). Uninstalling the update returned my machine to functionality.
This one may need to bake a few additional days.
Came in (aus), started the puter and then wrote a horrendous sql query.
Executed it, went to save it - because it worked , but before I could save it, Puter shutdown to install the updates. Didn’t even get the (these applications are preventing windows to shutdown) screen.
Windows 7 Professional
Can we get one of those for the idiots over at MS?
Come on mickey$loth, it's almost 2018. This shit should long be done with.
Help files as an infection vector? SMB? STILL? Bloody hell.
Hey, how about tell the world to fuck off, shut your doors, and drink a bunch of "kool aid". Release the source though so those who really imagine they want to still use your crap despite all logic to the contrary can continue to do so and actually fix these bugs you should've dealt with a long time ago.
And come on businesses, get rid of them from your systems.. Start demanding the vendors of those small few products that you can't get for other systems actually make them for other systems.
The MS security nightmare needs to end.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2023
