back to article If you're running Windows, I feel bad for you, son. Microsoft's got 99 problems, better fix each one

It's going to be a busy month for IT administrators as Microsoft, Intel, Adobe, and SAP have teamed up to deliver a bumper crop of security fixes for Patch Tuesday. Redmond weighs in just under the century mark Microsoft had one of its largest patch bundles in recent memory, as the Windows giant released fixes for 99 CVE- …

  1. elvisimprsntr

    So because M$ built in Flash into Edge, I am still vulnerable until the end of 2020. Nice going, Satya!

    https://support.microsoft.com/en-us/help/4520411/adobe-flash-end-of-support

    1. J27

      Yeah...

      Update to the current version of Edge... the one that's Chrome under the hood.

  2. ZenCoder
    Facepalm

    I didn't know it was built in!

    Since I looked it up I might as well cut and paste it.

    1. Click the menu button in Edge. It's the three dots in the upper right corner.

    2. Select Settings from the menu.

    3. Click the "View advanced settings" button. You'll have to scroll down a little bit to find it.

    4. Toggle "Use Adobe Flash Player" to offI jut

    1. DJV Silver badge

      Re: I didn't know it was built in!

      Well, that's weird. I'm running the latest Chromium based Edge which has Flash permanently turned off. As far as I know nothing else is using Flash as I certainly didn't install the damn piece of crap myself and it's definitely not listed in the Apps in settings nor in the older Control Panel Programs and Features. There's also no Adobe folder under Program Files either.

      So why is Microsoft still offering me the Flash update (KB4537789)? Any ideas?

    2. Snowy Silver badge
      Pint

      Re: I didn't know it was built in!

      Thank you and have an upvote and a ----->

    3. J27

      Re: I didn't know it was built in!

      I think you might be running an out of date version of Edge. The current one doesn't even have a menu labelled "Advanced" and Flash is blocked by default.

  3. Cirdan
    Trollface

    Sudo apt-get update &&

    sudo apt-get upgrade

    Adobe issue sorted.

    Drat!

    There go another two minutes of my life!!!

    :-P

    (Thanks, Linux Mint, Canonical/Ubuntu, Debian, and Linux Foundation for all your FOSS goodness!)

    ...Cirdan...

    1. Ordinary Donkey

      Re: Sudo apt-get update &&

      Meanwhile I got 450 megs of updates for Arch Linux this morning.

      Curious what that was all about but it finished while I was in the shower so all's good. Guess now I'll have to launch win10 vm at some point before I want to use it.

      1. Ken Hagan Gold badge

        Re: Sudo apt-get update &&

        Arch is like Debian Sid, only more so. Less of a distro and more of a firehose channeling the entire FOSS community. 450 megs probably just means something blocked the hose for a few days but it's all clear now.

  4. Denarius Silver badge
    FAIL

    Just how many lines of code

    in Flush are not bugs, errors or exploits.

    1. ds6 Silver badge
      Headmaster

      Re: Just how many lines of code

      Freudian slip?

    2. bombastic bob Silver badge
      Mushroom

      Re: Just how many lines of code

      people STILL use FL*SH?

      (I'd prefer blasting it from high orbit with a ginormous ION CANNON of epic proportions - see icon)

    3. fobobob

      Re: Just how many lines of code

      Several, but I think they're mostly comments.

  5. Anonymous Coward
    Anonymous Coward

    Why all the hate for Flash? We’ve all enjoyed using sites with it over two decades. Yes it’s surely full of holes but it was designed for a more innocent / naive time. We learn and we move on to better things.

    1. DJV Silver badge

      I think you answered your own question with your third sentence!

    2. Dan 55 Silver badge
      Meh

      I'm not sure about 'better' things, I'd just go with 'different'. Browsers are updated as often as Flash.

    3. Ken Hagan Gold badge

      "We’ve all enjoyed using sites with it over two decades."

      Speak for yourself. In my experience, Flash was used to produce sites that were slow to load and content-free when they arrived. I decided years ago that disabling Flash was actually a smart move because it flagged up all the sites created by that mindset, which I could then avoid.

  6. Big_Boomer

    Jeez, are people still using Flash? Why not run it on Windows XP as well, and disable your AV, and dangle your bits in a vat of Pthirus pubis. DumbF**ks!

    1. Paul Crawford Silver badge

      Dangle them in a vat of pygocentrus piraya for quicker results.

  7. Long John Silver
    Pirate

    Perspective is required

    Perhaps El Reg would care to commission from a suitable expert an article with intent to place code vulnerabilities and non-trivial bugs into perspective? The flow of singular (i.e. connections not obvious) reports within technical news media and general news media is hard to assess; one may ask the extent to which it is correcting hitherto ascertainment bias (lack of interest in the topic) and the degree to which it relates a growing problem; in particular there is the matter of whether there are avoidable commonalities underlying these events.

    Specific questions to be posed include the following.

    1. Has computer science come up with a workable and measurable conception of complexity in computer code? Obviously, sheer length of code is an inadequate measure because interconnectedness of code segments and possible pathways through them ought be taken into account.

    2. Has any such measure been established as strongly (putatively causally) correlated with rates of occurrence of errors in released/deployed code?

    3. How is the complexity measure influenced by efforts during the decades since digital computing was introduced to wall-off, e.g modularise, sections of code? Are lessons being ignored?

    4. Is there a 'Tower of Babel' effect when sections of code in a complicated set of interrelating code-segments/programs are compiled from differing high level languages?

    5. Is there insufficient separation between core operating system code and that of applications running on it? Similarly, are applications bundled as part of an operating system (e.g. tasks mediated by the human interface) becoming too interconnected to be of predictable behaviour?

    6. Is there too much reliance upon accretions around 'legacy' code with consequent issues of backwards compatibility? For instance, during the past couple of decades coding options for developers and expectations by end-users have grown apace. Moreover, hardware capabilities are increasing rapidly such that 'legacy' code which may have entailed compromises and workarounds for hardware inadequacies now impede reliability and security of newly added code.

    7. Are proprietary software vendors through excessive concern for their 'intellectual property' (IP) obstructing progress toward various helpful common standards and use by themselves and others of code known as trustworthy? Might there be a better way of conducting business and protecting rights/attribution? For instance, why must IP be protected at code level rather than just at end-product level? Trademark law offers opportunity for redress when a company passes itself off as another of established reputation. What does it matter if the ABC operating system or office suite DEF (each compiled from source) vended by company of long standing XYZ starts to be distributed by another company ZYX also compiling from source but with possibility of variations and enhancements? Company ZYX would be in the wrong if claiming its version of the software was ABC or DEF: this because software is generally not sold as a one-off but as is part of a brand package which includes customer support and other add-on features. At the high end of the market, e.g. large business and government institutions, proven reliability in support, fixes, and updates, will win against a cheaper identical (but not in name) version of less secure provenance.

    It follows that major proprietary software vendors, many of international reputation, place themselves at little risk of sustaining losses outweighing advantages from working under a more liberal regimen. Newcomers, even if drawn from other major software houses, have a long uphill trek establishing themselves as trustworthy and reliable alternatives for products and associated services of long standing. Meanwhile, originators of successful software (plus services) can entice their customer bases with appealing innovations.

    In a nutshell, it could be that software reliability overall would be enhanced by combination of coding practices drawn from the best currently known and openness about established code so that attempts to reproduce its functionality with different code in hope of avoiding copyright and patent disputes does not introduce new errors.

    1. Boo Radley

      Re: Perspective is required

      TL;DR

  8. Anonymous Coward
    Anonymous Coward

    Not complaining, but...

    I still got some updates this morning for Windows 7 Home. SNAFU, maybe?

    1. Alumoi Silver badge

      Re: Not complaining, but...

      Naah, just some 'innocent' updates to make sure your Windows 7 runs slower and slower until you 'accidentally on purpose' get upgraded to Windows 10..

    2. 1752

      Re: Not complaining, but...

      That fix to the black desktop bug. Defender updates and the Feb malicious software scan thingy I would say.

      1. David Hicklin Bronze badge

        Re: Not complaining, but...

        Did not see a Feb malicious software scan thingy for Win7 but there was an IE Patch plus the usual rollups on WSUS.

  9. Version 1.0 Silver badge

    Adobe Flash

    It doesn't have bugs, it is a bug. It has to be one of the worst applications ever.

  10. Camilla Smythe

    99!?

    Does it still reboot after downloading each one?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like