back to article Let us give thanks that this November, Microsoft has given us just 55 security fixes, two of which are for actively exploited flaws

As the US season of giving thanks and turkey carnage approaches, let us reflect upon Microsoft's November Patch Tuesday, which has bestowed 55 CVEs and the promise of continued employment for the IT admins who have to clean up the recurring mess of software. Only six of the vulnerabilities are considered "Critical," the rest …

  1. eswan

    And they still haven't fixed network printing

    "Next steps: Microsoft is working on a resolution that will allow print clients to establish RPC packet privacy connections to print servers using RPC over SMB. We will provide an update once more information is available."

    1. Clausewitz 4.0

      Re: And they still haven't fixed network printing

      Best Fix Ever for Printers:

      Take the printers out of the Windows Domain, plug it in a Raspberry Pi, network the Raspberry Pi.

      Go for the domain controller, run a batch to update all clients to print via the networked-RPi.

      In case report accountability is needed, fetch the reports from the RPi via SCP.

      I acknowledge that for those having 100+ printers, this is quite a task.

      1. Alan Brown Silver badge

        Re: And they still haven't fixed network printing

        Papercut, linux, cups, problem solved

      2. DailyLlama

        Re: And they still haven't fixed network printing

        No, the best fix for printers is to uninstall them, remove them from your offices, and use PDFs.

    2. diodesign (Written by Reg staff) Silver badge

      Re: And they still haven't fixed network printing

      Thanks -- now noted in the piece, and we'll keep it on our radar.


  2. Kev99 Silver badge

    Fifty-five patches? I thought mictosoft made the most tested software around. Sounds like a load of bovine excrement.

    1. David 132 Silver badge

      No, it's the most testing software around. Easy mistake to make, unless you have to use it.

    2. J. Cook Silver badge

      ... Yeah, it's "the most tested" by way of releasing beta and release candidate level code out into production to be tested by it's paying customers...

      1. Version 1.0 Silver badge

        Bug ...err

        Find a bug and fix it ... but before you release an update then you need to debug the changes ...

        "Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it." - Brian W. Kernighan and P. J. Plauger in The Elements of Programming Style (1974).

        Too often I see people "fix" bugs and then move on ... 55 security fixes, are these old bugs that have existed since the code was created, or are they just new bugs that were created by the previous update?

  3. A random security guy

    Who pays for it? Us

    Remember that we pay MS for the Windows licenses. Then we pay for the IT staff to ensure that the updates don't break the other applications. Then we pay for the IT staff to update all the systems. Meanwhile, we spend an appreciable part of our IT budget on AV systems, Patch Management, all kinds of network protections, etc.

    Just so that we can run Word, Excel, Outlook and PowerPoint. Not that these applications are any more secure. And we pay for them too.

    What a scam. And we are responsible for our ignorance.

    I remember a a presentation by MS Senior VP their Mountain View buildings around 2003-2004 where they touted how many fixes they put out and the effort they were putting into securing their systems. One gentleman politely asked the SVP if Microsoft was going to pay for all the costs required to update systems. The SVP's answer was, "Why should we?" Which either meant that he did not understand the gentleman's question or that he really didn't care about the downstream costs of Windows.

    1. ComputerSays_noAbsolutelyNo Silver badge

      Re: Who pays for it? Us

      Just be happy that micros~1 does pull the full IKEA and makes you program that fragile stuff

  4. Andy The Hat Silver badge

    I think it's amazing ...

    that it's nearly Christmas ... of 2021 ... and we are still seeing the phrase

    "it's a bug that allows remote code execution if the victim opens a maliciously crafted file."

    How come nearly 30 years of hurt and experience hasn't snuffed this method out?

    1. Anonymous Coward
      Anonymous Coward

      Re: I think it's amazing ...

      Programmers are human (and overworked, given too little time to make code secure, and like all humans a bit lazy/have an off day!).

      And a lot of data/file structures are badly documented. (read some RFC's some are vague as fuck!).

  5. Anonymous Coward
    Anonymous Coward

    Are printers still fucked?

  6. TooOldForThisSh*t

    So Relieved

    Every month when I see these articles about Patch Tuesday, I am relieved. Relieved that since my IT job was outsourced and I was forced to retire only 3 years early I no longer have sleepless nights worrying about patches. Relieved that I no longer have hundreds of servers that are my responsibility to patch and update in two weeks. Month after month after month.

    A special favorite is the year when the "Patch Sunday" just happened to fall on Christmas Day. Any normal company would postpone patches for a week and let their IT staff enjoy Christmas. Not the folks I worked for. While the family was enjoying Christmas morning, opening presents and Christmas dinner, I was monitoring server restarts across 7 time zones and of course dealing with the ones that didn't come back up or some service wouldn't start or halted with a hardware error.

    To all of you dealing with this each month, my sincerest wishes for a clean restart :)

  7. -v(o.o)v-

    Visual Studio - not Visual Studio Code!!!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like