Hey Microsoft, Stop beta-testing on the general public. Instead get your legal and finanace departments to patch and upgrade before you publish the updates to windows update.
Microsoft freaks out users with Windows 11 warning: 'LSA protection is off'
A recent security update to Windows 11 has put the scare on some users by warning that Microsoft's Local Security Authority (LSA) feature is turned off and their system is vulnerable to attack. The warnings are triggered by the KB5007651 update, according to Microsoft. In messages to Redmond's support sites and on Reddit, some …
COMMENTS
-
-
Wednesday 22nd March 2023 21:06 GMT aerogems
You would think
After they fired a bunch of the QA staff they started suffering more and more embarrassing gaffes with botched updates and other issues. The logical thing would seem to be to hire some of those people back. They may seem like a cost center to the beancounters, but if you drive away your paying customers with shoddy quality products, you won't have any of the revenue that they love so much.
-
Wednesday 22nd March 2023 21:40 GMT Terry 6
Re: You would think
The problem is that Windows is still the automatic default OS for most people. They can't/won't pay the Apple tax and switch to fruit OS and have barely if at all heard of the 'Nuxes. And if they do, ordinary users aren't as enthusiastic about the idea of there being a squillion competing distros as commentards here might be. So Microsoft can push their appalling stupidity as far as they want to. If Win 8 didn't break them, this sort of thing certainly won't.
-
Wednesday 22nd March 2023 22:30 GMT aerogems
Re: You would think
We individuals aren't really Microsoft's customer. We're incidental compared to large corporations who buy expensive volume license packages for multiple products. You start making Exchange or SQL Server patches that are flaky and that's how you get
antsGoogle and or Oracle sniffing around looking to poach a customer.-
-
Thursday 23rd March 2023 13:57 GMT aerogems
Re: You would think
It's the 80/20 rule of business. About 80% of your revenue will come from about 20% of your customers. So, Microsoft is happy to sell the one-off Windows license to you or me, but really they're focused on Fortune 500 companies that will buy in bulk. Meaning, for all intents and purposes, we aren't Microsoft's customers.
-
-
Thursday 23rd March 2023 20:47 GMT J. Cook
Re: You would think
Yes. It's called Windows 10 Enterprise, and you need to have an Enterprise Agreement for it; Coupled with System Center Configuration Manager, it allows for staged updates to a testing farm, then general deployment.
There's also Windows 10 LTSC (formerly LTSB) that is specifically intended for specific purposes; it doesn't get updates nearly as often as the normal channels.
-
Friday 24th March 2023 10:25 GMT 43300
Re: You would think
The Enterprise version gets the same patches (and dubious 'new features') as the Home / Pro version - only difference is that it's normally possible to actively block many of them using Intune or GPOs (this applies to Pro most of the time too).
LTSC has its own issues, such as Office compatibility (not sure whether the 365 apps are officially supported on it now, but don't think they were). Plus it may not play nicely with software like Adobe CC which looks at build numbers and throws a tantrum if it doesn't like what it sees.
-
-
-
-
-
Thursday 23rd March 2023 20:43 GMT Anonymous Coward
Re: You would think
You start making Exchange or SQL Server patches that are flaky
WIth Exchange, the number of "OMG PATCH THIS RIGHT NAO!!!!111oneoneone" bugs over the last six months has been... ridiculous. And I've looked, there's no easy drop-in replacement for it that won't involve a huge amount of user retraining, reconfiguring every. single. client. to use POP3 / IMAP instead of RPC over https (aka Exchange's own protocol), and all the associated headaches that brings.'
In our case, we are taking the wimp's way out and shoving our users to EXO, because that way when it falls over, we can say "We know it's broken, we have a ticket in, and are calling our TAM on an hourly basis to push for resolution."
(and even that's being a paint in the tuckus, because MS has deprecated one of the features we use...)
-
Friday 24th March 2023 10:27 GMT 43300
Re: You would think
They have a long history of periodically breaking things in Exchange with dodgy patches too - it's less common that with client products but it certainly happens, I recall one a number of years ago, when we had all mailboxes on prem, when an Exchange patch caused it to refuse to communicate with a particular version of Outlook (which was in support at the time and on the supported clients list). Only solution was to remove the Exchange patch and wait for a non-borked replacement to appear.
-
-
-
-
-
-
Thursday 23rd March 2023 06:19 GMT ChoHag
If we're including DOS it's over 40 years, otherwise just shy of 30.
I'm going to assume you typod "can't" and well ... why bother? If after 3, 4 decades people are still buying turds, wouldn't you keep selling turds?
They're a lot cheaper to make and they don't even need to try and hide it any more.
The real question is: Why do the masses eating them?
-
-
-
-
-
Friday 24th March 2023 10:31 GMT 43300
Re: Hi Bill
Yeah, I do that if I'm not in the middle of something (if I am I just tell them to fuck off).
Best tactic is to act dumb, "yes, I'm doing that and it's not working. Click where? How do I click? What's the start button", etc. How long can you string them along for before they give up?!
-
-
Thursday 23rd March 2023 03:15 GMT Anonymous Coward
Since Windows 10, Microsoft has abolished QA and outsourced the work that QA should have done to a group of amateurs called Windows Insiders. It is natural that bugs occur frequently. Furthermore, even Windows Insiders are not involved in monthly patches, so it’s strange that bugs do not occur. Moreover, Windows 11 has raised hardware requirements for security reasons, but it’s ironic that bugs occur due to security-related issues.
-
Thursday 23rd March 2023 09:15 GMT Zippy´s Sausage Factory
But what does LSA actually do?
The cynical side of me thinks that if I were in their position I'd write something called "Local Security Authority" but it would be more concerned with making Edge the default browser and replacing the file associations of Libre Office with MS 365 ones than actually providing user security. But I'm sure Micros~1 aren't as devious and sneaky as I am, though, and they would never consider exploiting their monopoly position in unfair manners. At least not after last time.
-
Thursday 23rd March 2023 10:11 GMT emfiliane
It probably took you longer to write that comment than it would have to google it, and find out that it's the kernel module that keeps and verifies passwords and issues auth tokens to local and network resources. It's basically worked in exactly the same boring way since NT 4.0, so your knowledge (paranoia?) is only 25 years out of date, no biggie.
-
-
Thursday 23rd March 2023 10:20 GMT emfiliane
An lsass update is in March's patches...
...and in all older versions, that means a guaranteed reboot after updating. It's a critical enough kernel service that if it dies, the OS will warn you that it died and will shut down in 30 seconds. (Remember sasser and its kin?) Windows 11 finally allowed hotpatching with a momentary process restart to even such deep kernel juju... except there's also a new guardian service that watches for any tampering with the process, since it's so critical. Oops, several someones forgot about that.
QA would have caught this in 30 seconds, but now we're the only QA left. Thanks, Microsoft.
-
Thursday 23rd March 2023 13:44 GMT Mike 137
"Why would you create an update that would leave your users vulnerable to attack?"
Because your development processes are way out of control and you don't carry out security testing properly. Plus, you don't really give a damn about anything except the revenue stream and that comes from an essentially captive user base. Next question...
-
Thursday 23rd March 2023 19:20 GMT MOH
So create security software that you deem so vital that you enable it by default.
(Though this definitely won't break anything because you'll check for incompatibilities first, even though you just failed to do this with your own update).
And then immediately train users to ignore warnings about this vital security setting.
Genius.
-
Thursday 23rd March 2023 19:58 GMT FirstTangoInParis
Fortune 500 first?
I saw this on a W11 PC yesterday….. Perhaps M$ should be forced to roll out all patches to the Fortune 500 first. Or perhaps the stockbrokers. If they don’t complain (and by complain I mean sue the pants off them for losing millions on trades) then they’re good for the rest of us.
-
Tuesday 4th July 2023 15:29 GMT Huckleberry Muckelroy
KB5023706 destroys SSD boot time.
#Microsoft sent down an update to #Windows11 , #KB5023706 around 3/13/2023.
Before this my great RYO PC booted from POST beep to login in 23 SECONDS.
After #KB5023706 my stodgy POS PC boots in 2 MINUTES 25 SECONDS.
It won't uninstall. #MS disavows any prob.
And I am pissed off!
Lots of other victims have asked about relief from this hideous mistake.
But like MS's other hideous mistakes, maybe it is a feature.
It seems to bork SSDs. If you never reboot, you'll never notice.