Frightful Patch Tuesday gives admins a scare with 175+ Microsoft CVEs, 3 under attack Spooky season is in full swing, and this extends to Microsoft's October Patch Tuesday with security updates for a frightful 175 Microsoft vulnerabilities, plus an additional 21 non-Microsoft CVEs. And even scarier than the sheer number of bugs: three are listed as under attack, with three others publicly known, and 17 deemed …
The rating is not only how bad it is, but also how hard it is to pull off.
Si a flaw that allows someone to send an email.and take over a machine, without even opening the message will get very high
Having to have physical access and then manually having to run the software locally will get a lower score.
The end of Windows 10 support and just think what will happen to your PC if you don't move on to '11 (or give us your backups or cash to streeeeetch it out...a bit). Scary, isn't!
(Internal memo: great job guys, holding those fixes back worked a treat; nah, don't worry about the ones that were being exploited in the meantime, they deserve that for not helping enough to buly the holdouts)
If I may: whoooosh.
Yes, 10 *will* get them. Precisely. And they'll be the last freebies.
The point was (and please forgive me, all those who understood this already):
Everyone will see a long, long list of patches (quite a bit longer than usual) - and then Win 10 holdouts can be told "Aren't you lucky we didn't stop last month, or you would have missed *all* of these and be in trouble right now. Imagine how dangerous it is going to be for you come November!" (Rattles tin for your money, or your backups, and waves juicy Win'11 installer as an alternative).
Then I am implying that this was a deliberate ploy by Microsoft.
.
This post has been deleted by its author
Meantime my Debian 13 system with CUDA stack and Docker services (which I was _not_ able to replicate under WIndows 11 when I ran that OS) has had maybe two dozen package updates over the past two weeks, including one kernel update and mostly stuff like the relatively frequent Google Chrome updates. I didn't see anything that looked like it was too low-level to be a major security gap except for Chrome itself, as it scans the internet live and is most vulnerable of my applications to any form of attack.
I rebooted in under 20 seconds for the kernel upgrade and CUDA stack updates that came out during that period; the rest were userland updates that a relogin could resolve.
*cracks knuckles*
Nope. No regrets about leaving the Microsoft Hellscape behind...
"as you have already backed up your Windows settings, you are eligible for free ESU until Oct 2026". After pressing the enroll button on "updates" page.
Bit of a surprise but OK. I had thought I needed to "chat with the AI" to qualify. Turns out I just needed to backup a few files to OneDrive, using the official tool.
In that case, GRUB really just chainloads the windows bootloader and windows doesn't come with a meaningful amount of GNU packages (windows comes with enough libraries to provide a "working" computer).
Meanwhile, the kernel, Linux doesn't even provide a bootloader (although there are separate bootloader projects that have "Linux" in the project name), nor any usable libraries - you need to add a base of GNU, or an inferior GNU clone like BusyBox to get a working computer.
It seems that windows may in fact come with some GNU packages under a version of the Lesser GPLs, as well if you go to; Settings > System > About > Read the Microsoft Software License Terms or https://learn.microsoft.com/en-us/windows/iot/iot-enterprise/eula/license_en-us_english_united_states.pdf you'll see;
"you may not (and you may not permit any other person or entity to ... reverse engineer, decompile, or disassemble the software, or attempt to do so, except and only to the extent that the foregoing restriction is ... required to debug changes to any libraries licensed under the GNU Lesser General Public License that are included with and linked to by the software".
Also, certain versions of windows were developed with GNU packages like GNU make for the buildsystem (until that was replaced with microsoft's internal garbage buildsystems that makes it a nightmare to add a drop-down to settings for example).
If you want to really stretch it, you could say that windows 10 is GNU based, but that'll disappoint people if after hearing that, they decide to look for the GNU/Freedom in windows 10 and find none.
I find it absolutely fascinating that nobody asks why -after what must now be in the terabytes worth total of patches- it still has problems every. single. month?
You would not buy a car that needed service every month, so why do we find this acceptable for software that must keep our business running (well, more or less, but that's a separate debate)?
"You would not buy a car that needed service every month"
Back when I drove stupidly high mileages, my car needed a service every month. Well, every two months, but the oil change was required every month. Mostly because the service interval was 9000 miles and the oil change interval was 4,500 miles, which was pretty poor even for the time. But it was a company car, so not my problem, not my bills, and I got a hire car every time it went into the dealer for service. But yes, my boss bought a fleet of them. Luckily only a very few of us drove so much we needed a car service every month :-)
Errm, not sure that analogy serves you well.
You don't need to get modifications to your car, anymore than you do to your monitor or keyboard.
But you DO need the road surface to be modded regularly, especially when a hole is dug in it by malicious actors (AKA the water board)
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
