Language Selection

English French German Italian Portuguese Spanish

Faulty M$ Update Rekindles Patch Quality Concerns

Filed under
Microsoft

For Microsoft, delivering high-quality security patches in a timely manner has always been a lose-lose predicament.

If patches for major software vulnerabilities take too long, customers are at the mercy of zero-day threats. When patches are rushed out without proper quality assurance testing, they invariably become a system administrator's worst nightmare.

Earlier this week, when Microsoft Corp. announced plans to re-release a "critical" bulletin because of patch quality problems, the move triggered a new round of eye-rolling among security research pros.

The bulletin, MS05-019, first released in April, contains patches that have caused major connectivity problems for network administrators.

The connectivity errors range from the inability of Exchange servers to talk to their domain controllers; failure of domain controller replication across WAN (wide area network) links; and inability to connect to terminal servers or to file share access.

Microsoft also acknowledged that networking programs that send TCP packets or UDP packets over raw IP sockets "may stop working" after the security update is applied on a computer running Windows XP SP1 (Service Pack 1).

A knowledge base article has been posted to highlight the problems, and hotfixes have been offered to provide temporary respite, but despite Microsoft's insistence that the problems affect only a small number of customers, security experts said the re-release of a high-severity bulletin points to a weakness in Microsoft's patch creation process.

"A hotfix for a patch? I hope it works properly, or what's next? A hotmend for the hotfix for the patch?" asked Corey Nachreiner, a network security analyst at WatchGuard Technologies Inc.

In an interview with Ziff Davis Internet News, Nachreiner said some of his company's clients have complained that the patches have broken VPN connections, a problem he described as "a big deal" for the SMB (small and medium-sized business) market segment.

Because the patch is rated critical by Microsoft, Nachreiner said he cannot recommend uninstalling the patch.

"It means that a lot of customers are scrambling to get hotfixes to keep their systems connected."

Officials at Microsoft insisted the company is doing "far more for this one than necessary" to help ensure every customer has the most recent changes to the update.

Full Story.

More in Tux Machines

UBOS -- a new Linux distro for personal servers and IoT devices

UBOS is a new Linux distro that aims to make it 10x easier to run server-side apps for yourself, or for your family, on hardware you own. Why give your valuable data to Google or some other data overlord, if you can keep it under your own control? All you need is a spare (physical, virtual, or cloud) computer that can run Linux. UBOS automates much of the administration, so you can get on with life. Want to use ownCloud instead of Dropbox? Shaarli instead of delicious? An RSS reader or an Internet-of-Things app? UBOS makes installation and maintenance easy and quick.

Slovak statisticians rely on open source for voting machines

The Slovak Republic’s Bureau of Statistics has used PCs running Ubuntu Linux for recording votes in the country’s municipal election on 29 November. Using open source saves money, says Štefan Tóth, Director Geneŕal of Informatics Section at the agency. For the bureau’s IT system administrators, Ubuntu proves easier to maintain and configure, and the software also withstands malware attacks better than the proprietary alternative, director Tóth confirms Read more

Users Can Backup Linux Systems with Clonezilla Live 2.3.1-18

Clonezilla Live, a Linux distribution based on DRBL, Partclone, and udpcast that lets users perform bare metal backup and recovery with very little effort has been upgraded to version 2.3.1-18 and is now ready for download. Read more

KDE Applications 14.12 - New Features, Frameworks Ports

Today KDE released KDE Applications 14.12, delivering new features and bug fixes to more than a hundred applications. Most of these applications are based on KDE Development Platform 4 but the first applications have been ported to KDE Frameworks 5. Frameworks is a set of modularized libraries providing additional functionality for Qt5, the latest version of the popular Qt cross-platform application framework. KDE app dragons This release marks the beginning of a new style of releases replacing the threesome of KDE Workspaces, Platform and Applications in the 4 series which ended with the latest KDE Applications update last month. Read more