Language Selection

English French German Italian Portuguese Spanish

Faulty M$ Update Rekindles Patch Quality Concerns

Filed under
Microsoft

For Microsoft, delivering high-quality security patches in a timely manner has always been a lose-lose predicament.

If patches for major software vulnerabilities take too long, customers are at the mercy of zero-day threats. When patches are rushed out without proper quality assurance testing, they invariably become a system administrator's worst nightmare.

Earlier this week, when Microsoft Corp. announced plans to re-release a "critical" bulletin because of patch quality problems, the move triggered a new round of eye-rolling among security research pros.

The bulletin, MS05-019, first released in April, contains patches that have caused major connectivity problems for network administrators.

The connectivity errors range from the inability of Exchange servers to talk to their domain controllers; failure of domain controller replication across WAN (wide area network) links; and inability to connect to terminal servers or to file share access.

Microsoft also acknowledged that networking programs that send TCP packets or UDP packets over raw IP sockets "may stop working" after the security update is applied on a computer running Windows XP SP1 (Service Pack 1).

A knowledge base article has been posted to highlight the problems, and hotfixes have been offered to provide temporary respite, but despite Microsoft's insistence that the problems affect only a small number of customers, security experts said the re-release of a high-severity bulletin points to a weakness in Microsoft's patch creation process.

"A hotfix for a patch? I hope it works properly, or what's next? A hotmend for the hotfix for the patch?" asked Corey Nachreiner, a network security analyst at WatchGuard Technologies Inc.

In an interview with Ziff Davis Internet News, Nachreiner said some of his company's clients have complained that the patches have broken VPN connections, a problem he described as "a big deal" for the SMB (small and medium-sized business) market segment.

Because the patch is rated critical by Microsoft, Nachreiner said he cannot recommend uninstalling the patch.

"It means that a lot of customers are scrambling to get hotfixes to keep their systems connected."

Officials at Microsoft insisted the company is doing "far more for this one than necessary" to help ensure every customer has the most recent changes to the update.

Full Story.

More in Tux Machines

Arch Linux – Kde Plasma 5.3 stable is finally available for installation

Great news for Arch Linux users! From a few minutes, Kde Plasma 5.3 stable packages are officially available on Arch Linux repositories. In fact, after running the pacman -Syu command I finally noticed, listed on my terminal, the new packages of Plasma 5.3.0 with all the relative dependencies. Read more

Linux 4.1-rc2

So the -rc2's have lately been pretty small - looking more like late -rc's than early ones. It *used* to be that I couldn't even post the shortlog, because it was just too big. That's not been the case for the last few releases. I think people tend to take a breather after the merge window, because the -rc3's tend to then be a bit bigger again. But it may just also be that I've just gotten much better at saying "the merge window is over, I'm not taking random stragglers", or that people are just getting better at keeping to the merge window. Whatever the reason, the time of huge -rc2's seems to be happily behind us. Read more

GNOME 3.17.1 released

Hi GNOMErs! The development of the next GNOME release, 3.17, has started, and the first snapshot, 3.17.1, is now available. To compile GNOME 3.17.1, you can use the jhbuild [1] modulesets [2] (which use the exact tarball versions from the official release). [1] http://library.gnome.org/devel/jhbuild/ [2] http://download.gnome.org/teams/releng/3.17.1/ The release notes that describe the changes between 3.16.1 and 3.17.1 are available. Go read them to learn what's new in this release: core - http://download.gnome.org/core/3.17/3.17.1/NEWS apps - http://download.gnome.org/apps/3.17/3.17.1/NEWS The GNOME 3.17.1 release is available here: core sources - http://download.gnome.org/core/3.17/3.17.1 apps sources - http://download.gnome.org/apps/3.17/3.17.1 Read more