What Might Have Gone Wrong with Microsoft’s Delayed Security Updates

Place you can talk about other things not related to autopatcher.
User avatar
Whatacrock
Release Maintainer
Release Maintainer
Posts: 1871
Joined: Mon Oct 28, 2013 10:47 am
Location: Australia
Contact:

What Might Have Gone Wrong with Microsoft’s Delayed Security Updates

Postby Whatacrock » Wed Feb 15, 2017 9:26 am

What Might Have Gone Wrong with Microsoft’s Delayed Security Updates

Microsoft delayed Patch Tuesday updates for what seems to be the first time ever, but the company hasn’t provided any information on what exactly went wrong, saying instead that all updates would be released to Windows systems at a later time.

Redmond explained in a short statement that it discovered a “last-minute bug” that could have caused issues for a number of customers, so because it didn’t want to take any risks, it decided to delay the Patch Tuesday rollout completely until a fix is developed.

As far as the reasons for the delay are concerned, there’s a lot of speculation online and many people believe that it was all caused by Windows 10 cumulative updates. And it’s no wonder why users blame these updates.

Cumulative updates caused quite a lot of issues on Windows 10 systems in the past and many of them failed to installs on specific PCs, so users believe that Redmond discovered a similar bug and decided to hold back the release to fix it.

And yet, there’s a good chance that cumulative updates are not the ones to blame for this delay, but an infrastructure bug. As Shavlik’s Chris Goettl says, Microsoft’s increasing focus on cumulative updates makes it impossible for the company to pull just a single patch, as all fixes are included in a single pack, so holding back the entire rollout becomes the only option.

“Before the cumulative update model, a single patch could be pulled from the release without impacting the entire Patch Tuesday release. Now, speculation as to if this was an issue with one of the cumulative updates that caused this delay is not entirely unfounded, but thinking about this, if it were one update that was broken Microsoft could release everything else. The fact is Microsoft didn’t release anything, which sounds more like an infrastructure issue,” he says.
"Issues caused by new update model?"

Starting this month, Microsoft also planned to replace its existing update system with a new one that would no longer include single patches, and there’s a chance that this change caused the delay.

Amol Sarwate of Qualys says this makes it impossible for Microsoft to push Patch Tuesday fixes to Windows computers if it discovers a bug in just one of the updates.

“This comes on the heels of the announcement that individual patches will not be available as they will be bundled together in the monthly Security update or monthly Cumulative update. If there is a problem in the patch for one kernel vulnerability for example, then all kernel or related vulnerabilities cannot be released as they are bundled together,” he says.

At this point, there is to ETA as to when Microsoft is supposed to ship this month’s updates, but some sources claimed Microsoft was at least considering the next Tuesday. We’re guessing Microsoft could release the updates sooner if the fix is ready by Tuesday, but expect a notification to be published before the rollout begins.

http://news.softpedia.com/news/what-mig ... 2954.shtml
"Now if you Sons of B*@ches got anything else to say, NOW'S THE F@#%ING TIME!!"

User avatar
Whatacrock
Release Maintainer
Release Maintainer
Posts: 1871
Joined: Mon Oct 28, 2013 10:47 am
Location: Australia
Contact:

Re: What Might Have Gone Wrong with Microsoft’s Delayed Security Updates

Postby Whatacrock » Thu Feb 16, 2017 8:32 am

Microsoft’s February Security Updates to Launch in March


Microsoft has confirmed in a post that this month’s security updates would launch in March, as the February 2017 Patch Tuesday was delayed due to a last-minute bug.

Originally, Microsoft said it decided to hold back the release of new updates because of issues that it didn’t want to disclose, and although it was believed that all patches could go live next Tuesday, the firm says this is not the case.

Instead, Microsoft will release all updates on the next Patch Tuesday cycle taking place on March 14, as the company explains in an update to the original post.

“We will deliver updates as part of the planned March Update Tuesday, March 14, 2017,” the firm said today without providing any other information on what went wrong.

“Our top priority is to provide the best possible experience for customers in maintaining and protecting their systems. This month, we discovered a last minute issue that could impact some customers and was not resolved in time for our planned updates today. After considering all options, we made the decision to delay this month’s updates. We apologize for any inconvenience caused by this change to the existing plan,” Microsoft also explained in the original announcement.
"Zero-day flaw with public exploit code"

The worst thing right now is that the delay of Patch Tuesday to March 2017 means that the company won’t release a patch for the zero-day SMB vulnerability whose exploit code has already been posted online.

According to the US-CERT, the SMB security flaw is already being exploited by cybercriminals, and there is no 100 percent effective workaround, with security experts previously pointing out that a Microsoft patch was absolutely mandatory to keep users secure.

Without such a patch, users remain vulnerable for one more month, and the existing workaround involves blocking outbound SMB connections (TCP ports 139 and 445, along with UDP ports 137 and 138) from the local network to the WAN.

http://news.softpedia.com/news/microsof ... 2990.shtml
"Now if you Sons of B*@ches got anything else to say, NOW'S THE F@#%ING TIME!!"

themadkansan
Posts: 44
Joined: Tue Jan 07, 2014 8:25 am

Re: What Might Have Gone Wrong with Microsoft’s Delayed Security Updates

Postby themadkansan » Thu Feb 16, 2017 4:24 pm

"OK boys and girls - can you say 'software monopoly'?"

"We Are Soooooo Fucked..."

"Very good!"

[/snark]


Return to “Other”

Who is online

Users browsing this forum: No registered users and 1 guest