Two Microsoft Patch Concerns

Expand Post »

Various internet sources are reporting two Microsoft patch concerns -- a failed "real" patch released by Microsoft, and a third party assembling various hot-fixes, and calling them "Windows XP SP3 Preview Pack".

There is no official "Windows XP SP3"... the third party preparing them clearly mentions that on their website, but it is very tempting for people to go there, and grab the update, and install it. Windows is a flawed operating system that requires local administrator authority to run all of the software, so not even compaines can protect themselves at the local machine level from having users improperly installing these patches, and possibly further corrupting the computer.

Microsoft's Mike Brannigan wrote stating, "The hotfixes are not as rigorously tested at public released ones." "Installing all the 'privates' may make your machine LESS stable and will also put you out of support from Microsoft or an OEM as you are installing incorrectly issued private hotfixes."

But Mike's assertion that released hotfixes are 'rigorously tested' may be a misnomer too: Microsoft for the second time in three months has issued a critical buggy patch. Mike Reavey of Microsoft's Security Response Center wrote "Yes we are aware of some of the information floating around about problems after installing the MS05-051 update on Windows 2000 systems." Reported problems include problems with the Windows Firewall product, users seeing a blank screen after installing the patch, and other strange behaviors, especially on Windows 2000 systems.

This is why companies NEED to test patches with a small representative group of machines before the patch is widely implemented within a corporate environment -- if the patch causes systems to crash & burn, then only a handful or so of people are out of luck, instead of the whole corporate computing environment. And this is also why people putting together un-official patches together on websites is such a dangerous situation -- IT departments might not have any clue on what really exists on the corporate workstation.

Yuck.

Similar Threads

Lost data, iTunes, external harddrive concerns!! in Windows NT / 2000 / XP
Language patch in Visual Basic 4 / 5 / 6
patch-ethereal in Linux Kernel and Hardware Setup
Viruses exploit Microsoft patch cycle in Viruses, Spyware and other Nasties

kc0arf

Team Colleague

Reputation Points: 121

Solved Threads: 57

Posting Virtuoso

Offline

1,629 posts
since Mar 2004

Permalink

Oct 19th, 2005

Re: Two Microsoft Patch Concerns

I must admit I'm finding some of this rather odd.

Let's look at it a different way, perhaps? Let's begin by accepting the 'reality' of the Windows/x86 computing world - it's a really flexible one, with an almost infinite number of potential combinations of hardware components and software installations, and it isn't bullet proof. We all know that, right?

So sometimes, not all the time but sometimes, shit happens, even in relation to 'bug fixes'. It's a shame that it does, we all wish it didn't, but in reality it's a much, much smaller problem than the complaints would lead us to believe but, let's face it, complaints are always the loudest voices. and as said, let's face it, we all know it happens.

So we should be aware of it, and that's the job of the IT department isn't it?

Why is it such a problem that twice in 3 months Microsoft has released a 'buggy' patch when the bug only actually affects some systems? It's the job of the IT department to check that it actually DOES work withoput any sign of problems on their equipment isn't it, because, after all, we DO know that sometimes shit really can happen? Given the complexity of system configurations it needs to address, and the nature of Windows itself I'd not only think that 2 security updates in 3 months which cause problems on a few machines is more than we usually see but that it's also not really too bad in itself. After all, the IT department was supposed to check that everything was OK, and was able to uninstall it again in the event of unforeseen problems, wasn't it?

Hell, I sorta take that approach on my own home office network of a handful of systems, and I'd like to think that someone responsible for hundreds of systems would be even more vigilant and careful than myself.

OK, so once every long while there's a 'bug' and on some small number of systems an uninstall just doesn't correct the problem! Fate's a *******, and I guess in that event a few other people think "Glad you've uncovered that one, shame about the problems it caused you!"

It IS Windows, after all, and we all should know by now that while everything's pefectly fine most of the time, every once in a while there just might be a hiccup!

Okay, so that was a rant. But it had a point. When the complaints about Microsoft not being careful enough roll in, just what is it that people expect? To expect that Microsoft will test every update on every possible combination of hardware and software in existence is asking the impossible. To expect that Microsoft will release a 'patch' that's somehow going to make Windows bullet-proof is ridiculous. windows is what it is and we put up with it because changing to something else would create absolute bloody chaos. A bulletproof Windows is a completely different product, not a 'fixed up' one, and would be built on completely different fundamental principles!

Right, I've 'slammed' the microsoft-slammers, now let me slam Microsoft myself, over that 'not tested properly' third-party 'Service Pack'.

We reported here on one of those a while back, which was made available at MajorGeeks. Sorry, MS, but those claims that it's 'not tested' just don't hold water. All of the 'fixes' contained in it come from your own website - some of them you're confident enough to have linked in Knowledge Base articles, some of them you make available on request to 'fix' specific problems, all of them have merely been collected together and made available for download in an archive collection. You're really only pissed off because people aren't going through MS downloads to get them! They're not an automatic install of the entire bundle, people still need to check them individually to ensure they're suitable, I'm damned if I know what you're whinging about!

And yes - they'll pretty much all end up in Service Pack 3 when that's released, sometime next year, and I'll warrant that the only further 'testing' you do is monitor the feedback in case someone, somewhere, strikes a problem when using some of them! You've already done all the blasted testing you're going to do, or you wouldn't have made them available in the first place!

Catweazle

Team Colleague

Reputation Points: 229

Solved Threads: 149

Grandad

Offline

3,826 posts
since Mar 2004

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.

Previous Thread in IT Professionals' Lounge Forum Timeline: Cisco updates endpoint security technology

Next Thread in IT Professionals' Lounge Forum Timeline: Sometimes IT just gets dreary!

DaniWeb Message

Cancel Changes

User Name
Password