ie8 fix
madison

Zero Day

Ryan Naraine, Emil Protalinski and Dancho Danchev
Home / News & Blogs / Zero Day

Patch Tuesday heads-up: Critical MS Office patches coming

By | November 5, 2009, 1:11pm PST

Summary: Microsoft plans to release six security bulletins next week to fix at least 15 serious vulnerabilities that could expose Windows users to malicious hacker attacks.

Microsoft plans to release six security bulletins next Tuesday November 10 to fix at least 15 serious vulnerabilities that could expose Windows users to malicious hacker attacks.

According to Microsoft’s advance notice for this month’s Patch Tuesday, the updates will address gaping holes in the Windows operating system and the Microsoft Office productivity suite.

Three of the six bulletins will be rated “critical,” Microsoft’s highest severity rating.  The other three will be rated “important.”

According to the Redmond, Wash. software maker, the Windows OS vulnerabilities affect Windows 2000, Windows XP, Windows Vista and Windows Server 2003 and Windows Server 2008.

The code execution holes affecting Microsoft Office will apply to Office XP, Office 2003 and the 2007 Office System.

The bulletin will also include patches for serious holes in the Microsoft Excel spreadsheet program.

Microsoft Office for Mac is also affected.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Patch Management, Microsoft Corp., Microsoft Windows, Microsoft Office, Operating Systems, Software, Office Suites, Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.

Disclosure

Ryan Naraine

The most important disclosure is of my employment with Kaspersky Lab as a member of the global research and analysis team. Kaspersky Lab is a global company specializing in anti-malware and secure content management technologies. I do not own stocks or other investments in any technology company.

Biography

Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content management technologies.

Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine's and Web site's coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media's internetnetnews.com.

Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan's activities, follow him on Twitter.

49
Comments
Add Your Opinion

Join the conversation!

Just In

RE: Patch Tuesday heads-up: Critical MS Office patches coming
efsane Updated - 8th Apr 2011
Great!!! thanks for sharing this information to us!
sesli sohbet sesli chat
View in thread
0 Votes
+ -
Office for Mac also affected...
Fred Fredrickson 5th Nov 2009
So where are the rants from Windows zealots who scream blue murder every time there's a patch for possible exploits of iTunes on Windows?

Oh, that's right, faulty Microsoft software on OS X must be Apple's fault. Forgot that.
0 Votes
+ -
Marketing
honeymonster 5th Nov 2009
Microsoft has not built a marketing campaign on
ridiculing Apple's OS X abysmal security.

Apple has built a marketing campaign on
ridiculing Windows security.

That is the difference, see?

When Apple chooses to do so and at the same
time is the vendor of one of a Windows product
with numerous and very severe security bugs,
they open themselves up to criticism.

Everybody know that building totally
invulnerable software is neigh impossible, at
least if it has to be affordable and available
to the market before the sun burns out. That is
why Microsoft don't beat the security drums.

When Apple does so and at the same time
contributes to the instability and insecurity
of the platform they attack, it is bordering
recklessness.

OS X vulnerabilities still outnumber Windows
vulnerabilities 3 to 1. Despite clever and smug
marketing, OS X is still much more vulnerable
than Windows.
0 Votes
+ -
microsoft propaganda detected
ljenux-23043766007667558234416105604265 5th Nov 2009
OS X has excellent security, based on BSD.

this is a piece of not-so -well-hidden microsoft propaganda
0 Votes
+ -
Specifics, please
honeymonster 6th Nov 2009
The "excellent" security that OS X inherits
from BSD, what exactly is that?

Or is that just propaganda?

OS X has more vulnerabilities, more-risk days,
is patched slower and has fewer and less
efficient anti-exploits mechanisms.

OS X has more ( the most )
vulnerabilities.

http://www-
935.ibm.com/services/us/iss/xforce/trendreports
/xforce-2008-annual-report.pdf
Read most vulnerable operating systems .
That's right. OS X has 3 times more
vulnerabilities compared to Vista. Ugh.

The raw vulnerabilities:

http://secunia.com/advisories/product/96/
http://secunia.com/advisories/product/13223/

Apple OSX vulnerabilities: 1038
MS Vista vulnerabilities: 140
MS Windows XP vulnerabilities: 289.

OS X has fewer and less efficient anti-
exploit mechanisms

Apple's Mac OS 'lagging behind Vista on
security':
http://software.silicon.com/malware/0,380000310
0,39501473,00.htm

(Charlie Miller should now, he's the one who
keeps taking down macs at pwn2own - and he is a
mac user himself!)

What?s Missing and What?s New in Snow Leopard
Security Enhancements:
http://blog.intego.com/2009/08/31/whats-
missing-and-whats-new-in-snow-leopard-security-
enhancements/

More risk days

Apple again, again and again lets delays
patches while vulnerability information is in
the open and Mac users exposed with no
mitigation.

http://arstechnica.com/apple/news/2009/06/apple
-finally-issues-patch-for-critical-java-
vulnerability.ars

Apple let that particular Java vuln site for 6
months while all other platforms had been
patched and vulnerability information was in
the open.

Because of the way Apple assembles OS X from
many open source components, Apple is
notoriously late to patch when those components
are patched elsewhere. That goes for example
for libxml. At any one time you can find good,
exploitable vulnerabilities simply by comparing
version numbers of OS X libraries with those at
the source.

The propaganda is entirely coming from Apple.
And you fell for it! The have successfully made
an army of fanbois believe a blatant lie.
0 Votes
+ -
blah blah...nothing but microsoft propaganda lies
ljenux-23043766007667558234416105604265 6th Nov 2009
statistics is the biggest lie.

and you are using so called "relevant" statistics, nothing but lies, dirty lies.

microsoft is paying and has payed many research reports that will prove this and that, but how many viruses are for windows and for OS X?

you cannot hide truth with statistics.

by the way, i'm not buying into Apple lies, i don't prefer Apple but linux/BSD
0 Votes
+ -
Wow, that is some really mature arguments
honeymonster 6th Nov 2009
Glad you don't stoop to childish dismissals.

Nice to meet someone who is not afraid of re-
evaluating their opinion when faced with
inconvenient facts.

Thanks.
0 Votes
+ -
I can't blame him
Wintel BSOD 8th Nov 2009
Considering you feel so threatened by a minority operating system.
0 Votes
+ -
ljenux: "I object!"
Mew-shew 8th Nov 2009
Judge: "Why?"
ljenux: "Because it's devastating to my case!"

Really honeymonster... How dare you infect this hallowed ground with your facts and statistics. I mean, presenting a logical argument that accurately debunks the premise of the opposing argument, what's with that?
0 Votes
+ -
Another deflection away from Patch Tuesday
Wintel BSOD 8th Nov 2009
But go on. Defend the indefensible. Tell us how wrong Ryan Naraine's story really is.
0 Votes
+ -
Indefensible?
Mew-shew 8th Nov 2009
Patching is what responsible operating system/application vendors do right?

Vulnerabilities should be patched. Microsoft products have vulnerabilities. Once a month Microsoft releases patches for these vulnerabilities.

To be honest I'm strugging to see where "defending the indefensible" applies here. I know you're a troll, but I enjoy pointing out the nonesense regardless.
0 Votes
+ -
Yes, indefensible
Wintel BSOD 8th Nov 2009
I don't see anywhere where Ryan mentioned Linux in his article. Do you?

Only when honeymonster does his usual insecurity mode deflection does Linux come up.

But then, none of these Patch Tuesday bonafide exploits affect Linux, now do they...

Hmmmm? wink
0 Votes
+ -
So you're arguing that Windows is indefensible...
Mew-shew 8th Nov 2009
...because honeymonster mentioned linux.

That's loopy.

"Defend the indefensible. Tell us how wrong Ryan Naraine's story really is."

The implication here is, if Ryans story is accurate, Microsoft is at fault and therefore the MS-apologists would need to defend it. The problem is that Ryans story is accurate, and guess what? There's no reason to defend Microsoft. They are taking the appropriate action to maintain the integrity of the product.

I'm not defending MS. I'm pointing out the stupidty of the comments being made here. How could I defend MS, when there is yet to be a valid criticism leveled at it in this thread?

If you don't like Windows, thats cool. I totally get it. Each to their own. But if you're going to openly criticise MS and it's products you should try to have some knowledge of the subject matter, and actually come up with an argument based on accurate information.
0 Votes
+ -
@Mew-shew
honeymonster 8th Nov 2009
"So you're arguing that Windows is
indefensible because honeymonster mentioned
linux."

The irony is... I did not mention Linux. I have
been going over my posts and looked for it, but
I didn't mention Linux. Apple and BSD, yes -
since that was the post I was originally
responding to. But not Linux.

0 Votes
+ -
Nope, your missing my point
Wintel BSOD 9th Nov 2009
The implication here is, if Ryans story is accurate, Microsoft is at fault and therefore the MS-apologists would need to defend it. The problem is that Ryans story is accurate, and guess what? There's no reason to defend Microsoft. They are taking the appropriate action to maintain the integrity of the product.

If that's truly the case, then why bring up red herrings like Linux, Apple or BSD in the first place? Looks like you all were out the front gate from the beginning.

Given honeymonster's track record here, you can substitute Apple for Linux or vice versa for BSD. They all mean the same to him. One big pile of FUD to spread.

I'm not defending MS. I'm pointing out the stupidty of the comments being made here. How could I defend MS, when there is yet to be a valid criticism leveled at it in this thread?

Yeah, three of those patches are corrections from October's Patch Tuesday:

"Andrew Clarke, senior VP at patching specialist Lumension, reckons three of the updates due out of Tuesday may also be aimed at tackling glitches with the October patch batch.

"Microsoft is delivering three critical patches and three important patches, none of which impact Windows 7," Clarke said. "Three of the November patches, however, appear to be updates to or re-releases of patches that were issued last month including Live Communications Server 2005 and Office Communications Server 2007, as well as scenarios involving the usage of Windows Server Update Services or running Microsoft Office Access Runtime 2003."

http://www.theregister.co.uk/2009/11/06/ms_nov_patch_tuesday/

In other words, they screwed it up the first time.

Maybe they'll get it right this time, huh... lol... grin
0 Votes
+ -
This is hilarious
Mew-shew 9th Nov 2009
If that's truly the case, then why bring up red herrings like Linux, Apple or BSD in the first place?

This "But you mentioned Linux, Apple or BSD" line seems to be a one-size-fits-all response to any argument in your world. It's pretty funny really, because it consistantly fails to engage the actual subject matter that is the souce of the discussion.

You might as well be saying "I don't understand, but I disagree anyway."
0 Votes
+ -
Your conclusions are faulty
Fred Fredrickson 6th Nov 2009
If you want to do an proper analysis of operating system security, first
establish the criteria to be used to define "secure", then set about
measuring it.

The secunia reports that you cite state:

"PLEASE NOTE: The statistics provided should NOT be used to
compare the overall security of products against one another. It is
IMPORTANT to understand what the below comments mean when
using the statistics, especially when using the statistics to compare
the vulnerability aspects of different products."

In other words, the statistics should not be used for simplistic
comparisons of product security.

Your "analysis" of the IBM paper you cite is similarly flawed, the data
on vulnerabilities is based on disclosed vulnerabilities (page 40).
So the higher number of disclosed Mac OS X vulnerabilities could be
the result of greater diligence at finding them, or more honesty in
reporting them, or including a wider range of components in the OS,
or a number of other reasons.

Some of the vulnerabilities are extremely obscure (e.g. one was in the
font utility for X11, I would guess that less than 0.1% of OS X installs
are actually running X11), so a component of the overall measure
should include possibility that a typical user (say one with default
settings from a standard install) might be compromised.

The fact that the Java vulnerability was unfixed for 6 months is
certainly not good, but does not necessarily reflect on the overall
security of the OS - that depends on the criteria for "secure". There
was no known exploit and there was a very simple preventative
measure to take in the meantime (turn off Java support in your
browser).

You might decide to measure security based on actual exploits in the
wild, or number of machines actually compromised over a certain
period. Not sure OS X would come out worst if either of those were the
primary criterion for "secure".
0 Votes
+ -
Nope
honeymonster 6th Nov 2009
I made sure to cite multiple sources. The
"crunched" data by a respectable company (IBM)
in a report which MS did not pay for
shows the same tendencies as the raw data.

Your disclosed remark is ridiculous. Of
course the report is based on disclosed
vulnerabilities, otherwise they would not be
known to anyone. Are you somehow suggesting
that Microsoft keeps vulnerabilities secret?

Microsoft has a policy of disclosing *all*
patched vulns. They are not doing so for the
benefit of statistics but (like this bulletin)
to empower sys admins to make informed
decisions. They want to know exactly what would
be the consequence of *not* allowing a patch.
yes, some sys admins will value system
stability (fewer patches) over security if the
security implications does nor concern them.

If there is any under-counting going on it is
with Linux and OS X.

In case of Linux Linus Torvalds himself has
stated pretty clearly that he doesn't report
security bugs. He just fixes them.

In the case of Apple you can go through their
bulletins and watch just how many
"vulnerabilities" is actually "multiple
vulnerabilities" in a 3rd party library.
Counted as 1 OS X vuln.

If OS X vulnerabilities suddenly shot up you
could claim that it was a concerted effort in
rooting them out. But it has been like this
for the last 3 years at least . 3 years
concerted effort, all while releasing 2
versions of OS X? BS.

And the systemic problem remains: Often 3rd
party libraries are patched and Apple needs to
start working them into OS X. Until Apple is
ready with a patch, their customers are left
hanging out there with known and disclosed
vulnerabilities.

And you can not find a single security
analyst/researcher who will claim that OSX has
better anti-exploit mechanisms and better
security. In fact, they unanimously point to
Microsoft SDL and the better security in
Windows.
0 Votes
+ -
Are you trotting out that IBM FUD report again, @honeymonster?
Wintel BSOD 8th Nov 2009
The one even you don't believe...

lol.... grin
0 Votes
+ -
That "FUD" report
honeymonster Updated - 8th Nov 2009
Happens to be one of the most respected
publications in the security industry. From a
company who does NOT sell Windows security
software, unlike "reports" from Sophos et. el.

But even so I made sure to mention the data
source. I provided links so that you wouldn't
have to go search. The data clearly show the
same tendencies as IBM reported.

It may not coincide with your preconceived
conclusions, but that alone does not make it
FUD.
0 Votes
+ -
No no no
Mew-shew 8th Nov 2009
The security of an operating system should be measured by how exploitable it is. Not how many exploits exist.

"Windows is not as secure as OSX because there are more viruses written to attack Windows"

Seems fine? Apply the same logic to a different premise...

"The US Military Defence is not as robust as that of New Zealand, because there are more nations who would might try to attack the U.S.A"

Pretty ridiculous logic isn't it?
0 Votes
+ -
Bull
Wintel BSOD 8th Nov 2009
The security of an operating system should be measured by how exploitable it is. Not how many exploits exist.

Bull. You can preach the theory of the universe around here but that doesn't make it fact.

Of course one could also infer that Micro$oft is incapable of getting real with how exploitable their OS is. Right? wink

Seems fine? Apply the same logic to a different premise...

Only the premise that you want to fit with your own agenda.

Pretty ridiculous logic isn't it?

Is it? I don't see that New Zealand statement written anywhere in that post of Fred's that you directly responded to.

Sounds like your lost in the tree somewhere.
0 Votes
+ -
Fair enough...
Mew-shew 8th Nov 2009
Of course one could also infer that Micro$oft is incapable of getting real with how exploitable their OS is. Right?

Absolutely, I don't believe that it's true, but you could totally infer that if you wanted to. And if you did you would also need to accept that other operating systems, OSX for example, are even more exploitable. Given this fact, you probably don't want to go down that road.

Only the premise that you want to fit with your own agenda.

You clearly don't understand. I am not "defending MS" so much as I am pointing out the flaws in this logic. If maintaining the place of logic in arguments is "my agenda", then sign me up. I'll wear the T-shirt.

x is less secure than y, because x is the target of more attacks

As you can plainly see, this is not a logical argument. The example stated is useful because it takes the same logic and applies it to a more extreme situation. In this light the flaws in the logic become more evident. It's not any more or less valid in the example. The flaw (that for some reason is invisable to you) is simply easier to see.

I don't see that New Zealand statement written anywhere in that post of Fred's that you directly responded to.

Clearly you missed this line Apply the same logic to a different premise...
0 Votes
+ -
Very good example, Mew-shew
honeymonster 8th Nov 2009
Although I'm afraid that as long as it doesn't fit
with preconceived conclusions, it will just be
dismissed.

This as nothing to do with logic, really.
Everything to do with a monthly chance to feel
part of a group by agreeing on a Satan.

Feelings, not logic.
0 Votes
+ -
Is it 'fair' enough?
Wintel BSOD 9th Nov 2009
Absolutely, I don't believe that it's true, but you could totally infer that if you wanted to. And if you did you would also need to accept that other operating systems, OSX for example, are even more exploitable.

But I don?t accept that it?s "more exploitable". The threats out there in the wild just don?t back up that statement.

Given this fact, you probably don't want to go down that road.

Sure I do. You can take the response from Apple right from their mouths.

http://www.appleinsider.com/articles/09/03/19/mac_security_researcher_wins_pwn2own_contest.html

And let?s not forget the top 10 things to consider when it comes to CanSecWest

http://www.roughlydrafted.com/2008/03/29/mac-shot-first-10-reasons-why-cansecwest-targets-apple/

You clearly don't understand. I am not "defending MS" so much as I am pointing out the flaws in this logic. If maintaining the place of logic in arguments is "my agenda", then sign me up. I'll wear the T-shirt.

Are you saying you don?t have an agenda here? That you are 'clearly unbiased'?

lol... grin

As you can plainly see, this is not a logical argument. The example stated is useful because it takes the same logic and applies it to a more extreme situation. In this light the flaws in the logic become more evident. It's not any more or less valid in the example. The flaw (that for some reason is invisable to you) is simply easier to see.

You can play word silly word and tautology games all you want to, but the facts speak for themselves. You see the glass as half-empty, I see it as half-full. The twain no gonna meet.
0 Votes
+ -
I'm glad you finally understand...
Mew-shew 10th Nov 2009
But I don?t accept that it?s "more exploitable". The threats out there in the wild just don?t back up that statement.

More exploitable vulnerabilities = more exploitable. Thats how threats/exploits work. They need vulnerabilities.
More vulnerabilities = more security holes.
More security holes = less secure.

I know you don't accept it. You don't accept rational arguments, because you have an obvious pre-determined position that you're willing to support regardless of the fact that the arguments and "evidence" you're using to try and support you claims are clearly, and provably false.

You provide an "appleinsider" article and an clearly biased editorial as some kind of legitimate proof?

You can play word silly word and tautology games all you want to, but the facts speak for themselves. You see the glass as half-empty, I see it as half-full. The twain no gonna meet.

This reads to me like a big white flag... being waved high and clear. It seems you understand the point that I was making, that the more exploits = less secure argument is bogus, and you simply refuse to discuss it any further.

0 Votes
+ -
UAC nanny screen - Try this:
Mew-shew 10th Nov 2009
Which of these statements is more logical (i.e. the conclusion is properly supported by the true premises)? Don't go off on a tangent. Just answer A or B. I want to see how your reasoning works.

A. "My house is very secure, because it's never been burgled."

or

B. "My house is very secure, because it has state of the art security systems, locks on all doors and windows, and is monitored by a private security agency."
0 Votes
+ -
Critical bulletins for Vista and Windows 7
honeymonster 5th Nov 2009
Vista/Server2008: 1 bulletin
Windows 7/Server2008R": 0 bulletins

There is NO critical bulletins for Office (any
version).

Microsoft Office 2007 is affected by 1 important
bulletin.

The rest of the bulletins affect Windows 2000, Windows
XP or older versions of Office or Office for Mac.

In summary, a small event.
0 Votes
+ -
No Linux mentioned this Tuesday
Wintel BSOD 8th Nov 2009
Gee, I wonder why...

lol.... grin
0 Votes
+ -
Actually
honeymonster Updated - 8th Nov 2009
https://lists.ubuntu.com/archives/ubuntu-
security-announce/2009-November/date.html

Ubuntu mentions in total of 11 vulnerabilities
in november 2009 until now .

If you want to compare month-to-month you can
take last months patches:

https://lists.ubuntu.com/archives/ubuntu-
security-announce/2009-October/thread.html

50+ vulnerabilities (the month where MS set a
"record" across the entire MS product portfolio
with 35 vulnerabilities).

I hope that you were not suggesting that MS
should patch Linux?

Thankfully, Linux is *also* patched. Day after
day after day.

Because you were not suggesting that Linux does
not need patches or does not experience
vulnerabilities, were you?

(yes now I mentioned Linux)
0 Votes
+ -
removed. nt
Mew-shew Updated - 10th Nov 2009
nt
0 Votes
+ -
Title is wrong
honeymonster 5th Nov 2009
Not a single critical Office patch in the set.
While there are Office patches, they all have the lower
"important" rating rather than "critical" as claimed in
the title.

There are critical patches in the set. However, they are
for Windows, not for Office.
0 Votes
+ -
and what the hell are you, microsoft spokesman?
ljenux-23043766007667558234416105604265 6th Nov 2009
:P
0 Votes
+ -
A shill...
Wintel BSOD 8th Nov 2009
...who's job it is to deflect from all the bad news...
0 Votes
+ -
Finally down to ad hominem attacks?
honeymonster Updated - 9th Nov 2009
Between the two of you, you can agree to not
discuss the topics but rather invent paranoid
motives?

"and what the hell are you, microsoft
spokesman?"

No

"A shill who's job it is to deflect from all
the bad news"

No,

1) that is not my job,
2) this is not bad news, and
3) no deflection is needed.

If you read my post again, you will see that I
point out a flaw in the reporting. There are
no critical Office patches this month.
There are critical patches, and there
are other Office patches, yes.

But no critical office patches.

Honest mistake which I merely tried to correct.

But between the two of you you just have to
turn this into personal accusations?
0 Votes
+ -
I'm surprised it took this long...
fairportfan 9th Nov 2009
...for the fanboy ad hominem to come on-line.

(I run both Windows 7 and Ubuntu, BTW)
0 Votes
+ -
fred gave you specifics
ljenux-23043766007667558234416105604265 Updated - 6th Nov 2009
i just gave you simplified.

you can scream and moan, but windows sucks in security (well, not just in that, but that's the issue here), and OS X doesn't

0 Votes
+ -
I love how..
AzuMao 6th Nov 2009
..whenever there are major security failures in MS's
products, the article title is invariably along the lines
of "MS offers patch" or "MS software secured!" but when
it's any other company's, the title is always along the
lines of "HUGE SECURITY FAILURE!", "WHAT A HORRIBLE
PRODUCT! SHOULD'VE USED AN MS ONE LOL", etc.
0 Votes
+ -
How about
honeymonster 6th Nov 2009
" Windows 7's default UAC bypassed by 8 out
of 10 malware samples "?

Especially considering that UAC was not
bypassed. The samples didn't invoke
administrative privileges and thus never
triggered UAC. No bypass; the test merely
showed that an OS does what it is supposed to
do: Execute applications.

Was that an OK headline?
0 Votes
+ -
RE: Patch Tuesday heads-up: Critical MS Office patches coming
artful@... 6th Nov 2009
Great, another "security patch." MS' last critical patch screwed up my PC to the point that it wouldn't properly reboot the next morning and I had to do a system restore. I don't know how much more "help" I can withstand. Vista is so wonderful .. .
0 Votes
+ -
The sun rose today again...
Dukhalion 7th Nov 2009
water is wet, birds fly in the sky, new MS patches
coming again, nothing new under the sun, my post is as
boring as this article, etc, etc.
Seriously though, is there really any point in writing
about these patch tuesdays? I mean, patch tuesday
comes every week doesn't it? I'm sorry if my post
sounds like a downer, but does it really matter what
MS patches since all patches are "An important
security update" and we all do our dutyful updating
anyway, regardless what severity they have. Does
anyone agree? Or is it important to know how many and
what severity updates MS provides each week?
0 Votes
+ -
Yes it is important.
Mew-shew 8th Nov 2009
Firstly, Patch Tuesday is a monthly event, not weekly. It occurs on the second Tuesday of each month.

Secondly, yes these articles are useful. Say for example you are a IT professional responsible for assessing what patches should be deployed within the environment you support. In that case having Ryan summarise the releases and do a present a little summary is very helpful and IS VERY MUCH APPRECIATED. Keep them coming Ryan.
0 Votes
+ -
Why not
Wintel BSOD 8th Nov 2009
Gives them another excuse to blame Linux. Even though the article doesn't even mention it.

wink
0 Votes
+ -
The article doesn't mention it. And yet you keep bringing it up. nt
Mew-shew 8th Nov 2009
nt
0 Votes
+ -
Who, where
honeymonster Updated - 9th Nov 2009
Who blamed Linux? Ryan? Where did he or any
"talkback" blame?

Maybe you are growing a little paranoid?
0 Votes
+ -
Nah, he just...
fairportfan 9th Nov 2009
...automatically assumes that any article mentioning MS security patches and/or commentors thereupon mut, of necessity, attack Linux.
0 Votes
+ -
Blog stuffing
honeymonster 8th Nov 2009
" Secondly, yes these articles are useful.
Say for example you are a IT professional
responsible for assessing what patches should
be deployed within the environment you support.
In that case having Ryan summarise the releases
and do a present a little summary is very
helpful [...] "

In that case those professionals would probably
just subscribe to the bulletins directly from
Microsoft.

Ryan removes a lot of specific information
which makes this blog less suited for making
those decisions.

He then sometimes adds a little information
about how some analysts perceive the patches
and their impact.

I do get the feeling that Ryan use these
advance notifications and patch bulletins as
blog stuffing from time to time. He NEVER stays
around and answers questions or comments on
issues raised in the talkback.
0 Votes
+ -
True...
Mew-shew 9th Nov 2009
In that case those professionals would probably
just subscribe to the bulletins directly from
Microsoft.

And I do. But occasionally Ryans information adds a little more to the overall analysis, especially where the bulletins from MS are quite vague on the details (as is often the case for privately reported vulnerabilities, understandably).

Agree regarding the blog stuffing comment. However I still get some value out of it.

0 Votes
+ -
RE: Patch Tuesday heads-up: Critical MS Office patches coming
efsane Updated - 8th Apr 2011
Great!!! thanks for sharing this information to us!
sesli sohbet sesli chat

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix