PC_Tool..as an admin myself, you are aware that you can't just dump all of these new patches on a system when they come out. Sometimes these patches can damage proprietary software or even existing applications that can cause downtime and THAT is more unacceptable then a potention flaw that maybe exploited. We hire other people(industrial hackers if you will) to look for other hackers trying to exploit these flaws. Once we have tested these patches and verify that they work with our existing apps then and only then do we upgrade and sometimes it can take weeks to do. SO, instead of update immediatly and get fired for screwing up a perfectly running server, I'd rather wait and do safely and properly.

I could be wrong on the date but I believe it was back on 4/19/06 that Microsoft pushed an update out as a Critical Security update for some Dell Systems for their Video Driver... this Driver made those Dell's not boot into Windows XP anymore... the fix for it was to uninstall the driver in safe mode, return to Windows Update site manually and tell that update to never attempt to install... I'm sure there have been other issues with updates as well. That is just one I personally had to deal with for a customer. Also I provide some support services for a Hospital... some updates can break the special software they use... hence default policy is not to automatically install updates as they must be tested against their special programs first...

Is anyone else f***ing sick of all these basement dwelling 'programmers' with nothing better to do in their lives than sit on their asses and create viruses. F***!!!!!

Exploit code has surfaced on the Web for some of the 21 issues fixed by Microsoft in its Tuesday update.

Keyword: Fixed.

Those folks without Automatic update enabled are the only ones vulnerable.

Poor fools.

And the thousands of companies that have patch processes and testing in place, also.

And people who (intelligently, IMO) don't trust automatic patching, since MS is releasing non-security related patches now masquerading as critical patches.

And people who carefully read the bulletins, and realize that they are firewalled, don't use insecure browsers (and haven't for years,) and let the rest of the world beta test for them.

If you're not paying attention, you're gonna get bit.

Any SysAdmin *not* sending down patches to fix flaws for *existing* exploits should be fired on the spot.

Why would any home user not trust automatic patching? On a legitimate system, there are no issues.

"Why would any home user not trust automatic patching? On a legitimate system, there are no issues."

All my systems are legit, and all my systems have issues with automatic updates. Maybe it is because I have it set to "notify before downloading", but it seems to get confused when I tell it yes to downloading. It dissappears until manually update, and then tells me they are ready. Personally, I think my machines are just smarta$$es.

"Any SysAdmin *not* sending down patches to fix flaws for *existing* exploits should be fired on the spot."
At the university I used to work for, he would've been fired on the spot for doing that with SP2. It would've shut down the entire administration building's access to their central printer due to the firewall. Granted SP2 was quite a bit more than a patch; but still, there are reasons for not jumping on the updates first.

Yeah, Serice packs being the exception. :P

As for patching flaws with existing ITW exploits, my point still stands.

As for your Update issues, have you tried options *other* than notify? I personally have them automatically download and manually install. Have yet to have an issue with it.

I just don't like them downloading without me knowing about it. Not a paranoia thing, just don't like it happening when I need the bandwidth/resources for something else. The only other option I would consider is off; but I am pretty good about checking for my updates regularly anyway.

Could always set them to DL/install at specific times.

Yeah, but then I need to make sure my computer is on. And normally, if it is on in the middle of the night, I'm on it.

Ah.

Point taken. I never shut mine down. :P

Of course I pay attention, I'm the one running the show.

"Any SysAdmin *not* sending down patches to fix flaws for *existing* exploits should be fired on the spot."
Thankfully you don't run the IT world. Sorry, even known exploits, I don't roll them out to everyone. I test and then roll them out. We knew about AV defs for the word exploits, and our IDS updates should catch any exploits internal. Most of these exploits won't hit a properly VLAN'ed office.

"Why would any home user not trust automatic patching? On a legitimate system, there are no issues."
As a home user myself with legit XP pro boxes, I don't want a phone-home app running every time I start my machine. I don't have to justify my ownership to Microsoft, I did that with my cash when I paid for it. Can you imagine if your car drove back to the dealership every month to see if it still had unmodified parts to check the warranty status? Or if a glitch occurred and my machine was tagged as not being legit?

There are already reports of companies seeing the WGA on internal boxes, because admins used VLK's on OEM boxes so that they could ghost their machines. The had legit OEM licenses, so is what they did really all that bad?