EUIST

EUIST

Just another ComMetrics – social media monitoring, best metrics, marketing metrics weblog

Today’s Microsoft out-of-cycle patch – should we be pleased?

April 3rd, 2007 · No Comments ·

Most of us probably read about the latest Microsoft Zero-day exploit we reported about it here:

CyTRAP Labs zero-day exploit list – Microsoft drive-by code exploit

On 2007-03-30 the Microsoft folks did release some information about this matter on their security blog. What makes curious minds wonder is that the team claims they knew about this vulnerability since 2006-12-28 and have been addressing this issue since then…. The blog also states:

    ‘… This update was previously scheduled for release as part of the April monthly release on April 10, 2007.’

Is Microsoft trying to tell the public that it took them just about 3.5 months until the patch was ready?

If such a type of vulnerability is brought to their attention, 3.5 months seems a long time and releasing it a week early makes one wonder why. If the threat is so worrisome that we have to release the patch a week early (remember, MS’ rational for having second Tuesday as a patch day was to make it easier for system folks out there to roll out patches to all the PCs on the corporate LAN), did we not know this since December that it was a serious vulnerability? Read more from Microsoft here:

Update on Microsoft Security Advisory 935423

One rational provided in the blog (see above link) is this:

    Due to the increased risk to customers from these latest attacks, we were able to expedite our testing to ensure an update is ready for broad distribution sooner than April 10.

How can we be satisfied with such service? Do customers have to get hurt first until Microsoft takes matters seriously enough to move and get a fix out?

Remember 2001, see our next story when Windows promised better behavior regarding security with Windows XP….. The above does not make us feel more comfortable.

– Next – Steve Ballmer and Bill Gates – Windows XP song and dance – do we get a repeat for Windows Vista?

_PS_

30 Billion Crashes – What Happens when Windows asks to send a Report About your System Problem to Microsoft?



|

→ No CommentsTags: 935423 · april · curious · drive · exploit · microsoft · rational · update