[THIN] Re: Discussion: Microsoft to release patches oncepermonth
- From: "Jim Kenzig http://thethin.net" <jimkenz@xxxxxxxxxxxxxx>
- To: thin@xxxxxxxxxxxxx, windows2000@xxxxxxxxxxxxx,nospam@xxxxxxxxxxxxx
- Date: Wed, 10 Dec 2003 13:38:39 -0500
And now this.....sheesh
==== 1. In the News ====
by Paul Thurrott, thurrott@xxxxxxxxxxxxx
Happy Holidays? No Monthly Microsoft Critical Security Patch in December
Microsoft alerted systems administrators this week that the company
won't issue its monthly critical security patch package in December, a
sort of happy holidays gift. But lest anyone get too excited by the
implications of this announcement, be aware that Microsoft products
currently contain several known security vulnerabilities, and the reason
the company isn't issuing a patch package has more to do withtiming than
anything else. This situation leads to some obvious questions about
Microsoft's decision to release monthly patchpackages, the first of
which appeared in October. What happens when
Microsoft internally finalizes security patches just after the date on
which patches are supposed to be issued to the public? "In response to
extensive customer feedback, Microsoft is implementing changes in the
way security bulletins are released," the company announced earlier this
year. "These changes will help enhancethe manageability and
predictability of the patch-management process for customers. Security
bulletins will normally be released on the second calendar Tuesday of
every month." However, on the TechNet Website this week, the company
noted: "Microsoft had no securitybulletins to release December 9, 2003,
as part of its monthly releasecycle for December. If the need arises for
emergency patches, theywill be issued outside the monthly releases."
And the need will likely arise. In addition to the Microsoft Internet
Explorer (IE) vulnerabilities that security researchers discovered in
late November, Microsoft is investigating the possibility that intruders
could use information in an earlier security patch to unleash a
Slammer-style attack on Windows. And the company hinted that some fixes
are in the works but didn't make the December 9 cutoff date. "We have
made a commitment to release [monthlypatch packages] when we're ready,
when we have quality patches," Iain Mulholland, security manager for the
Microsoft Security Response Center,said. "There is simply nothing that
has passed the bar yet from a quality perspective for release in [the]
December [package]."
JK
Other related posts:
