On CBS.com: Play Survivor Video Trivia Now
BNET Business Network:
BNET
TechRepublic
ZDNet

June 20th, 2007

Beware of undisclosed Microsoft patches

Posted by Mary Jo Foley @ 9:32 am

Categories: Corporate strategy, Security

Tags: Vulnerability, Patch Management, Microsoft Corp., Blogging, Mary Jo Foley

My blogging colleague Ryan Naraine offers up some interesting food for thought regarding Microsoft’s philosophy behind disclosing (or not disclosing) all of the vulnerabilities it is fixing via its patches.

Microsoft is, admittedly, silently patching certain vulnerabilities. The practice isn’t unique to Microsoft, as Naraine notes. But it is controversial. Microsoft says it is doing this to thwart “the bad guys.” But the silent patching also makes IT administrators’ jobs more complicated.

From Naraine’s blog post:

“You’re not fooling exploit writers with silent fixes. You’re only fooling your customers,” says Marc Maiffret, co-founder of eEye Digital Security.

Forget for a moment whether Microsoft is throwing off patch counts that Microsoft brass use to compare its security record with those of its competitors. What do you think of Redmond’s silent patching practice?

Mary Jo FoleyMary Jo has covered the tech industry for more than 20 years. Don't miss a single post. Subscribe via Email or RSS. You can also follow Mary Jo on Twitter.

Got a tip? Send Mary Jo your rants, rumors, tips and tattles. For disclosure on Mary Jo's industry affiliations, click here or to see Mary Jo's full profile click here.

  • Talkback
  • Most Recent of 26 Talkback(s)
Because it matters
The average consumer may not know it, but this controversial practice makes the job of IT administrators much more difficult. And that can affect the "average consumer" in the workplace. People use Windows (unfortunately) at work too, you know.... (Read the rest)
Posted by: mannyamador Posted on: 08/23/07 You are currently: a Guest | | Terms of Use
What do I think of Redmond?s silent patching practice?  Henry Miller | 06/20/07
What does one think...  swhiser | 06/20/07
I think it lacks honesty.  ju1ce | 06/20/07
Not Necessarily Dishonest and All Bad  dhettinger | 06/20/07
Not quite so simple I'm afraid.  odubtaig | 06/20/07
That is a Valid Point  dhettinger | 06/20/07
Though that's a double edged sword.  odubtaig | 06/20/07
PCI compliance.  rtk | 06/20/07
You're confusing me.  odubtaig | 06/20/07
Fear not!  rtk | 06/20/07
Enough with the FUD!!  Mike Cox | 06/20/07
Undisclosed patches  maldain | 06/20/07
ACK!  maldain | 06/20/07
You sound as though  Ole Man | 06/20/07
Give This Man A Blog Now !!  TheBoyBailey | 06/20/07
NIce one...  ogmanx@... | 06/20/07
I have often wondered why I have problems......  carlsf@... | 06/20/07
Another bonehead arrogant move my Microsoft. The only ones that are in the  DonnieBoy | 06/20/07
Starting to wonder...  svpaladin@... | 06/20/07
Standard MS behavior  dfolk | 06/21/07
Not ony does Microsoft require  Ole Man | 06/21/07
Is anyone surprised?  deaf_e_kate | 06/21/07
And the average consumer cares because????  reidl77@... | 06/22/07
Apathy is the cure-all  Ole Man | 06/23/07
Because it matters  mannyamador | 08/23/07
Dey Got Sumthin' t'Hide  bcroner | 06/22/07

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Click Here
advertisement

Order Microsoft 2.0

Pre-order Microsoft 2.0

Order 'Microsoft 2.0' by Mary Jo Foley at Amazon.com.

Recent Entries

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
Learn more about tools to grow your business
The Business Essentials Guide provides you useful tools and templates to help grow your business and save you time with automated shipping solutions.
Save time with the UPS Business Essentials Guide
The more you simplify, the more you save
When you transition from your existing Red Hat environment to SUSE Linux Enterprise from Novell, you can recognize dramatic cost savings, perhaps as much 50%
Learn more >>
The best support in the Linux business
If Linux is going to power your mission-critical applications, you'd better have the best support known to business. Novell was rated the top provider of Linux technical support.
Learn more >>
Reduce risk. Reduce complexity. Increase reliability.
A simplified IT environment isn't just less complex. It's also more reliable. Standardize on a single Linux platform with SUSE Linux Enterprise from Novell, and get the world's most interoperable Linux
Learn more >>
Reduce risk. Reduce complexity. Increase reliability.
A simplified IT environment isn't just less complex. It's also more reliable. Standardize on a single Linux platform with SUSE Linux Enterprise from Novell, and get the world's most interoperable Linux
Learn more >>
Microsoft Dynamics CRM Online - Free Six-Month Trial for Eligible Organizations
Microsoft Dynamics CRM Online provides fast online access, simple contact management and better sales performance for a low monthly cost - the best value on the market today.
Learn more about the free, six-month trial offer>>
advertisement

Archives

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here