On mySimon: Karen Scott "Benedict" Slingback Pump
BNET Business Network:
BNET
TechRepublic
ZDNet

June 20th, 2007

Beware of undisclosed Microsoft patches

Posted by Mary Jo Foley @ 9:32 am

Categories: Corporate strategy, Security

Tags: Vulnerability, Patch Management, Microsoft Corp., Blogging, Mary Jo Foley

My blogging colleague Ryan Naraine offers up some interesting food for thought regarding Microsoft’s philosophy behind disclosing (or not disclosing) all of the vulnerabilities it is fixing via its patches.

Microsoft is, admittedly, silently patching certain vulnerabilities. The practice isn’t unique to Microsoft, as Naraine notes. But it is controversial. Microsoft says it is doing this to thwart “the bad guys.” But the silent patching also makes IT administrators’ jobs more complicated.

From Naraine’s blog post:

“You’re not fooling exploit writers with silent fixes. You’re only fooling your customers,” says Marc Maiffret, co-founder of eEye Digital Security.

Forget for a moment whether Microsoft is throwing off patch counts that Microsoft brass use to compare its security record with those of its competitors. What do you think of Redmond’s silent patching practice?

Mary Jo FoleyMary Jo has covered the tech industry for more than 20 years. Don't miss a single post. Subscribe via Email or RSS. You can also follow Mary Jo on Twitter.

Got a tip? Send Mary Jo your rants, rumors, tips and tattles. For disclosure on Mary Jo's industry affiliations, click here or to see Mary Jo's full profile click here.

  • Talkback
  • Most Recent of 26 Talkback(s)
Because it matters
The average consumer may not know it, but this controversial practice makes the job of IT administrators much more difficult. And that can affect the "average consumer" in the workplace. People use Windows (unfortunately) at work too, you know.... (Read the rest)
Posted by: mannyamador Posted on: 08/23/07 You are currently: a Guest | | Terms of Use
What do I think of Redmond?s silent patching practice?  Henry Miller | 06/20/07
What does one think...  swhiser | 06/20/07
I think it lacks honesty.  ju1ce | 06/20/07
Not Necessarily Dishonest and All Bad  dhettinger | 06/20/07
Not quite so simple I'm afraid.  odubtaig | 06/20/07
That is a Valid Point  dhettinger | 06/20/07
Though that's a double edged sword.  odubtaig | 06/20/07
PCI compliance.  rtk | 06/20/07
You're confusing me.  odubtaig | 06/20/07
Fear not!  rtk | 06/20/07
Enough with the FUD!!  Mike Cox | 06/20/07
Undisclosed patches  maldain | 06/20/07
ACK!  maldain | 06/20/07
You sound as though  Ole Man | 06/20/07
Give This Man A Blog Now !!  TheBoyBailey | 06/20/07
NIce one...  ogmanx@... | 06/20/07
I have often wondered why I have problems......  carlsf@... | 06/20/07
Another bonehead arrogant move my Microsoft. The only ones that are in the  DonnieBoy | 06/20/07
Starting to wonder...  svpaladin@... | 06/20/07
Standard MS behavior  dfolk | 06/21/07
Not ony does Microsoft require  Ole Man | 06/21/07
Is anyone surprised?  deaf_e_kate | 06/21/07
And the average consumer cares because????  reidl77@... | 06/22/07
Apathy is the cure-all  Ole Man | 06/23/07
Because it matters  mannyamador | 08/23/07
Dey Got Sumthin' t'Hide  bcroner | 06/22/07

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement
Click Here

Order Microsoft 2.0

Pre-order Microsoft 2.0

Order 'Microsoft 2.0' by Mary Jo Foley at Amazon.com.

Recent Entries

advertisement

Archives

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here