On Sat, Oct 10, 2009 at 11:02 AM, Tom Piwowar <[email protected]> wrote: > > http://www.informationweek.com/news/windows/showArticle.jhtml?articleID=220600140 > > In June, Microsoft (NSDQ: MSFT) issued 10 security bulletins > addressing 31 vulnerabilities, the largest number of vulnerabilities > fixed in a single day since the company began issuing regular patches > on the second Tuesday of every month in October 2003. This coming > Tuesday, the company's four-month-old record will fall: Microsoft's > October patch cycle includes 13 bulletins that address 34 > vulnerabilities. Eight of the bulletins are rated "critical" and five > are rated important. Fixes include two zero-day vulnerabilities, at > least one of which is actively being exploited. The bulletins affect > Windows, Internet Explorer, Office, Silverlight, Forefront, Developer > Tools, and SQL Server. > > QUESTION: > Why are they making us wait for Tuesday for "two zero-day > vulnerabilities, at least one of which is actively being exploited?" I > would hope that something like this would be sent out quickly? Should > we refrain from using our PCs until next week? This may be a good > weekend to go out to pick up a secure Mac. >
The explanation I keep hearing for this is that IT departments want to be aware of when the patches are coming and don't want surprise patches. MS caved to IT and there is only the one patch Tuesday per month. -- John Duncan Yoyo -------------------------------o) ************************************************************************* ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *************************************************************************
