Re: [CGUYS] Two "Zero Day" Patches in Hand But No Distribution Until Next Week -- Why?

Sat, 10 Oct 2009 09:17:17 -0700

IT managers should be setting their schedules for updates locally and that way consumers can patch anytime needed. 

Sent from my iPod
On Oct 10, 2009, at 8:45 AM, John Duncan Yoyo <[email protected]> wrote: 


On Sat, Oct 10, 2009 at 11:02 AM, Tom Piwowar <[email protected]> wrote:



http://www.informationweek.com/news/windows/showArticle.jhtml?articleID=220600140

In June, Microsoft (NSDQ: MSFT) issued 10 security bulletins
addressing 31 vulnerabilities, the largest number of vulnerabilities
fixed in a single day since the company began issuing regular patches
on the second Tuesday of every month in October 2003. This coming
Tuesday, the company's four-month-old record will fall: Microsoft's
October patch cycle includes 13 bulletins that address 34
vulnerabilities. Eight of the bulletins are rated "critical" and five
are rated important. Fixes include two zero-day vulnerabilities, at
least one of which is actively being exploited. The bulletins affect
Windows, Internet Explorer, Office, Silverlight, Forefront, Developer
Tools, and SQL Server.

QUESTION:
Why are they making us wait for Tuesday for "two zero-day
vulnerabilities, at least one of which is actively being exploited?" I 
would hope that something like this would be sent out quickly? Should
we refrain from using our PCs until next week? This may be a good
weekend to go out to pick up a secure Mac.
The explanation I keep hearing for this is that IT departments want to be 
aware of when the
patches are coming and don't want surprise patches. MS caved to IT and 
there is only the one patch Tuesday per month.

--
John Duncan Yoyo
-------------------------------o)
*** ********************************************************************** ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http:// www.cguys.org/ ** *** ********************************************************************** 


*************************************************************************
**  List info, subscription management, list rules, archives, privacy  **
**  policy, calmness, a member map, and more at http://www.cguys.org/  **
*************************************************************************

Reply via email to