Here's an article explaining why Microsoft delays their patching: <http://en.wikipedia.org/wiki/Patch_Tuesday>
Specifically this bit: "In order to reduce the costs related to the deployment of patches, Microsoft introduced the concept of Patch Tuesday. The idea is that security patches are accumulated over a period of one month, and then dispatched all at once on an anticipated date which system administrators can prepare for." On 12/19/08, Bipin Gautam <bipin.gau...@gmail.com> wrote: > stop putting so much of attention to 0-day and possible use of it by > government to get into a terrorist pc. > > if breaking into someones pc was a matter of national security > importance 0-day may provide a easy leverage but you really dont need > a 0-day to get into someones pc, neither you'd need a already > existing/known backdoor, neither you'd need to bruteforce into the > advisory or a physical access to it. > > all they need to do is poison a unsigned executable/plugin/update with > a backdoor instead, that is being downloaded to the advisory computer > over an unencrypted connection if you can control the network gateway > or have isp level access. such attacks "could" work regardless of the > OS or patch level. > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- I'm your best best friend. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
