The missing Windows patches
We just had the monthly Microsoft patch Tuesday and quite a few security updates were made. However, there remain a number of known security issues that are unpatched. Ryan Naraine asks, Where on earth are these Microsoft patches?. He points out that at least 20 known, high risk security problems remain and concludes:
Microsoft has done a great job of improving its security posture and its relationship with hackers/researchers but the inability to issue patches in a timely manner is still a major problem.
The disclosure time-line in this Core Security advisory (scroll to bottom) shows just how frustrating it is to get Microsoft to stick to a patch release schedule. The two sides are discussing an IE vulnerability that was first reported in January 2008 but was delayed numerous times because of all kinds of (sometimes comical) hiccups.
The list above applies only to publicly known issues. Can you imagine what’s out there that’s not yet public?
Did you enjoy this post? Why not leave a comment below and continue the conversation, or subscribe to my feed and get articles like this delivered automatically to your feed reader.
Comments
No comments yet.
Sorry, the comment form is closed at this time.