Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Patches That Patch

    By
    Brian Livingston
    -
    November 17, 2003
    Share
    Facebook
    Twitter
    Linkedin

      The “Patch-A-Month Club” was to have made life simpler for Microsoft customers. Instead, its life as before—which leaves much to be desired. In moving to a monthly schedule for routine patches, Microsoft intended to make it easier for customers to maintain stable and secure systems. But in the weeks the program has been in effect, the company has had to violate the monthly timetable by issuing more frequent patches—and even patching the patches that it issued.

      “Even though theyve changed to monthly, theyve already made some changes off the schedule,” said an IT professional at Time, who asked not to be named. “So theyve officially changed—but not really.”

      Microsofts policy of batching patches began Oct. 15. On that date, the company released five Windows security bulletins, four of them rated “critical,” plus two bulletins specifically for Exchange Server. The next batch wasnt due until Nov. 11. The new schedule is potentially a great idea that can protect your enterprise against script kiddies if you roll out needed vulnerability fixes as soon as theyre available.

      But on Oct. 22, Microsoft released a new version of one of the Windows patches and, on Oct. 24, a new version of one of the Exchange patches. On Oct. 29, three of the Windows patches were modified and reissued—including one for the revised Windows patch that had been issued just one week earlier. The latest round of revisions, Microsoft acknowledges, keeps the three initial Windows patches from hanging machines in certain cases when theyre installed (see www.bri.li/3461).

      No one would argue that Microsoft shouldnt have issued fixed patches when it learned of significant problems. Software isnt perfect and never will be. But Microsoft customers deserve to feel safe relying on Microsofts megapatches every month. Most people wont feel safe if they keep getting patches with unadvertised side effects that disrupt their work. More important, their systems wont be fully secure.

      These issues trouble even big believers in the new monthly patch policy. For example, Roger Wilding, senior technical engineer for CNF, a global supply chain service company, supports the new schedule, saying, “It actually makes it easier for us to understand. As long as there isnt a critical vulnerability thats going around the Net right now, we can wait until the second Tuesday of the month.” Wilding uses the Software Update Services Feature Pack of Microsofts Systems Management Server to administer patches to more than 2,000 machines.

      Last months Windows upgrades, however, caused him grief. “One of the patches broke one of our applications, so Microsoft is discussing with us whether or not the patch should have a shim or something.” Microsoft said the patch in question changes the way Windows handles text input and that other developers should change their code to avoid any problems.

      Windows is such a complex organism now that its hopeless to expect Microsofts patches to ever play nicely with all possible software. Thats why enterprises are heavily invested in patch management tools—Microsofts and others—to apply patches and patches to patches. Russ Cooper, editor of the NTBugtraq security mailing list, recently surveyed his 31,000 subscribers and found theyre collectively using 29 fee-based patch management solutions and 18 free ones. Whew!

      The new monthly patch schedule leaves companies with no excuse for not updating regularly. Michael Howard, Microsofts senior program manager for security engineering and communications, told me customers demanded it: “The overwhelming feedback we had from customers is that this would be much more predictable. It allows you to do it in one fell swoop.”

      Having committed to sending out a broad batch of updates the second Tuesday of every month, Microsoft also has no excuse if it doesnt improve its testing during the extra weeks it now has between releases. We all have a big stake in everyone getting this right.

      Brian Livingston is editor of BriansBuzz.com. His column appears every other week in eWEEK. Send your comments to eWEEK @ziffdavis.com.

      Avatar
      Brian Livingston

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×