Busy week for Microsoft patching
Next week promises to be a busy week for systems administrators of companies where there are a number of Microsoft systems. These would consist of security updates for Windows, Office, Exchange and Biztalk. Microsoft normally does not disclose details of the updates, but this article provides some details of what the expected updates would be.
These are one of the issues with using Microsoft updates, in terms of the number of updates that need to be installed on a regular basis. And many of these updates require reboots, causing downtime on systems that are in regular use. Doing downtime on a production system requires some amount of coordination and making sure that users are aware of this downtime. Refer this article:
Two of the seven bulletins slated for the May 8 release involve Windows, three affect Microsoft Office, and one each impact Microsoft Exchange and the cryptography API within BizTalk Server. At least five of the seven updates will be pegged critical, Microsoft's highest threat score in its four-level system, according to the advance notification posted today.
As usual, Microsoft did not disclose details of the updates, but intelligent guesses are not difficult. One of the Windows updates, for example, will likely be a fix for the DNS (Domain Name System) zero-day bug found in all editions of Microsoft's server line, including the current beta of Windows Longhorn Server. While researchers predicted last month that Microsoft would issue an out-of-cycle fix for the DNS server service flaw, the company's security team instead has repeatedly blogged that it would probably wait until the regularly scheduled patch day.
If Microsoft issues the seven updates, users will have seen 29 bulletins in the first four months of the year, and at least 49 patches; more than half of those will have been marked critical. During the first five months of 2006, Microsoft issued 20 updates with 36 patches.
These are a significant number of updates. The biggest problem is that in the time that Microsoft releases a patch, the information about the bug is already being exploited by hackers. Microsoft normally releases a patch with some delay after reporting, while trying to make sure that information about the defect is not available publicly. However, with a reported market in defects, it would seem to be losing this battle.
No comments:
Post a Comment