| Subscribe via RSS

Microsoft to share details on vulnerabilities

August 6th, 2008 Posted in News, Windows

One of the most popular security tips is to keep your software patched.  In a production environment this is harder then you might think.  Each time a patch is release its purpose is to fix a problem.  That problem can either be fixed by modifying code or adding code.  This change to software code can cause other software (third-party programs) to stop functioning or create new vulnerabilities or problems.

To avoid the possibility of introducing new vulnerabilities or problems most businesses do patch testing in a lab environment.  That is when usually a company downloads the latest patches and test it on non-production nodes of like systems (test nodes or backup server not production server).  The goal of the testing is to see if the patch breaks anything or introduces other security or non-security related issues.  Most times loading a patch doesn’t cause issues.  Other times it can bring a system to it’s knees.

Depending on the size of a network and the nodes that need testing done it can take days, weeks or months to load a patch into a production environment.  This is a problem because malicious hackers can reverse engineer these patches, and using other public and private information, to create malicious code and modules that can be used to exploit vulnerable systems.

Until now Microsoft would only tell a few major vendors about vulnerabilities and fixes.   Now Microsoft is moving in the direction to notify more security vendors before “Patch Tuesday” releases are made.  The goal is to give the security vendors more time to provide patches and fixes of there own if needed.

I think this is a great move by Microsoft but we will still need to wait and see what the actual results of this new initiative will be.  What are your views on patch management and Microsoft’s decision to share vulnerability patches early?  Please post your comments I would like to know what you think.

Sources

Random Posts

Tags: , ,
This entry was posted on Wednesday, August 6th, 2008 at 4:59 am and is filed under News, Windows. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply