Sometimes you have to wonder... There are plenty of public vulnerabilities in Windows and related Microsoft products (See: The Missing Microsoft Patches)... yet Microsoft has chosen not to put out any security patches this month. That's right, the advanced bulletin for March claims they will release no new security patches. Now I'm slightly concerned about this... There are plenty of issues that could, and should, be patched. If they can't keep up and therefore can't get anything out, perhaps they should hire more people... If this is due to QA problems, then perhaps it's time for retraining. In the end this is definitely very concerning... I've been a big supporter of Microsoft and there steps forward in security lately. Yet the release of 0 patches when there are identified problems leaves me with some questions.
So... I pose the following questions to Microsoft:
- Why have you chosen to release 0 patches this month, when there are obviously vulnerable issues that need to be address?
- Why are you unlikely to provide patches for several of the issues listed on The Missing Microsoft Patches list?
- What does this say to your customers and the public, when after several promises to be committed to security you are a) taking your time to release patches and b) ignoring certain issues because you don't deem them important enough to patch?
I've spent quite a bit of time supporting Microsoft and perhaps that support came to early... Perhaps I've trusted Microsoft a bit too much and they aren't taking security nearly as seriously as they claim to be. That's what this advanced bulletin says to me... What does it say to everyone else?
Comments (2)
I would have expected at least an Office patch. I guess the real question is.....will we see another Zero-day Wednesday?
Posted by Technocrat | March 9, 2007 7:37 AM
Posted on March 9, 2007 07:37
nice but need to update a bit because there is lack of security in network edaptors.
Posted by susain | March 14, 2007 9:25 AM
Posted on March 14, 2007 09:25