By Bill Brenner
February 09, 2009
It's been about six years since Microsoft set aside the second Tuesday
of each month as the day to release security patches, and most IT
administrators have come to appreciate a consistent schedule to plan
But every so often, zero-day vulnerabilities and attacks materialize
outside the cycle, causing more than a little heartburn for
In December, for example, Microsoft was forced to release an emergency,
out-of-cycle patch for Internet Explorer (IE) to close a security hole
that allowed attackers to infect more than 2 million machines. The
malware allowed the bad guys to steal such personal data as passwords
when the user visited one of at least 10,000 compromised websites.
Days later, Microsoft had another critical flaw on its hands: an SQL
Server database software bug attackers could exploit to run unauthorized
software on systems running versions of Microsoft SQL Server 2000 and
SQL Server 2005.
Cases like these beg the question: Has Patch Tuesday outlived its
usefulness? Is a more frequent update process in order to match the
increased sophistication and speed of attackers?
Best Selling Security Books & More!