AOH :: IS1696.HTM

Time to Tweak Microsoft's Patch Tuesday?




Time to Tweak Microsoft's Patch Tuesday?
Time to Tweak Microsoft's Patch Tuesday?



http://www.csoonline.com/article/479826/Time_to_Tweak_Microsoft_s_Patch_Tuesday_ 

By Bill Brenner
Senior Editor
CSO
February 09, 2009

It's been about six years since Microsoft set aside the second Tuesday 
of each month as the day to release security patches, and most IT 
administrators have come to appreciate a consistent schedule to plan 
around.

But every so often, zero-day vulnerabilities and attacks materialize 
outside the cycle, causing more than a little heartburn for 
Windows-based businesses.

In December, for example, Microsoft was forced to release an emergency, 
out-of-cycle patch for Internet Explorer (IE) to close a security hole 
that allowed attackers to infect more than 2 million machines. The 
malware allowed the bad guys to steal such personal data as passwords 
when the user visited one of at least 10,000 compromised websites.

Days later, Microsoft had another critical flaw on its hands: an SQL 
Server database software bug attackers could exploit to run unauthorized 
software on systems running versions of Microsoft SQL Server 2000 and 
SQL Server 2005.

Cases like these beg the question: Has Patch Tuesday outlived its 
usefulness? Is a more frequent update process in order to match the 
increased sophistication and speed of attackers?

[...]


_______________________________________________      
Best Selling Security Books & More!
http://www.shopinfosecnews.org/ 

Site design & layout copyright © 1986-2014 CodeGods