http://www.twincities.com/mld/twincities/business/16872927.htm BY LESLIE BROOKS SUZUKAMO Pioneer Press Mar. 10, 2007 Microsoft will skip its monthly release of security patches Tuesday for the first time in over a year, giving harried IT workers one less thing to fix after weeks of patching office computers to recognize the earlier than usual start of daylight-saving time this weekend. Thousands of computers ranging from servers and desktops to laptops and BlackBerries needed software patches in order to automatically switch to daylight-saving time at 2 a.m. Sunday, three weeks earlier than they were programmed for. The frenzied work comes the weekend before what has come to be known and dreaded in the IT world as "Patch Tuesday" the second Tuesday of the month when Microsoft regularly releases software to plug vulnerabilities in Windows. The last time the company didn't issue a security patch was 18 months ago, but that doesn't mean there are no potential security problems. Computer security outfits like eEye Digital of California have identified five unpatched vulnerabilities in various Microsoft software that hackers might use. Rick King, chief operating officer for legal publishing giant Thomson West in Eagan, said his technicians have toiled since January on the daylight-saving time problem to make sure things operate smoothly on Monday when his employees return to work. Not having a security patch to install on top of that is nice but it doesn't save him any money, he said. Patch Tuesday, he said, is "a routine pain in the neck" already built into his budget. Microsoft in a statement Friday said it occasionally has months when it does not release patches and all of its software updates must pass testing standards in order to be released. "I don't think Microsoft is holding off on security; they know better than that," said Eric Schultze, chief security architect for Roseville-based Shavlik Technologies, which makes software that helps companies manage Microsoft patches. Schultze, who used to work at Microsoft on security, said the software giant works on dozens of patches at a time, and some take months to write. The patchless Tuesday is "a happy coincidence" that could give IT staff who have been working around the clock solving the daylight-saving time problem a breather, Schultze said. Some Twin Cities IT managers are taking the absence of Microsoft security patches in stride. "We got by yesterday without any patches and we can get by another day," said Shih-pau Yen, deputy CIO for the University of Minnesota. _________________________________________ Visit the InfoSec News Security Bookstore http://www.shopinfosecnews.org
This archive was generated by hypermail 2.1.3 : Sun Mar 11 2007 - 23:13:54 PST