http://www.csoonline.com/article/479826/Time_to_Tweak_Microsoft_s_Patch_Tuesday_ By Bill Brenner Senior Editor CSO February 09, 2009 It's been about six years since Microsoft set aside the second Tuesday of each month as the day to release security patches, and most IT administrators have come to appreciate a consistent schedule to plan around. But every so often, zero-day vulnerabilities and attacks materialize outside the cycle, causing more than a little heartburn for Windows-based businesses. In December, for example, Microsoft was forced to release an emergency, out-of-cycle patch for Internet Explorer (IE) to close a security hole that allowed attackers to infect more than 2 million machines. The malware allowed the bad guys to steal such personal data as passwords when the user visited one of at least 10,000 compromised websites. Days later, Microsoft had another critical flaw on its hands: an SQL Server database software bug attackers could exploit to run unauthorized software on systems running versions of Microsoft SQL Server 2000 and SQL Server 2005. Cases like these beg the question: Has Patch Tuesday outlived its usefulness? Is a more frequent update process in order to match the increased sophistication and speed of attackers? [...] _______________________________________________ Best Selling Security Books & More! http://www.shopinfosecnews.org/Received on Mon Feb 09 2009 - 23:04:34 PST
This archive was generated by hypermail 2.2.0 : Mon Feb 09 2009 - 23:10:53 PST