The Inquirer-Home

Microsoft's mega patch blasted

No time before Sasser attacked
Fri May 28 2004, 13:17
THE REDMOND GIANT that leaps between continents has been slagged off for its April mega patch to the holey quilt that is Windows XP.

Vole issued a single patch for 14 holes in April, but Russ Cooper, editor of the NTBugTraq mailing list and a senior security specialist with TruSecure said there was no time for network managers to test the patch before Sasser struck.

Speaking at the AusCERT security conference in Australia, Cooper said the worm had taken advantage of one of the 14 vulnerabilities. However, network managers had no way of applying a fix for just that one, so people held off patching instead.

According to the Sydney Morning Herald, Cooper said that Microsoft was seriously deluded if they think that this methodology is going to contribute to security. Big patches should be called service packs and undergo beta testing, he added.

He also attacked Vole for waiting for such a long time to patch vulnerabilities and then issuing a bigger patch which was harder to test. However he supported Microsoft's current programme of issuing monthly patches, saying it gave people an idea of what to expect and when.


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

INQ Poll

Heartbleed bug discovered in OpenSSL

Have you reacted to Heartbleed?