Vole issued a single patch for 14 holes in April, but Russ Cooper, editor of the NTBugTraq mailing list and a senior security specialist with TruSecure said there was no time for network managers to test the patch before Sasser struck.
Speaking at the AusCERT security conference in Australia, Cooper said the worm had taken advantage of one of the 14 vulnerabilities. However, network managers had no way of applying a fix for just that one, so people held off patching instead.
According to the Sydney Morning Herald, Cooper said that Microsoft was seriously deluded if they think that this methodology is going to contribute to security. Big patches should be called service packs and undergo beta testing, he added.
He also attacked Vole for waiting for such a long time to patch vulnerabilities and then issuing a bigger patch which was harder to test. However he supported Microsoft's current programme of issuing monthly patches, saying it gave people an idea of what to expect and when.
Sign up for INQbot – a weekly roundup of the best from the INQ