Microsoft WMF vulnerability
So let me ask you the reader here what you think.
I would love to see replies to this and share it with some of my friends that work at Microsoft.
Not to long ago Microsoft instituted the month patch schedule. This was so Administrators, like myself, could plan better instead of seeing fixes randomly appear that we needed to test and see how they interacted within the corporate environment. It's sometimes nice to work on a schedule.
However Microsoft has taken it to an extreme; in my opinion. Here we have a nasty vulnerability that actually affects ALL but one of their operating systems [NT4.0 is not listed as affected, anyone get the relevance there] and they will not release a fix until next Tuesday ... as is scheduled for the next release.
Now if we took that approach with virus protection vendors there would be several that most of us would not use. True, some will release every time they have a new virus definition set built and some other virus protection vendors will only release once a week. HOWEVER, if a virus protection vendor finds that a particularly nasty virus is out there and it is affecting many clients they release virus definitions ASAP! If the virus protection vendor finds that their "fix" breaks an operating system like making Microsoft's Windows system blue screen at you [you know who you are too...grr] they release a "fix" for the "fix" ASAP. Usually the same day in hours if not by early the next day.
Now you have security experts creating and distributing a fix [what, a few days ago now] that is to protect you from the WMF vulnerability. True, I agree with Microsoft that you should not use a third party software to patch their OS but in situations like this where Microsoft has clearly taken a stance that the consumer just has to wait ... well ... We the consumer drive the market. Those of us in the U.S. also have this thing with "we want it and we want it now" mentality. Again, though, when it comes to corporate systems worldwide [let alone your personal PC with all it's personal data such as emails, media, and cooking recipes] let's face it, waiting more than a few days for a fix is not going to go over well.
So here are the questions:
1. What are your thoughts on using a third party fix to patch this vulnerability?
2. Are we waiting to long for a fix from Microsoft?
3. What are you doing to protect yourself from this latest vulnerability, if anything?
I would love to see replies to this and share it with some of my friends that work at Microsoft.
Not to long ago Microsoft instituted the month patch schedule. This was so Administrators, like myself, could plan better instead of seeing fixes randomly appear that we needed to test and see how they interacted within the corporate environment. It's sometimes nice to work on a schedule.
However Microsoft has taken it to an extreme; in my opinion. Here we have a nasty vulnerability that actually affects ALL but one of their operating systems [NT4.0 is not listed as affected, anyone get the relevance there] and they will not release a fix until next Tuesday ... as is scheduled for the next release.
Now if we took that approach with virus protection vendors there would be several that most of us would not use. True, some will release every time they have a new virus definition set built and some other virus protection vendors will only release once a week. HOWEVER, if a virus protection vendor finds that a particularly nasty virus is out there and it is affecting many clients they release virus definitions ASAP! If the virus protection vendor finds that their "fix" breaks an operating system like making Microsoft's Windows system blue screen at you [you know who you are too...grr] they release a "fix" for the "fix" ASAP. Usually the same day in hours if not by early the next day.
Now you have security experts creating and distributing a fix [what, a few days ago now] that is to protect you from the WMF vulnerability. True, I agree with Microsoft that you should not use a third party software to patch their OS but in situations like this where Microsoft has clearly taken a stance that the consumer just has to wait ... well ... We the consumer drive the market. Those of us in the U.S. also have this thing with "we want it and we want it now" mentality. Again, though, when it comes to corporate systems worldwide [let alone your personal PC with all it's personal data such as emails, media, and cooking recipes] let's face it, waiting more than a few days for a fix is not going to go over well.
So here are the questions:
1. What are your thoughts on using a third party fix to patch this vulnerability?
2. Are we waiting to long for a fix from Microsoft?
3. What are you doing to protect yourself from this latest vulnerability, if anything?
posted by Michael at 1/04/2006 09:58:00 AM
0 Comments:
Post a Comment
Links to this post:
Create a Link
<< Home