Beware of undisclosed Microsoft patches

Summary:My blogging colleague Ryan Naraine offers up some interesting food for thought regarding Microsoft's philosophy behind disclosing (or not disclosing) all of the vulnerabilities it is fixing via its patches. What do you think of Redmond's practice of silently fixing certain security breaches?

My blogging colleague Ryan Naraine offers up some interesting food for thought regarding Microsoft's philosophy behind disclosing (or not disclosing) all of the vulnerabilities it is fixing via its patches.

Microsoft is, admittedly, silently patching certain vulnerabilities. The practice isn't unique to Microsoft, as Naraine notes. But it is controversial. Microsoft says it is doing this to thwart "the bad guys." But the silent patching also makes IT administrators' jobs more complicated.

From Naraine's blog post:

“You’re not fooling exploit writers with silent fixes. You’re only fooling your customers,” says Marc Maiffret, co-founder of eEye Digital Security.

Forget for a moment whether Microsoft is throwing off patch counts that Microsoft brass use to compare its security record with those of its competitors. What do you think of Redmond's silent patching practice?

Topics: Microsoft, Security

About

Mary Jo Foley has covered the tech industry for 30 years for a variety of publications, including ZDNet, eWeek and Baseline. She is the author of Microsoft 2.0: How Microsoft plans to stay relevant in the post-Gates era (John Wiley & Sons, 2008). She also is the cohost of the "Windows Weekly" podcast on the TWiT network. Got a tip? Se... Full Bio

Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.