Beware of undisclosed Microsoft patches

My blogging colleague Ryan Naraine offers up some interesting food for thought regarding Microsoft's philosophy behind disclosing (or not disclosing) all of the vulnerabilities it is fixing via its patches. What do you think of Redmond's practice of silently fixing certain security breaches?

My blogging colleague Ryan Naraine offers up some interesting food for thought regarding Microsoft's philosophy behind disclosing (or not disclosing) all of the vulnerabilities it is fixing via its patches.

Microsoft is, admittedly, silently patching certain vulnerabilities. The practice isn't unique to Microsoft, as Naraine notes. But it is controversial. Microsoft says it is doing this to thwart "the bad guys." But the silent patching also makes IT administrators' jobs more complicated.

From Naraine's blog post:

“You’re not fooling exploit writers with silent fixes. You’re only fooling your customers,” says Marc Maiffret, co-founder of eEye Digital Security.

Forget for a moment whether Microsoft is throwing off patch counts that Microsoft brass use to compare its security record with those of its competitors. What do you think of Redmond's silent patching practice?

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All