X
Business
Home Business Companies Microsoft

Beware of undisclosed Microsoft patches

My blogging colleague Ryan Naraine offers up some interesting food for thought regarding Microsoft's philosophy behind disclosing (or not disclosing) all of the vulnerabilities it is fixing via its patches. What do you think of Redmond's practice of silently fixing certain security breaches?
Written by Mary Jo Foley, Senior Contributing Editor

My blogging colleague Ryan Naraine offers up some interesting food for thought regarding Microsoft's philosophy behind disclosing (or not disclosing) all of the vulnerabilities it is fixing via its patches.

Microsoft is, admittedly, silently patching certain vulnerabilities. The practice isn't unique to Microsoft, as Naraine notes. But it is controversial. Microsoft says it is doing this to thwart "the bad guys." But the silent patching also makes IT administrators' jobs more complicated.

From Naraine's blog post:

“You’re not fooling exploit writers with silent fixes. You’re only fooling your customers,” says Marc Maiffret, co-founder of eEye Digital Security.

Forget for a moment whether Microsoft is throwing off patch counts that Microsoft brass use to compare its security record with those of its competitors. What do you think of Redmond's silent patching practice?

Editorial standards
Show Comments

Related

Anker Solix X1

Not into the Tesla Powerwall? You can now buy the Anker Solix X1

GOTRAX 4 electric scooter

The Jackery Explorer 1000 is one of the best portable power stations you can buy, and it's on sale

AI coding concept

Can Meta AI code? I tested it against Llama, Gemini, and ChatGPT - it wasn't even close