Microsoft changed the mechanism for issuing patches
After a series of hackers quickly exploited security holes in Internet Explorer and customer grievances about delays in issuing patches, Microsoft is currently looking for a new direction in providing these. Faster security updates.
Hackers have begun spreading malicious code that exploits the latest security flaw in IE from the end of the week and so far there have been hundreds of malicious websites containing code that exploit this security error.
Meanwhile, Microsoft is still building a patch and is expected to release on April 11th. However, experts say Microsoft has been too slow to respond to serious security threats.
Todd Towles - a security consultant - said Microsoft has a "hold" of security patches to issue at the same time as the monthly security update. This may be harmful to users because they will not have a protective wall, especially home users.
Microsoft is currently looking for a new way to provide faster patches, although it currently has not provided trial and error security updates, Stephen Toulouse, a Microsoft security program manager, said "We will face a lot of challenges."
First of all is the issue of quality control. Microsoft must make sure that all security updates are compatible with many different systems.
The idea of releasing unsupported software is no stranger to Microsoft. Software developers have released many versions of its applications for testers for years. In the past few months Microsoft has become more transparent and agile in releasing upcoming product information.
Particularly careful testing process remains only for commercial software. But this process is not suitable for security patches. If Microsoft releases a patch for an unknown bug, it is probably the patch that is a tool to help hackers detect vulnerabilities and attack organizations.
But no matter what changes Microsoft has taken into consideration, the slow release has created a gap. But third parties have also been able to fill this gap.
With the new security flaw in IE, two security vendors provided temporary patches to protect users before the patch was officially released.
- Microsoft announced 12 more security patches
- Microsoft warns of a new security risk
- Microsoft will issue 12 security bulletins this month
- Microsoft patched a serious flaw in the .Net platform
- Microsoft summed up the year with 11 vulnerabilities
- Appeared source code to attack Microsoft products
- Microsoft changed Internet Explorer
- Microsoft: There are 7 patches in July
- Discover new vulnerabilities in Microsoft Office packages
- Microsoft changed the structure of the monthly patch notification message
- Microsoft patched 12 vulnerabilities in products
- Microsoft launched the prerequisites of Vista SP1