Patch Tuesday is perhaps the most anticipated and feared day of the month for network administrators and security managers. They wait eagerly for the next batch of patches from Redmond, glad to have some protection against attacks on the vulnerabilities that have popped up since the previous month's release. But they dread it too, and with good reason, given the massive amount of work involved in rolling out a dozen or more patches to thousands of systems.
Known in some circles as Black Tuesday, the second Tuesday of each month in the last few years has become a kind of national day of mourning in the IT industry, as admins call all hands on deck and load up on pizza and Red Bull for the long night ahead. Microsoft moved to a monthly patch schedule after some pointed requests by large customers who were having a hard time dealing with the steady and unpredictable flow of patches. And many IT managers still say they like knowing exactly what's coming down the pike and when. Indeed, the monthly bulk patch release has served to increase awareness of available security fixes in both the enterprise and the consumer market.
But given all of that, I submit that it may be time to rethink the concept of Patch Tuesday.
-------------------------------
I have to agree with Dennis on this one. I understand why corporations like Patch Tuesday, but as Dennis stated, rarely are the patches applied right away anyways.
Plus, a good company should have multiple layers of defense against emerging evil.....this is why they don't have to patch right away in the first place. But what about all the "sitting ducks" on cable internet?
They are more open to spam, more open to phishing and normally have less defenses than big companies. And they definitively don't have a IT security staff waiting to help....
They are eaten alive and turned into zombies, producing more spam and botnets....they are the ones that need the patches ASAP. So lets get those patches to the people that need them most....the unaware and the defenseless (i.e., most of the general public).
Of course, I have been saying this for a while & I am sure I will say it again.
Microsoft Releases VML Patch (Sept 06)
Microsoft Word Unspecified Remote Code Execution - UPDATED (May 06)
No comments:
Post a Comment