Security's Everyman

Security's Everyman

Monday, September 17, 2007

Microsoft "Patch Hole" Poll

Here is this weeks poll.

The Microsoft "Patch Hole"

1) Big deal that must be closed
2) Not a big deal, let it be
3) I'm a Mac
4) Linux rules!

I'll tell you my vote right up front. This is a big deal and Microsoft must close it. This is nothing less than a back door into our systems. It is irresponsible for any company to do something such as this. In this day in age with hackers being smarter than ever there is NO excuse for this.


Rick said...

The guy that "exposed" this "security hole" had automatic updates AU enabled, but set for manual install. That is different from not enabling AU.

There are four states for AU: (1) download and install automatically (2) download and manual install (ask for permission to install) (3) don't download, but alert me to updates (4) totally disable AU.

The guy had *not* disabled AU with the #4 setting. He had #2 or #3 enabled. So AU was active, it went to the AU site (like it was told to with his settings) and found an update for AU, which was installed.

The program that updated was the automatic update program itself.

So he had automatic updates enabled, so automatic updates updated itself, just like it was supposed to. No other non-AU updates were installed.

The guy needs to get (and report) his facts properly. There would be a story if he had totally disabled AU.

A bit of investigation is in order, rather than just parroting reports.

Andy, ITGuy said...

Rick, Thanks for the update on this. I was not aware of the Microsoft response. I still have an issue with them updating this w/o notifying the user. There is no reason that this could not be handled just like other updates. They could just as easily notified users via balloon message, or some other way that the WU software needed to be updated.

Creative Commons License
This work is licensed under a Creative Commons Attribution-NC-SA 3.0.