Another month, another Patch Tuesday. This month’s iteration will find Microsoft patching the zero-day flaw in XML Core Services, in addition to other flaws in Windows XP and Internet Explorer, some of which have been deemed “critical”. The company has not yet announced a fix for another zero-day flaw, in Visual Studio 2005, which was identified last month.

I think it’s worth questioning if this whole “Patch Tuesday” thing is really a good idea. While it makes life easier for IT folks (who would otherwise have to identify and install patches on a patch-by-patch basis) it also makes life easier for hackers, who probably know that they have a set window of opportunity for exploiting vulnerabilities until they are patched. As in the case of Visual Studio, Microsoft sometimes even extends the deadline for hacker submissions, so to speak. Is it really wise for the company to address security concerns on a monthly schedule when exploits are being released every day? Let me know what you think in the comments section.

For more on November’s Patch Tuesday:
– see this ZDnet article