Microsoft patches XML flaw, still no Visual Studio fix

Another month, another Patch Tuesday. This month’s iteration will find Microsoft patching the zero-day flaw in XML Core Services, in addition to other flaws in Windows XP and Internet Explorer, some of which have been deemed “critical”. The company has not yet announced a fix for another zero-day flaw, in Visual Studio 2005, which was identified last month.

I think it’s worth questioning if this whole “Patch Tuesday” thing is really a good idea. While it makes life easier for IT folks (who would otherwise have to identify and install patches on a patch-by-patch basis) it also makes life easier for hackers, who probably know that they have a set window of opportunity for exploiting vulnerabilities until they are patched. As in the case of Visual Studio, Microsoft sometimes even extends the deadline for hacker submissions, so to speak. Is it really wise for the company to address security concerns on a monthly schedule when exploits are being released every day? Let me know what you think in the comments section.

For more on November’s Patch Tuesday:
– see this ZDnet article

More stories about Zero-Day Exploits   Windows XP   Vulnerabilities   Patches   Microsoft Visual Studio   Microsoft   Internet Explorer (IE)   Hacking  


Post new comment

The content of this field is kept private and will not be shown publicly.

More information about formatting options

What is 58 + 15?
To combat spam, please solve the math question above.