In an e-mail, Microsoft said it had originally planned to patch the flaw on April 10 as part of its regular monthly security update, but now it plans to release the patch Tuesday because of the public exploit.
"Since testing has been completed earlier than anticipated, Microsoft has released the update ahead of schedule to help protect customers," a Microsoft representative said in an e-mail.
The software maker said its analysis of the data suggests that "the attacks and customer impact is limited," but the company said that it encourages customers to download the patch when it is made available. Consumers that have Windows' automatic update feature turned on will get the patch automatically. The patch can also be downloaded manually.
Microsoft said it is working with law enforcement to track down the attackers.
The first story I read on this flaw last week said that MS has been aware of it since January . . . They wait till it's publicly exploited to release an "early" patch?
I support Microsoft releasing patches when they know about problems, not simply an arbitrary time of the month. As a sysadmin, it's up to you to protect the systems you are responsible for, and maybe you should have an automatic update rollout system in place.
no authority or company should recommend a third party patch to the public, this is to prevent a trend of malicious files claiming to be an official vendor patch from being distributed across the world via the internet.
as useful as they are to private users and some corporate environments and official security sources, there should be no doubt that no recommendation to use the patch should be made within the public domain directed at the public at large.
microsoft should each and every time ZERT, for example, release a third party patch, they (microsoft) should straight away come out to the public domain and condemn each instance of a patch to counter-act each media or unofficial security source who tries to link to the patch from news articles and blog reports.
additionally, ZERT shouldn't offer the patch to the public domain, they should setup their own infrastructure and technologies, so only corporate, private and _official_ security sources can get the availability of the patch.
for ZERT, there could be a business model and profit to be made by offering a proof of concept patch before an official patch to corporate, private and official security sources, but _not_ to the public at large.
additionally, no _official_ security source should ever recommend these patches to the public at large, unless you're not bothered about being counter productive on your mission critical.
if youre an official commerical security outlet you can, of course, like i recommended to ZERT, create a business model around these third party patches, to distribute these to corporate, private and official security sources, although you shouldn't be in the business of going against microsoft patch policy as far as _public_ outletting is concerned.
keep the third party patches for private, corporate and security sector and stop making them available to just any tom dick and harry, the security threat is mind bloggling! at least from n3td3v's prospectus of the situation.
its a question of ethics and the above are mine.
the cut and snip crowd will of course be out to analyse and dissect everything thats been said, but f* off..... i'm right your wrong!!!
If the 3rd-party patch comes from a source trusted by myself or by someone else that I explicitly trust, no problem - I'll use it (moreso if I can parse the source code for the patch first).
The only real issue I see on 3rd-party patches is compatibility. You put it in, and the OS/app vendor is still not obligated to make sure that anything they do in the future is compatible with the 3rd party patch you put in. This means that in closed-source environments, things can possibly break.
What is the point of ragging on MS? No company on this planet is perfect. ANYTHING created by human beings will be flawed in one way or another.
Also, how is it MS's fault that unscrupulous and ignorant individuals take advantage of technology? Do we blame the inventor of e-mail for SPAM? Heck, do we blame all the people who brought us Internet technology for all the mayhem and problems that people who are looking to make a quick buck cause?
Human beings have an insane instinct to see those who are "On Top" come tumbling down to the bottom of the barrel. If MS Windows wasn't installed on Over 90% of computers around the world, then it would be some other OS and people would still complain about that!
Bill Gates is FILTHY RICH because he focuses on the Big Picture. Business is not about pleasing all of the people all of the time. Business is about pleasing enough people to make a fortune and keeping those people pleased to continue making a fortune.
Apple is not as big as MS, but they still make money by pleasing enough people to keep them in business so they keep making money.
If MS closed shop today, who do you think would take over? We have two viable choices as far as I can see: Apple or Linux. Apple would most likely win, becuase Linux is too confusing for the average user. Then Apple would be in the same spot as MS.
All in all, people are just never satisfied and will always find something to complain about, no matter how trivial or insignificant that "something" may be.
I do not work for MS and I am not an advocate for MS. All I want from MS are products that will help me get what I need to get done faster and more efficient. End.
I couldn't agree with you more. Well said, on all points across the board. The business situation today demands that ONE standard OS, and a common set of standards for applications installed on that OS, exists, and only that will succeed.
People, especially tech heads, will always find something to ***** about. That goes double for anything PC related that's marketed to the mass market.
Wonderful! Excellent and right to the point! Why do I not see Remington blamed for all the people using their shotguns to rob banks? Or FORD for all the runaway cars? Or city counsels for pickpocketing and pilfering in the streets? People shall always be people!
Apple says it's got a third-party group looking for issues at manufacturing partners it uses. Read CNET's FAQ to find out how we got here, and what the next steps are.
Tommy Jordan, the man who shot his daughter's laptop for YouTube, gets a visit from police and child protection services. Oh, and Good Morning America.
Proposal provides $140 billion for research and development of technologies such as clean energy, wireless communications, and cybersecurity--a 5 percent increase over 2012.
Along with green-lighting Google's buy of Motorola, the Justice Department today OKs an Apple-Microsoft-RIM partnership deal to buy Nortel patents, and Apple's plan to acquire Novell patents.
There are a lot of things that AT&T's humongous Samsung Galaxy Note smartphone is, like a digital memo pad, a medium-size reader, and a great photo companion.
EnerG2 opens a plant to make an engineered carbon that will improve performance of energy storage devices and make storage for start-stop hybrid cars less expensive.
aware of it since January . . . They wait till it's publicly exploited to
release an "early" patch?
Your point is?
Your point is?
no authority or company should recommend a third party patch to the
public, this is to prevent a trend of malicious files claiming to be
an official vendor patch from being distributed across the world via
the internet.
as useful as they are to private users and some corporate environments
and official security sources, there should be no doubt that no
recommendation to use the patch should be made within the public
domain directed at the public at large.
microsoft should each and every time ZERT, for example, release a
third party patch, they (microsoft) should straight away come out to
the public domain and condemn each instance of a patch to counter-act
each media or unofficial security source who tries to link to the
patch from news articles and blog reports.
additionally, ZERT shouldn't offer the patch to the public domain,
they should setup their own infrastructure and technologies, so only
corporate, private and _official_ security sources can get the
availability of the patch.
for ZERT, there could be a business model and profit to be made by
offering a proof of concept patch before an official patch to
corporate, private and official security sources, but _not_ to the
public at large.
additionally, no _official_ security source should ever recommend
these patches to the public at large, unless you're not bothered about
being counter productive on your mission critical.
if youre an official commerical security outlet you can, of course,
like i recommended to ZERT, create a business model around these third
party patches, to distribute these to corporate, private and official
security sources, although you shouldn't be in the business of going
against microsoft patch policy as far as _public_ outletting is
concerned.
keep the third party patches for private, corporate and security
sector and stop making them available to just any tom dick and harry,
the security threat is mind bloggling! at least from n3td3v's
prospectus of the situation.
its a question of ethics and the above are mine.
the cut and snip crowd will of course be out to analyse and dissect
everything thats been said, but f* off..... i'm right your wrong!!!
n3td3v
<a class="jive-link-external" href="http://n3td3v.googlepages.com" target="_newWindow">http://n3td3v.googlepages.com</a>
"the cut and snip crowd will of course be out to analyse and dissect
everything thats been said, but f* off..... i'm right your wrong!!!"
What's up with that? Grow up.
The only real issue I see on 3rd-party patches is compatibility. You put it in, and the OS/app vendor is still not obligated to make sure that anything they do in the future is compatible with the 3rd party patch you put in. This means that in closed-source environments, things can possibly break.
/P
Also, how is it MS's fault that unscrupulous and ignorant individuals take advantage of technology? Do we blame the inventor of e-mail for SPAM? Heck, do we blame all the people who brought us Internet technology for all the mayhem and problems that people who are looking to make a quick buck cause?
Human beings have an insane instinct to see those who are "On Top" come tumbling down to the bottom of the barrel. If MS Windows wasn't installed on Over 90% of computers around the world, then it would be some other OS and people would still complain about that!
Bill Gates is FILTHY RICH because he focuses on the Big Picture. Business is not about pleasing all of the people all of the time. Business is about pleasing enough people to make a fortune and keeping those people pleased to continue making a fortune.
Apple is not as big as MS, but they still make money by pleasing enough people to keep them in business so they keep making money.
If MS closed shop today, who do you think would take over? We have two viable choices as far as I can see: Apple or Linux. Apple would most likely win, becuase Linux is too confusing for the average user. Then Apple would be in the same spot as MS.
All in all, people are just never satisfied and will always find something to complain about, no matter how trivial or insignificant that "something" may be.
I do not work for MS and I am not an advocate for MS. All I want from MS are products that will help me get what I need to get done faster and more efficient. End.
People, especially tech heads, will always find something to ***** about. That goes double for anything PC related that's marketed to the mass market.
Excellent and right to the point!
Why do I not see Remington blamed for all the people using their shotguns to rob banks?
Or FORD for all the runaway cars?
Or city counsels for pickpocketing and pilfering in the streets?
People shall always be people!
/P