« Poor Access Controls Can Harm Any Sized Company | Main | Encryption Breakthrough »

To most people, patch Tuesday means a chance to shore up their Microsoft programs and hopefully make their desktops more secure. For hackers, it means Microsoft is pretty much finished fixing their vulnerabilities for a month, so why not maximize the time they have for the next series of exploits. So, according to Brian Krebs Security Fix, as regular as patch Tuesday has become, the day after has become known as exploit Wednesday.

The day or two after, the hacker bulletin boards light up with the newest found flaws. Just yesterday hackers revealed a serious flaw in the Powerpoint files of Office 2003, which means someone up-to-no-good can install malicious software on your computer just by having you open a document. For it's part, Microsoft has acknowledged reports of a possible vulnerability.

To me, it seems like it's time to stop this too predictable cycle. While I know it's not practical to have IT administrators updating their systems daily, and it is good to have a deadline for patches, it's not like we're ever likely to see the following announcement from our IT Admins: Employees, please turn off your computers between 3 and 4 PM today because cyber criminals have told us they're going to be launching an attack. Microsoft needs to adopt an approach that is as dynamic and unpredictable as those of the hackers.

Posted by pschooff in Hackers • Microsoft • Patches |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/807