March Patch Madness
This has been a fun month with all the Daylight Saving Time patching from a myriad of vendors. (I wonder if anyone has done a study to see how much energy we burned preparing to save three more weeks of daylight?)
Although Microsoft is the favorite whipping boy in these situations, they weren't the only vendor that was slow to provide solid guidance or patches across their platforms. Actually, they did well on the OS level, but Exchange and Outlook patches felt like they were being changed hourly at one point.
We had to deal with patches from Sun, RIM (Blackberry), Oracle, and Apple -- among other large vendors -- and they weren't all timely or bug-free. They all need to improve in this area.
Quite possibly because of all this activity, Microsoft has elected to forgo Patch Tuesday for March. Another reason could be the sneaky release last night of Service Pack 2 for Windows 2003 (including R2) and XP x64 edition.
Apple also released what could essentially be described as a Service Pack, with fixes for both OS 10.3 and 10.4. Apple has been rather busy with security fixes, of late.
Now, Microsoft needs to start working on a fix for a kernel flaw that had previously been deemed a low-priority vulnerability with some DoS potential, but which now has a proof of concept (PoC) exploit which provides local elevation of rights.
Let's hope that more businesses will take the time to dedicate some time each month, across all business units, to ensure maintenance of the technology that is very critical to their business. This includes patch management, and not just enhancements...