March Patch Madness
This has been a fun month with all the Daylight Saving Time patching from a myriad of vendors.
(I wonder if anyone has done a study to see how much energy we burned preparing to save three more weeks of daylight?) Although Microsoft is the favorite whipping boy in these situations, they weren't the only vendor that was slow to provide solid guidance or patches across their platforms. Actually, they did well on the OS level, but Exchange and Outlook patches felt like they were being changed hourly at one point.
We had to deal with patches from Sun, RIM (Blackberry), Oracle, and Apple -- among other large vendors -- and they weren't all timely or bug-free. They all need to improve in this area.
Quite possibly because of all this activity, Microsoft has elected to forgo Patch Tuesday for March. Another reason could be the sneaky release last night of Service Pack 2 for Windows 2003 (including R2) and XP x64 edition.
Apple also released what could essentially be described as a Service Pack, with fixes for both OS 10.3 and 10.4. Apple has been rather busy with security fixes, of late.
Now, Microsoft needs to start working on a fix for a kernel flaw that had previously been deemed a low-priority vulnerability with some DoS potential, but which now has a proof of concept (PoC) exploit which provides local elevation of rights.
Let's hope that more businesses will take the time to dedicate some time each month, across all business units, to ensure maintenance of the technology that is very critical to their business. This includes patch management, and not just enhancements...
About Logik!
Andrew S. Baker aka ASB aka Logik!
Andrew is an accomplished, hands-on IT Executive with a solid track record of providing timely and cost-effective business solutions using technology. With over 16 years experience in Information Technology, he has proven to be effective both as a Team Leader and as an individual contributor in designing, deploying, securing and maintaining enterprise networks.
His personal interests include Astronomy, Basketball, Bible Study, Chess, Comics, Computers,
Family Life Ministries, Reading and Strategy/Role Playing games...
Some of his contributions include several whitepapers on technology and Information Security, the UltraTech Knowledgebase, various postings to technology mailing lists and forums, active participation on LinkedIn Answers, along with a number of interviews for articles published in industry magazines.
A condensed version of
Andrew's current resume is available here.