Patch Happy
**It's guest columnist time! Doug Barney is traveling this week, so filling
his chair today is Michael Desmond, former editor-at-large of Redmond
and founding editor of our newest publication, Redmond
Developer News. Stay tuned for more guest columnists throughout the
week.**
IT managers might still be scrambling after last Tuesday's out-of-band patch
to fix the urgent Windows Animated Cursor Handling flaw. Now we learn that tomorrow's
scheduled patch will likely offer five Windows fixes, including at least
one that merits a "critical" designation.
Some of the new patches will likely require a system restart, which could make
life a bit complicated as IT managers try to sequence things so that services
and servers don't fall offline. The critical update, targeting Microsoft Content
Management Server, also demands a reboot.
Finally, some folks have expressed outrage that the animated cursor flaw had
apparently been known to Microsoft for months. While the delayed remediation
allowed an exploit to emerge, Microsoft
in a blog posting contends that the time on task allowed Redmond to fix
a series of vulnerabilities related to the flaw.
As ever with these urgent patches, it all seems to come down to a precarious
balancing act. Does Microsoft rush patches to fill a hole before it can be attacked,
and risk breaking or missing something critical in the process? Or should it
take the time to build a more durable and manageable fix, knowing that the delay
could leave systems wide open to attack?
What's your preference? Tell us at dbarney@redmondmag.com.
Posted by Michael Desmond on April 09, 2007