Where has the week gone? We started with a new pope, we’re still shaking out
issues with both Windows 2003 SP1 and Microsoft’s April patches, and I’ve decided that
turning Japanese is the way to go. At least when it comes to security bulletins,
It was just a few years ago that I complained that patch management shouldn’t
be something we have to think about to use a PC. I trust my local lube shop to
keep my car’s fluid levels topped off. I trust my lawn service to spray my lawn
with the appropriate treatment each month. And I trust my financial software to
keep my checkbook balanced. I wanted to trust someone else to keep my system
After a month with no security bulletins in March, it’s back to our normal
evaluation process. This month, in addition to eight security bulletins
available via Windows Update, we’ve got two nonsecurity patches, Windows 98 and Me re-releases — and, oh, did I happen to mention some
newfound browser insecurities?
The past week brought us a passle of work. Some of it is very worthwhile, to be
sure, but all of it is a bit more effort to add to our already-overburdened
Today is going to be FUD Roundup Day at the ‘ol Patch Corral. You’ve heard of
FUD, right? Fear, Uncertainty, and Doubt? Once used only in relation to IBM,
then in reference to Microsoft, it seems everyone likes to throw around a bit of FUD
to get us consumers upset and concerned.
Over ten years ago, I locked my keys in my car. It was the first time in my
life I had ever done this and I have never done it since. But, to this day, my
wife still asks me if I have the keys every time I shut the car door. A decade
of not locking the keys in my car has done little to gain her trust.
Last Friday, Microsoft gave me the word that I could take the day off. "No
patches for Tuesday!", came the word from the North. But before we all head
to the beaches or ski slopes or your favorite watering holes, does this truly
mean we are absolutely without issues and not vulnerable?
Those of us who manage Windows systems got a pleasant surprise this month: no
new patches for March! Could this be a trend? Unfortunately, not yet. We just
got lucky this time.
At least two critical Windows updates have been released recently Microsoft — but they’re not being picked up by
most patch-management software because the updates aren’t marked Microsoft as “security” updates.
The latest SMB patch means a little bit of not-so-friendly file sharing.
Since my last Patch Watch column, the good news is that we haven’t seen any exploits
or vulnerabilities targeting the Server Message Block (SMB) patch
MS05-011. The bad news is
there have been a few issues that have popped up, one with a resolution, one
still under investigation at this time.