With Microsoft announcing 12 new updates this week — 8 of them rated critical — it was a busy Patch Tuesday for many of us. But even with all these updates, few people have so far reported serious problems after installing them. Is Microsoft starting to get the hang of this patching stuff?
Ever since my first copy of Windows NT 3.5, patching has been a confusing and scary ritual that we admins had to regularly endure. Only in the last couple years have we had reliable patch management software to ease much of the pain.
Fortunately, Microsoft is getting better at it. The company’s update strategy
is showing signs of maturity. This month’s rather smooth updates are a testament to this.
But don’t get too comfortable yet; there’s always something that doesn’t go as planned. Secrets of updating ASP.NET
Microsoft finally released a patch to an issue brought up several months ago regarding ASP.NET authentication. At that time, someone publicly announced the problem rather than reporting it to Microsoft. This forced Microsoft to hastily issue a workaround
, which successfully blocks the attack.
So, you might ask, why is it necessary to install this update if you are already blocking the attack?
The answer is that this attack can be carried out in other ways, besides the one that was made public.
The workaround blocks the attack, but