Patches: What Do They All Mean?

My first alert to the batch of patches released yesterday was an e-mail from Microsoft PR with the numbers for seven new patches. Wanting to know what holes they fixed, I read the description of the first one, MS06-004: This hole "could allow an attacker to take complete control of an affected system." That sounded serious so I read the next one: The second hole "could allow an attacker to take complete control of an affected system." Hmm...Word's cut and paste seems to be working pretty well as all seven holes had the exact same description.

To find out more I had to wait for our roving reporter Stuart Johnston to dig up the details and post it on According to Stuart, while the flaws all allow for hacker control of your machine, the attacks can come through different vectors such as IE and Windows Media Player.

Do you like Patch Tuesday, and what would you do to improve the whole patching process? E-mail me at [email protected].

Symantec Touts Full Compliance Solution
I recently had lunch with a Symantec compliance exec where we talked about the piece-meal approach that IT is often forced to take to be in compliance. In answer to that, Symantec is poised to ship BindView Policy Manager 3.0, which the company claims solves a whole host of compliance problems. Policy Manager helps create and enforce policies, and pushes a single console that can track a number of items such as proper anti-virus protection. It also lets IT define Universal Controls so that a single policy can be used to enforce different compliance regulations.

How big a hassle is compliance and how do you handle it? Tell us at [email protected].

A Virtual Trio
So you think virtual machine software is a two-player game pitting the feisty VMware against the market share-buying Microsoft? Wrongo. SWsoft is also in the hunt with Virtuozzo. SWsoft doesn't pay much attention to clients: What it cares about are servers. To ease adoption of Virtuozzo for Windows 3.5.1, it just released a migration tool to shift from physical servers to virtual servers (that hopefully run on fewer physical boxes).

Do you use virtual machines and if so, what are the plusses and minuses? E-mail me at [email protected].

Borland Has Another New Plan
Borland is one interesting, confusing company, at least for an outsider like me. Started over two decades to sell a cheap version of Pascal, Borland became a real rival to Microsoft in spreadsheets and databases. After Excel and Access put the hurt on, Borland struggled for a new identity and even changed its name to something so dull and meaningless I can't even remember. Last week Borland transformed again, ditching its well-regarded line of developer tools and driving full bore into the application lifecycle management market. Hopefully the sell-off of the programming languages and IDE wares will pay for its $100 million purchase of Segue Software, an application lifecycle management vendor.

Subscribe to Redmond Report

This column was originally published in our weekly Redmond Report newsletter. To subscribe, click here.

Going Mobile
After a decade of poking around the periphery, Microsoft is starting to make big waves in the very center of the mobile space. Its core mobile OS is being picked up by more and more third parties (including Palm), partly because it is really beginning to work (don't get me started on my early attempts to use Windows CE -- those slick pieces of hardware crashed more than Billy Joel driving in the Hamptons).

Rounding out its growing portfolio, Microsoft just bought a French maker of mobile search software. As you may have guessed, Google and Yahoo are already in this game. But do Google and Yahoo have a full OS for mobile devices? I didn't think so!

About the Author

Doug Barney is editor in chief of Redmond magazine and the VP, editorial director of Redmond Media Group.


comments powered by Disqus

Subscribe on YouTube