Security Watch

Adobe Patch Irks Windows Users

Plus: Microsoft's "Morro"; U.S. Senator ticked at cyber coordinator role.

Microsoft and Adobe Systems both had huge patch roll outs last week. For its part, Adobe recently decided it would be wise to latch on to Microsoft's Patch Tuesday event given that many Windows users also use Adobe Acrobat's .PDF files and other applications. Last Tuesday was Adobe's first scheduled security update under its new quarterly release cycle, and thirteen CVEs vulnerabilities were patched along with several issues Adobe discovered.

But apparently for some Windows users the process in the past hasn't been all that seamless. Microsoft has interoperability mechanisms that allow third-party software updates to be pushed via enterprise patch management tools, namely Systems Center Operations Manger and Configuration Manager. Adobe had been making use of these configuration tools to push out its own updates on the backs of Windows .msp files -- files for updating the OS that includes with security updates or Microsoft hotfixes -- for easy patching.

According to certain user forums, such as the link listed above, there is something on Microsoft's end that causes some third-party patch inventory to crash when a user attempts to parse and add them.

Microsoft has stated it will take months to release a fix and continued this assertion when reached for comment.

Security experts who commented but requested anonymity contend that Redmond may be increasing the risk to enterprise customers by taking so long to fix a pivotal segue tool, creating the opportunity for such a problem scenario to recur.

Microsoft Ramps Up "Morro"
Microsoft called it a breakthrough in security software. Symantec called it a capitulation and an admission that OneCare flopped and proof-positive that stand-alone security products are "not in Microsoft's DNA."

Despite the vicious salvos from defensive competitors, Redmond said this week it is moving forward with increased testing of its free antivirus software program, but still didn't give a definitive date for a public rollout. The original announcement pegged the release for "late 2009."

Critics, especially those coming from competitors, see this as a makeover for the much ballyhooed Windows Live OneCare, rather than a fresh, new product launch.

Back in November when the initiative was announced, security pros told me that it was essentially OneCare reframed.

Time will tell what the new AV initiative does to the marketplace, because it's free. Also, it remains to be seen how enterprise users will react to it.

U.S. Senator Ticked at Role of Cyber Coordinator
Microsoft's head of cyber security Scott Charney is said to be a leading candidate for President Barack Obama's new cybersecurity coordinator position. But the word around the blogosphere is that he likely won't leave and then deal with the jockeying for position among private- and public-sector stakeholders -- to say nothing of, well, those pesky threats to cybersecurity domestically and globally.

Indeed, the challenges for whoever takes the helm as President Barack Obama's new cyber coordinator will be complex, because of the unseen enemies that are hackers, the vastness of the Internet and the automation of malware. But before any of those issues are tackled, there are notable political considerations based on what emerged this week.

Sen. Joseph Lieberman, who is acting chair of the Senate Committee on Homeland Security and Governmental Affairs, said he fears that a new "cybersecurity czar" will "undercut the role of the Department of Homeland Security."

The White House responded in a statement saying there will be "no realignment of roles and mission for the [DHS]," and the department's operational role will not be undercut."

It's likely that this debate about the role and scope of the position will continue on Capitol Hill as well as in the confines of the private sector. Meanwhile, notwithstanding resistance around lawmakers and turf-protecting bureaucrats, there will still be the nagging questions of IT security to be addressed once the candidate is hired and shows up on his or her first day on the job.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.


  • Industrial Control System Honeypot Illustrates Bad Security Practices

    Security solutions provider Trend Micro has published results (PDF) from running an industrial control system (ICS) "honeypot."

  • Ransomware: What It Means for Your Database Servers

    Ransomware affects databases in very specific ways. Joey describes the mechanics of a SQL Server ransomware attack, what DBAs can do to protect their systems, and what security measures they should be advocating for.

  • Windows Admin Center vs. Hyper-V Manager: What's Better for Managing VMs?

    Microsoft's preferred interface for Windows Server is Windows Admin Center, but can it really replace Hyper-V Manager for managing virtual machines? Brien compares the two management tools.

  • Microsoft Offers More Help on Windows Server 2008 Upgrades

    Microsoft this week published additional help resources for organizations stuck on Windows Server 2008, which fell out of support on Jan. 14.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.