Silent, But Not Deadly
Every month, usually before and after the first Tuesday of the month, I bring you news of the latest public Microsoft patches. But not all patches are so public. There are also so-called "silent patches" that Microsoft releases without detailing.
What Microsoft does, according to a Shavlik patch exec, is pretty normal. Microsoft sees various vulnerabilities, or variants, and rolls the fixes into its monthly patch batch without spelling out all the details. A variant is where a common flaw is analyzed by hackers, who then attack closely related (but not always fixed) flaws.
In fact, Shavlik likes this approach. Variants are cured, and IT isn't overwhelmed with a bazillion patches to install.
What say you? Do you need each and every detail of each patch? Say it, don't spray it at email@example.com.
Posted by Doug Barney on 02/18/2011 at 1:18 PM