Microsoft Silently Patches…

Sure, the news that Microsoft silently patches vulnerabilities made the rounds. But honestly, who was surprised in the least? We’ve all known it is a common practice among many vendors, not just Microsoft. As you may have guessed, the reasoning behind this practice is a commonly heard justification:

“We want to make sure we don’t give attackers any [additional] information that could be used against our customers. There is a balance between providing information to assess risk and giving out information that aids attackers,” Mike Reavey said.

OK, we can buy that up to a certain point. So how about just saying “This patch also fixed X internally discovered vulnerabilities during internal audits.” At least give us an idea just how big the patch really is and help us figure out just how many vulnerabilities are being patched. That doesn’t give the bad guys enough information to act on.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: