Full Disclosure mailing list archives
Re: The new Microsoft math: 1 patch for 14 vulnerabilities, MS04-011
From: Tim <tim-security () sentinelchicken org>
Date: Wed, 14 Apr 2004 08:37:44 -0700
I use Linux, OpenBSD and Windows in my enterprise. Linux and OpenBSD use the "1 patch for 1 vulnerability" rule. Seems to me that MS is bunching their patches together in order to make it seem on the surface that Windows has less patches than other Oses, therefore it is more secure. CIOs, take note.
Yeah, this is pretty disgusting. Seemingly harmless in application, but when you consider features often creep into patches in M$ software, it makes it extremely difficult to test a single mega-patch like this on a few thousand systems with different configurations and custom software installations. I can tell you first hand, that dealing with them in bunches severely slows the patch release process in enterprise environments. And I don't buy "its easier if it is all together". If your patch management system doesn't suck, any number of seperate patches can be applied just as easily as a subset of them. tim _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: The new Microsoft math: 1 patch for 14 vulnerabilities, MS04-011, (continued)
- Re: The new Microsoft math: 1 patch for 14 vulnerabilities, MS04-011 Curt Purdy (Apr 14)
- Re: The new Microsoft math: 1 patch for 14 vulnerabilities, MS04-011 Exibar (Apr 14)
- Re: The new Microsoft math: 1 patch for 14 vulnerabilities, MS04-011 Dave Horsfall (Apr 14)
- Re: The new Microsoft math: 1 patch for 14 vulnerabilities, MS04-011 Rick Updegrove (Apr 14)
- Re: The new Microsoft math: 1 patch for 14 vulnerabilities, MS04-011 Byron Copeland (Apr 14)
- Re: The new Microsoft math: 1 patch for 14 vulnerabilities, MS04-011 FlowerPower (Apr 15)
- Re: The new Microsoft math: 1 patch for 14 vulnerabilities, MS04-011 madsaxon (Apr 14)
- Re: The new Microsoft math: 1 patch for 14 vulnerabilities, MS04-011 Exibar (Apr 14)
- RE: The new Microsoft math: 1 patch for 14 vulnerabilities, MS04-011 Edward W. Ray (Apr 14)
- Re: The new Microsoft math: 1 patch for 14 vulnerabilities, MS04-011 Dkr. Armand Geddyn (Apr 15)