Full Disclosure mailing list archives
RE: The new Microsoft math: 1 patch for 14 vul nerabilities, MS04-011
From: Tremaine Lea <tremaine.lea () sjrb ca>
Date: Wed, 14 Apr 2004 13:39:31 -0600
-----Original Message----- From: Tim [mailto:tim-security () sentinelchicken org] Sent: Wednesday, April 14, 2004 9:38 AM To: Edward W. Ray Cc: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] The new Microsoft math: 1 patch for 14 vulnerabilities, MS04-011
<snip>
Yeah, this is pretty disgusting.
Seemingly harmless in application, but when you consider features often creep into patches in M$ software, it makes it extremely difficult to test a single mega-patch like this on a few thousand systems with different configurations and custom software installations. I can tell you first hand, that dealing with them in bunches severely slows the patch release process in enterprise environments. And I don't buy "its easier if it is all together". If your patch management system doesn't suck, any number of seperate patches can be applied just as easily as a subset of them. tim
This merely begs the question, why do they not then release the patches as both? A single "patch'em all" one for single users and those who can afford to implement patches this way, and a broken out set of the patch that can be more thoroughly tested in larger scale environments where the big patch solution doesn't work. Tremaine _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: The new Microsoft math: 1 patch for 14 vul nerabilities, MS04-011 Kim Oppalfens (Apr 14)
- Re: The new Microsoft math: 1 patch for 14 vul nerabilities, MS04-011 Dave Sherohman (Apr 14)
- <Possible follow-ups>
- RE: The new Microsoft math: 1 patch for 14 vul nerabilities, MS04-011 Tremaine Lea (Apr 14)
- RE: The new Microsoft math: 1 patch for 14 vul nerabilities, MS04-011 Ron DuFresne (Apr 14)
- RE: The new Microsoft math: 1 patch for 14 vul nerabilities, MS04-011 Ng, Kenneth (US) (Apr 15)