Microsoft Patch Tuesday Targets Windows Bugs

After Google went public with a Microsoft Windows flaw just days before Redmond issued the fix, itEUs not surprising that JanuaryEUs Patch Tuesday is hyper-focused on the flagship operating system.

Microsoft on Tuesday issued eight security updates. One is rated critical and seven are rated important. The updates address vulnerabilities in Windows OS and Windows Server. One of the patches fixes a zero-day flaw in Windows that Google disclosed on Monday as part of its Project Zero initiative that aims to press firms to address security issues more rapidly. Microsoft was less than thrilled since it was already moving pretty swiftly to handle the issue.

The fact that today's Patch Tuesday is focused solely on Windows bugs is a departure from recent Patch Tuesdays that have focused heavily on Internet Explorer (IE). But this Patch Tuesday also marks another important change: the end to the Advanced Notification Service. Security analysts are bemoaning MicrosoftEUs move to nix this disclosure.

Microsoft Reverses Strategies

Ross Barrett, senior manager of security engineering at IT security firm Rapid7, told us MicrosoftEUs January 2015 Patch Tuesday marks the start of a new era.

EUIt seems that MicrosoftEUs trend towards openness in security has reversed and the company that was formerly doing so much right, is taking a less open stance with patch information,EU he said. EUIt is extremely hard to see how this benefits anyone, other than, maybe who is responsible for support revenue targets for Microsoft.EU

Russ Ernst, director, product management at IT security firm Lumension, called it an unfortunate change. EUEven with many organizations making the transition to automate the tactical steps of testing and deploying updates, the lack of notification does impact the ability for CIOs and senior management to strategically plan for the impact of these changes to their environment," he said. Microsoft could not immediately be...

Comments are closed.