Newsletter Archives

  • The perils of shouting “fire” in a crowd of PC patchers

    Posted on January 30, 2020 at 11:26 CST by Comment in the Forums

    It happens over and over again. Microsoft releases a patch and the world panics. Dire predictions of doom stampede Windows customers into installing patches, like, yesterday. Then — poof! — the threat disappears. The news cycle changes and nobody hears about the big, bad security hole. Who gets hurt when the industry cries “Wolf!”?

    Diatribe in Computerworld Woody on Windows.

    Windows Patches/Security

  • The little AV vendor who cried “wolf”

    Posted on April 22, 2008 at 06:04 CDT by Comment in the Forums

    Remember the hubub about MS08-021 – those dire predictions of doom if you didn’t immediately apply this month’s Black Tuesday crop of patches?

    Guess what? The sky didn’t fall. The Internet didn’t crawl to a halt. A gazillion computers didn’t turn into zombies. While the MS08-021 security bulletin patches a very real hole in GDI, cretins haven’t yet figured out how to take advantage of it. The breathless articles that urged you to apply the patch immediately were a bit, uh, premature.

    Symantec, which led the “sky is falling” chorus, now says:

    Patches for the recently exploited Microsoft Windows GDI Stack Overflow Vulnerability (BID 28570) have been available via the Microsoft Security Bulletin MS08-021for over a week. No new reports of in-the-wild exploitation of the flaw are known; the previous attacks we reported on are known to have been unreliable and not significantly widespread.

    Golly. Sounds like something I heard ten days ago.

    SANS reports that the “patch window” – the gap between the time Microsoft releases a Security Bulletin and the time cretins come up with a working exploit – “is gone.” Sorry, but I don’t see any evidence that the fancy new reverse-compilation techniques are cracking things any faster.

    I don’t see any reason to apply the April Black Tuesday patches just yet. There are still many reported problems. As long as you’re using Firefox, I can’t see any reason to apply the patches. Let them stew.

    We remain at MS-DEFCON 2: Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it.

    Windows Patches/Security
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    March 2025
    S M T W T F S
     1
    2345678
    9101112131415
    16171819202122
    23242526272829
    3031  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.