Windows 7 - The potential dangers of Microsoft's secret patches

JMH · 05-07-2010

Quote:

Microsoft's security patches sometimes fix more problems than their descriptions let on. This is not a new problem, nor is it unique to Redmond. As much as anything else, it is a consequence of the way patches are produced: when a vendor is analyzing and fixing one flaw, they might well discover other flaws in the same piece of code, and their patch will fix the whole set.

However, research by one security company, Core Security Technologies, suggests that in so doing, Microsoft may be underplaying the significance of various patches, which may lead companies to be less aggressive in rolling out patches for critical flaws.

In particular, the company believes that secret fixes in two of last month's patches make the patches more important than Microsoft's bulletins suggest. It has issued its own bulletins to discuss the additional fixed flaws.

Core Security Technologies analyzes patches to produce attacks for use with its penetration software; it uses real exploits to detect network vulnerabilities. Attackers do the same: comparing patched files to unpatched files to learn exactly what was patched is a common technique, which is one of the reasons that accurate assessments and timely deployment are so important.

Source -
The potential dangers of Microsoft's secret patches

CarlTR6 · 05-07-2010

Good read. I can understand Microsoft's reluctance to publicize particular vulnerabilities; but there is another side of this coin. Microsoft seems to rely on the fact that a majority of users have automatic updates turned on; therefore, MS does not have to be specific. Some of us, however, screen, pick, and choose our updates. Accurate information would be helpful. INMO this update should have been labeled critical instead of important.

NoN · 05-07-2010

Sometimes better being cheat around to be better protected...I do trust entirely MS because i'm an end-user afterall...I doing the same trying to see if someone could possibly hack my computer.

The chase!
I'm playing dumbiest one and hope the hackers doing dumb aswell thinking that i'm the smartiest one playing the dumbiest one.

Win7User512 · 05-07-2010

Quote: Originally Posted by CarlTR6

Good read. I can understand Microsoft's reluctance to publicize particular vulnerabilities; but there is another side of this coin. Microsoft seems to rely on the fact that a majority of users have automatic updates turned on; therefore, MS does not have to be specific. Some of us, however, screen, pick, and choose our updates. Accurate information would be helpful. INMO this update should have been labeled critical instead of important.

I agree, there should be more transparency. I too like to choose every update I receive. Not everyone wants MSN Games updates or Outlook updates.

Joan Archer · 05-07-2010

They don't seem to class them critical now, they are either Recommended or Optional.

NoN · 05-07-2010

The probs that those are dig in download center and people are not always aware or does not takes the time to read MS bulletins...but it is a good point to let people choose, if they do know what's going on.

manhunter2826 · 05-08-2010

Same here. I've said before and I'll say again: I use my discretion and my judgment as to which updates to install. It does take a little bit more time to read the update info provided but it's time well spent IMO.
Thanks for the link JMH.

CarlTR6 · 05-08-2010

Quote: Originally Posted by manhunter2826

Same here. I've said before and I'll say again: I use my discretion and my judgment as to which updates to install. It does take a little bit more time to read the update info provided but it's time well spent IMO.
Thanks for the link JMH.

Well said!

darkfriday · 05-09-2010

Quote: Originally Posted by manhunter2826

Same here. I've said before and I'll say again: I use my discretion and my judgment as to which updates to install. It does take a little bit more time to read the update info provided but it's time well spent IMO.
Thanks for the link JMH.

Ditto.

pparks1 · 05-09-2010

Quote: Originally Posted by manhunter2826

Same here. I've said before and I'll say again: I use my discretion and my judgment as to which updates to install. It does take a little bit more time to read the update info provided but it's time well spent IMO.
Thanks for the link JMH.

That's a fine approach. I take the completely opposite approach and just leave automatic updates turned on and all things have been just fine for me over the years.