Microsoft "Patch Tuesday" Fixes 10 Vulnerabilities

As expected, yesterday Microsoft rolled out five "critical" and three "important" patches for Windows Server 2008, Vista, Office, Internet Explorer and other software as part of its regularly scheduled Patch Tuesday release. The eight-patch rollout is significant in that Redmond has now released 25 fixes in the first four months of 2008 -- a pace well on track to exceed 2007's 69 security bulletins. St. Paul, Minn.-based Shavlik Technologies' Chief Technology Officer Eric Schultze cites today's release as a good news/bad news affair.

"All eight bulletins this month are client-side vulnerabilities. In other words, your system is safe unless a user logs in and opens documents, reads e-mail or visits an evil Web site on that computer. Systems where no one logs on and does this are safe," Schultze said. "[But] of the five OS-related vulnerabilities this month, four impact Vista and Windows Server 2008. This doesn't speak well for the debut of Windows Server 2008."

View: Microsoft Security Bulletin Summary for April 2008
News Source: Redmond Mag via MSFN

Report a problem with article
Previous Story

Windows Live Writer Updated (KB 951125)

Next Story

Europeans warn search engines: Delete user data sooner

12 Comments

Commenting is disabled on this article.

After all the hundreds of patches and 2 (3?) service packs required to fix what Microsoft hailed as the most stable operating system ON THE PLANET (XP at release) why is anybody surprised at the seemingly endless patches for Vista - My bandwidth consumption went up dramatically with the switch to Vista - endless patches.

If Microsoft want to increase revenue they should buy ISP's - the bandwidth required to keep their OS's up to date guarantee largesse.

"seemingly endless patches for Vista"

Though I understand your intention, this means nothing. All OS's have endless patches until they are no longer supported. If you are actually complaining about the volume ... really? Doesn't seem like many to me.

I've still using XPSP2 because this system is pretty old and so on, but in the time Vista has been out i've noticed more patches still being released for XP/2k3 over Vista.

And 3-5 or so patches a month isn't that much, specially how some of these aren't just for the OS but for other apps like IE and Office.

Why are we required to restart for these updates in Vista SP1, when they introduced the hot-patching feature with SP1?

(Evolution said @ #6)
Why are we required to restart for these updates in Vista SP1, when they introduced the hot-patching feature with SP1?

One of them was an update to that feature I think.

One of them is a kernel update, but it's marked as important and not critical. If you installed everything though, any update to the kernel needs a reboot/restart.

"[But] of the five OS-related vulnerabilities this month, four impact Vista and Windows Server 2008. This doesn't speak well for the debut of Windows Server 2008."

This is always a risky claim to make, and one security analysts still often make.

Operating System A has more vulnerability fixes than Operating System B.
Does that mean Operating System A is less secure?

This is actually hard to tell. It could just be that Operating System B is seeing less market impact with less bug reports coming from that, for example. Or maybe OS B simply has fewer active developers.

What the analysts should look at, is not the number of security fixes, but the amount of severe and still open bugs. I'm not defensive and saying Windows is faring well there, just that this is the more important statistic, than what could otherwise just be thanks to an active and efficient security team at Microsoft. Fixing bugs frequently is a good thing. That something has many bugs is a bad thing. But then again, a lack of bug fixing is a poor indicator of few bugs in a product, at least when it's as complex as an entire operating system. Then many more factors can be contributing.