Microsoft releases Windows monthly security bulletins early

Microsoft releases new security updates for its Windows operating system and other products every second Tuesday of the month. But this month, at least briefly, someone at Microsoft jumped the gun and released the full security bulletins for the next Windows update on Friday, four days before they were scheduled to be released. Ars Technica reports that the security bulletins were taken down about an hour after they were inadvertently released.

The big danger is that hackers could potentially have checked out exactly what security flaws were due to be fixed in Tuesday's Windows patch update and create attacks before the update is released on Windows-based PCs. However, Wolfgang Kandek, the chief technology officer at security company Qualys, believes there isn't much to worry about, saying, "I don't believe there is any heightened security risk with the early exposure. If the patches (i.e., the binaries) themselves had been revealed then indeed it would give attackers a 4-day head start."

Officially a Microsoft statement admits, "Microsoft inadvertently displayed draft text of September's bulletin summary, five bulletins, and a security advisory update intended for release on Tuesday, Sept. 13. The draft text was removed as soon as the issue was discovered. We are not aware of any customer impact and are monitoring the issue."

The next security update will have five separate patches that fix a total of 15 different security exploits. The fixes are for Windows and Microsoft Offices users as well as for users of theĀ  SharePoint 2007 and 2010 applications.

Report a problem with article
Previous Story

Microsoft Garage releases Mouse Without Borders

Next Story

Microsoft releases August Xbox 360 sales info

5 Comments

Commenting is disabled on this article.

There's not as much fun in taking advantage of potential security holes for Windows (potential because Microsoft it also proactive in security research) as there would be in exploiting security holes in Oracle or Apple software.

In the notices, they don't tell what the exploit is, only what could happen if you got hit by it. Full details don't go out until patch day itself.

Microsoft sends out a mail prior to the releasedate anyway, so "hackers" can exploit it as much as they want before the updates.