Print
Discuss
Send to friend
RSS feedsSecurity researchers have said that Microsoft's Patch Tuesday security update format has helped keep PCs more secure, despite a pattern of exploits following its monthly release.
Microsoft releases a package of security fixes on the second Tuesday of every month covering the previous four weeks.
Some are for publicly known vulnerabilities in Microsoft products, while others are from internally detected or privately disclosed reports from professional security researchers.
But there is often a rash of exploits that arrive shortly after Microsoft releases its patches.
Some of these target vulnerabilities covered in the Patch Tuesday release, hoping to catch users who have not yet installed the fix. Others are so-called zero-day exploits, which target previously unknown flaws not fixed by the monthly release.
Bruce Schneier, security expert and chief technology officer at BT Counterpane, believes that this is not a coincidence.
"There are often a couple of weeks during which systems are vulnerable, and exploit writers are taking advantage of this," Schneier told vnunet.com.
"When Microsoft releases a patch users want to get it as quickly as possible. Every day they wait is a day during which they vulnerable.
"On the other hand, any patch must be extensively tested. Those two requirements are impossible to meet at the same time. Not difficult, impossible. "
Along with the need for carefully tested patches, Microsoft is faced with many customers that run large networks.
Installing patches on such networks is a time consuming process, and the company found that many of those large-network customers were unable to deal with sporadic patch releases.
"There is a profound difference in being an administrator and knowing when your patches are coming, compared with constantly having to scramble," Alfred Huger, senior director of engineering at Symantec Security Response, told vnunet.com.
The rise in exploits and proof-of-concept code for attacks seen after Patch Tuesday is down to several factors, explained Huger. One is from security researchers who had previously found the vulnerability and reported it to Microsoft confidentially.
"There is still a lot of recognition for people who post vulnerabilities and do vulnerability research," he said.
After the flaw has been disclosed to Microsoft and the patch issued, the researcher will take credit for the discovery by releasing proof-of-concept code that could be used in an attack.
Another source of post-Patch Tuesday attacks comes from exploit developers taking advantage of the fresh crop of vulnerability disclosures.
"Once malware writers become aware of the fact that there is a vulnerability they can turn that around pretty easily," Huger explained.
Finally, there are the malware developers who have an attack for a previously undisclosed zero-day exploit.
By waiting until after Microsoft has released its monthly patch, the malware author hopes to extend the amount of time the exploit can freely target even the most up-to-date applications.
All Bugs & Fixes
del.icio.us
Digg this
reddit!
