Does Microsofts Patch Tuesday Need Fixing?
But every so often, zero-day vulnerabilities and attacks materialize outside the cycle, causing more than a little heartburn for Windows-based businesses. In December, for example, Microsoft was forced to release an emergency, out-of-cycle patch for Internet Explorer (IE) to close a security hole that allowed attackers to infect more than 2 million machines. The malware allowed the bad guys to steal such personal data as passwords when the user visited one of at least 10,000 compromised websites. Days later, Microsoft had another critical flaw on its hands: an SQL Server database software bug attackers could exploit to run unauthorized software on systems running versions of Microsoft SQL Server 2000 and SQL Server 2005. Cases like these beg the question: Has Patch Tuesday outlived its usefulness? Is a more frequent update process in order to match the increased sophistication and speed of attackers? The answer is no, according to most IT security pros CSO polled recently. The increase