Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft to Patch WMF Exploit Early

Posted by CmdrTaco on from the well-i-guess-early-is-relative dept.

Chran writes "Microsoft has just announced that they will release a security update for the .WMF-exploit today at 2pm ET, instead of Tuesday, as originally planned. Microsoft writes: "Microsoft originally planned to release the update on Tuesday, January 10, 2006 as part of its regular monthly release of security bulletins, once testing for quality and application compatibility was complete. However, testing has been completed earlier than anticipated and the update is ready for release. In addition, Microsoft is releasing the update early in response to strong customer sentiment that the release should be made available as soon as possible."

2 of 306 comments (clear)

  1. Re:Reactive vs Proactive by cnettel · · Score: 5, Interesting
    For an out-in-the-wild exploit, I would agree. For one that is currently, to their knowledge, not known among the script kiddies of the world, I'm not so sure. Releasing a patch will, generally, make those who are not yet prepared to implement it more vulnerable, if it means that knowledge of details is more wide-spread.

    I think that some corporate users (especially) are quite thankful for patch Tuesdays; especially those that have been bitten by some compatibility issue previously and can't just run autoupdate of all desktops at night, but rather want to roll it out manually.

    Again, this is not the case here, this exploit was discovered in the wild and it's spreading right now.

  2. Re:early my eye by javaxman · · Score: 4, Interesting
    It's the old "SCOTTIE" trick. They say they need until the 10th to test and patch and make sure it works and then they WOW us by being able to release it early. They had it ready before now, they are just trying to salvage what little they have out of this fiasco.

    They had it ready, if by ready you mean a version had been compiled and 'tested' once on the developer's machine.

    Trust me, right now in Redmond there's a whole team of Quality Assurance Engineers who are looking at their test plans, scratching their heads, and once again calling into question the actual value of their work, given that some manager can arbitrarily decide when it's time to rush a release regardless of what the schedule said or what the impact of a patch was or which cases remain un-tested. That, and they're really, really tired after pulling a couple of all-nighters.

    Have fun testing that patch.