Security

Microsoft will patch ANI vulnerability Tuesday April 03 (out of sequence)

A Microsoft spokesperson notified me that the software giant is planning to release a Security Bulletin and patch for the new animated cursor vulnerability which is already being exploited in the wild.

 MS07-017 will support the regular automatic update procedure so those who take advantage of it will not need to do anything more (unless something goes wrong, of course.)

I will report on details of the update when it occurs and there is also likely to be a regular monthly security bulletin release on April 10.

Microsoft says that they are releasing this patch early not because the critical vulnerability is being widely exploited, but because it is ready.

As for the wisdom of letting any vendor automatically update your most critical system component before you can test the update, well, I don't do it, not even with Firefox. I've just seen too many bad patches over the years from virtually every vendor, not just Microsoft - I prefer to continue using workarounds or take other steps to protect against critical new vulnerabilities and test patches before deploying them.

I realize this is not practical for some IT departments where the staff is already working flat out to support and maintain networks but it is one reason my clients ARE my clients.

What is your feeling about automatic updates? Have you ever been in the middle of a rush project only to have Firefox or some other program or OS begin a background update which slowed your system to a crawl, or which cost you some functionality at least until you got more updates, or completely crashed your system? 

Editor's Picks

Free Newsletters, In your Inbox