CNN.com - Microsoft plans Windows overhaul to fight hackers - Oct. 16, 2003: Stung by criticism over lax software security, Microsoft Corp. disclosed plans Thursday to update its flagship Windows operating systems early in 2004 to make consumers less vulnerable to hackers. [...] Microsoft promised to improve the way in which Windows manages computer memory to protect users against commonly exploited software flaws known as buffer overruns, which can trick Windows into accepting dangerous commands. Some of the most damaging attacks in recent months fall under this category. The company promised to improve its built-in firewall feature, which has drawn criticism in the past because it was not especially strong and was routinely turned off in new copies of Windows. The update will automatically turn on the updated firewall and enable companies to centrally manage each computer's protective settings. [...] Critics have said Microsoft releases far too many patches, which frustrate employees responsible for installing them on hundreds of computers throughout companies and which can interfere with other programs already installed. [...] Microsoft promised to begin distributing these repairing patches monthly, rather than weekly, and making the patches easier to install and to remove when they conflict with existing software. The company said it still would rush out an emergency patch midmonth if it determines hackers were actively breaking into computers using a software flaw it could repair immediately.
Well, isn't that good of them? Heaven only knows that all those frequent patches are just a pain in the rear, aren't they? And less frequent patches may contribute to ... hmm? What's that you say?
Microsoft warns of 4 new 'critical' Windows flaws (CNN, October 16, 2003): Microsoft Corp. warned consumers Wednesday about four new flaws in its popular Windows software as the company shifted to monthly alerts for serious problems that could let hackers break into computers. In particularly embarrassing disclosures, Microsoft acknowledged problems in its technology to authenticate software publishers over the Web and in its Windows help and support system.
Note also that Microsoft released, on October 14, an "update rollup", containing the previous 22 security updates for people who hadn't previously patched their system. The new updates, on the Windows update site, carry the date of October 14. The four new updates are not included in the "update rollup".
Well. Yes. Quite.
As you were, then.
Posted by iain at October 16, 2003 01:39 PM
