Zero-Day Wednesdays
Tuesday 1st August, 2006 11:07 Comments: 0
I was reading an item on Securiteam's blog today and loved the term they came up with.
You gotta love the term Zero-day Wednesdays. It explains in a sentence everything that is wrong with Microsoft's Patch Tuesday
I must admit, I can see the reasons for and against a schedule: it allows (IT support) people to schedule patch installations, and possibly make it coincide with other patches to limit downtime, but it also means you may have to wait 4 weeks for a patch to appear for something malicious that appears immediately afterwards.
The good news? If the situation is fairly critical, Microsoft will rush out a patch, as seen with the WMF vulnerability as the start of the year. Also, people may moan that it takes up to a month for Microsoft to fix, but that's only a month from when people notice. The big bad things to worry about are the targetted attacks using vulnerabilities that haven\'t even been reported! So the term is nice and cute, but I wouldn\'t worry about it. As ever, don\'t trust unsolicited attachments, keep your AV software up to date, and try not to run Windows as an Administrator.
You gotta love the term Zero-day Wednesdays. It explains in a sentence everything that is wrong with Microsoft's Patch Tuesday
I must admit, I can see the reasons for and against a schedule: it allows (IT support) people to schedule patch installations, and possibly make it coincide with other patches to limit downtime, but it also means you may have to wait 4 weeks for a patch to appear for something malicious that appears immediately afterwards.
The good news? If the situation is fairly critical, Microsoft will rush out a patch, as seen with the WMF vulnerability as the start of the year. Also, people may moan that it takes up to a month for Microsoft to fix, but that's only a month from when people notice. The big bad things to worry about are the targetted attacks using vulnerabilities that haven\'t even been reported! So the term is nice and cute, but I wouldn\'t worry about it. As ever, don\'t trust unsolicited attachments, keep your AV software up to date, and try not to run Windows as an Administrator.