Computer geek, and self-appointed know-it-all, Westley Annis answers all those hard questions about anything related to computers and technology, as well as business and political questions.

Microsoft Out-of-Band Security Update

Question asked on December 16, 2008 4:33 PM :: :: Comments (0) :: TrackBacks (0)

A Microsoft out-of-band security update is one released outside of the once monthly schedule that Microsoft adheres to for security patches.

Almost all computer software is going to have some kind of security flaws, especially something as complicated as Internet Explorer. Being as popular as it is in terms of installed base, hackers tend to focus their efforts on finding flaws to exploit.

When Microsoft released Windows 98, they also included a "Windows Update" system that made it easy for users to update their systems which was great for home users but turned out to be not so great for corporate users. Some of those early updates tended to "break" other software and forced corporate IT support personnel to try and "unbreak" the latest update.

Since Microsoft was releasing the updates as they developed them, IT departments had no way to prepare for an update or to keep track of what updates Microsoft had released.

To reduce the cost of maintaining updated systems, Microsoft switched to releasing updates once a month on the second Tuesday of the month, also known as Patch Tuesday, with a bulletin released three days before the patches announcing what products the updates would cover.

Although hackers are constantly trying to find some flaw in Microsoft products to take advantage of, many security researchers are doing the same thing. To protect the public, when one of the researchers discovers a flaw, they will alert Microsoft and allow Microsoft time to develop a patch before announcing their findings to the public. It's when a hacker finds the flaw before one of the researchers and uses it to attack the general public that it becomes what's known as a "zero-day flaw" i.e., a flaw that Microsoft has not had a chance to work on before it becomes public knowledge.

Most often, it is these zero-day flaws that Microsoft will release an out-of-band update for, especially if it is considered a critical threat.

Bonus question: How does Microsoft classify a threat?

Microsoft will give a threat one of four ratings.

RatingDefinition

Critical

A vulnerability whose exploitation could allow the propagation of an Internet worm without user action.

Important

A vulnerability whose exploitation could result in compromise of the confidentiality, integrity, or availability of users data, or of the integrity or availability of processing resources.

Moderate

Exploitability is mitigated to a significant degree by factors such as default configuration, auditing, or difficulty of exploitation.

Low

A vulnerability whose exploitation is extremely difficult, or whose impact is minimal.

Categories

Microsoft Office , Microsoft Windows

Tags

Rate this article at
Mixx
Mixx		 Facebook
Facebook		 Digg
Digg		 Reddit
Reddit		 Del.icio.us
del.icio.us		 Furl
Furl		 Ma.gnolia.com
Ma.gnolia		 Stumble Upon
StumbleUpon		 Sphere
Sphere

0 TrackBacks

Listed below are links to blogs that reference this entry: Microsoft Out-of-Band Security Update.

TrackBack URL for this entry: http://www.askwestley.com/cgi-sys/cgiwrap/wannis/managed-mt/mt-tb.cgi/174

Leave a comment


Ask Westley your question on technology, business, or politics!
RDF XML
Add to My Yahoo!
Subscribe in NewsGator Online
Feedburner
GeoURL
Search



Link To Westley!
Buy Westley a Snoball!
All Categories
Syndicate this site (XML)
Powered by
Movable Type 4.1
consulting - tech support
© 2005-2009 by Westley Annis. All Rights Reserved.

Valid XHTML 1.0!