A question about security patches

Tuesday, October 28, 2003

Just curious and because I like to tease Redmond a bit ;-)

I was looking at the latest security patches through Windows Update and I discover something new for me.

The patches get also a version release !

Indeed it's like a patch on a patch ;-)

Example:

Revisions:

V1.0 October 15, 2003: First Published.
V1.1 October 17, 2003: Re-issued to advise of a language specific compatibility issue with some third-party software.
V2.0 October 22, 2003: Version changed to reflect the availability of updated patch for specific languages.

So I read cautiously the details, for 2 days at least, If I am not in a Language version of windows, which cover the initial patch, I have to wait that MS release an update to cover my Language.

Don't you think this practice let some serious security holes ?

After all, somebody can exploit this to release an update of it's own attack.

And curiously patches update like this one were not mentioned in the automatic update on my machine.

No Comments