Microsoft patch rate surged in second half of 2008
Microsoft Corp. was forced to pick up the patching pace in the second half of 2008, the company admitted Wednesday, as it fixed 67% more flaws and released 17% more security updates in the period than it had in the first six months of the year.
Included in the bugs patched during the latter months of the year was the vulnerability exploited by Conficker, a worm that led to the biggest infection outbreak in years and a minor media frenzy last week.
Microsoft patched 97 different vulnerabilities in 42 separate security update in the second half of 2008, compared to 58 vulnerabilities in 36 updates in the first half.
Vinnie Gullotto, the general manager of the Microsoft Malware Protection Center, acknowledged the increase. "The number [of patched vulnerabilities] did go up, but a lot has to do with our methodology."
Microsoft's Security Intelligence Report explained it differently. "Although the total number of security bulletins in [the second half of 2008] was on par with the last several periods, there was a significant increase in the number of CVE identifiers addressed per security bulletin in [the second half of 2008]," the report stated. The average number of Common Vulnerability and Exposure (CVE) identifiers rose from an average of 1.6 per security bulletin in the first half of 2008 to 2.3 in the final six months.
In plain English, that means Microsoft packed more individual patches into the average security update.
During the second half of 2008, Microsoft issued several multi-patch updates, including MS08-052, a five-patch update for the GDI+ component of Windows; MS08-058, a six-patch update for Internet Explorer (IE); MS08-072, an eight-patch fix for Microsoft Word; and MS08-073, a four-patch update for IE.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
security
Powered by Twitter
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.












