Microsoft Patch Reissued

A vulnerability of the Bluetooth stack of MS operating systems was patched in MS08-030. However, Microsoft re-releases the patch, to include MS Windows XP Service Pack 2 and 3.

Here is the statement by Christopher Budd of Microsoft

After we released MS08-030 we learned that the security updates for Windows XP SP2 and SP3 might not have been fully protecting against the issues discussed in that bulletin. As soon as we learned of that possibility, we mobilized our Software Security Incident Response Process (SSIRP) to investigate the issue.
Our investigation found that while the other security updates were providing protections for the issues discussed in the bulletin, the Windows XP SP2 and SP3 updates were not.
Our engineering teams immediately set to work to address the issue and release new versions of the security updates for Windows XP SP2 and SP3. These are available now and are being delivered through the same detection and deployment tools as the original update.

The amazing fact is that Microsoft did not manage to protect their product with the largest installed base of customers, ergo, the largest attack area.
This only goes to show that software patching even in very large companies can have errors.

On the user's side, this means that even if you are patching regularly, NEVER rely only on patches to maintain security

Talkback and comments are most welcome

No comments:

Designed by Posicionamiento Web