[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-Disclosure] The new Microsoft math: 1 patch for 14 vul nerabilities, MS04-011
- To: full-disclosure@xxxxxxxxxxxxxxxx
- Subject: RE: [Full-Disclosure] The new Microsoft math: 1 patch for 14 vul nerabilities, MS04-011
- From: Tremaine Lea <tremaine.lea@xxxxxxx>
- Date: Wed, 14 Apr 2004 13:39:31 -0600
> -----Original Message-----
> From: Tim [mailto:tim-security@xxxxxxxxxxxxxxxxxxx]
> Sent: Wednesday, April 14, 2004 9:38 AM
> To: Edward W. Ray
> Cc: full-disclosure@xxxxxxxxxxxxxxxx
> Subject: Re: [Full-Disclosure] The new Microsoft math: 1
> patch for 14 vulnerabilities, MS04-011
<snip>
> Yeah, this is pretty disgusting.
> Seemingly harmless in application, but when you consider
> features often creep into patches in M$ software, it makes it
> extremely difficult to test a single mega-patch like this on
> a few thousand systems with different configurations and
> custom software installations. I can tell you first hand,
> that dealing with them in bunches severely slows the patch
> release process in enterprise environments.
>
> And I don't buy "its easier if it is all together". If your
> patch management system doesn't suck, any number of seperate
> patches can be applied just as easily as a subset of them.
>
> tim
This merely begs the question, why do they not then release the patches as
both? A single "patch'em all" one for single users and those who can afford
to implement patches this way, and a broken out set of the patch that can be
more thoroughly tested in larger scale environments where the big patch
solution doesn't work.
Tremaine
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html