[Am-info] Microsoft fails to keep up with its own patches

[Eric Bennett]

Fairly clear evidence of "too many patches"...




http://news.com.com/2100-1001-982305.html

"All apps and services are potentially affected and performance is sporadic
at best," Mike Carlson, director of data center operations for Microsoft's
Information Technology Group, stated in an e-mail sent at 8:04 a.m. PST
Saturday to other members of Microsoft's operations groups. "The network is
essentially flooded with traffic, making it difficult to gather details
concerning the impact." 

The messages put Microsoft in an awkward position: The company relies on
customers to patch security flaws but the events of last weekend show that
even it is vulnerable. In this case, Microsoft urged customers to fix a
vulnerability in the SQL Server 2000 software, but it apparently hadn't
taken its own advice.

"This shows that the notion of patching doesn't work," said Bruce Schneier,
chief technology officer for network protection firm Counterpane Internet
Security. "Publicly, they are saying it's not our fault, because you should
have patched. But Microsoft's own actions show that you can't reasonably
expect people to be able to keep up with patches."


-- 
Eric Bennett ( ericb@pobox.com ; http://www.pobox.com/~ericb )

A penny saved is a penny that will end up on your dresser,
slowly corroding and gathering dust with the other pennies.