Robert Hensing, a Softie who recently joined the Secure Windows Initiative (SWI) defense team, dishes some details on what goes into patch-creation process at Microsoft, especially the investigative work that is done long before the product team starts coding the fix.
He describes the work done to create workarounds for the javaprxy.dll issue ahead of the full patch and while he recommends the use of temporary workarounds, Hensing made it clear they should "never be used indefinitely in place of the security update."
skip to main |
skip to sidebar
An (outside) look at security in Microsoft's dominant operating system.
About Me
- Ryan Naraine
- I write about IT security issues/trends for eWEEK Magazine; I'm West Indian and I obsess about West Indies cricket.
My blog is mine. The opinions represented in this blog are mine as well and may not represent my employer's opinions.
Digg Security
- Microsoft Watch
- eWEEK Security
- MSRC Blog
- Exploit Prevention Labs
- Metasploit
- Stephen Toulouse (MSRC)
- Michael Howard
- John Pescatore
- Ben Edelman
- Bruce Schneier
- Matasano
- Donna Buenaventura
- WaPo SecurityFix
- F-Secure Weblog
- Kaspersky Lab
- ISC Sans Diary
- Sunbeltblog
- Honeyblog
- Jesper Johansson
- Paper Ghost
- Worm Blog
Blog Archive
-
▼
2005
(82)
-
▼
July
(39)
- MS05-036 Exploit Published
- Kaminsky on Security at Redmond
- Win2K Update Rollup Hiccups
- US-CERT Weekly Windows Security Summary
- 80 Super Security Tips
- Acquisitive Microsoft
- What’s The Use of Security Advisories?
- AOL's IE Browser
- Windows Anti-Spy Refresh
- Spyware at Cingular Store
- Support for Industry Patch Day
- Advisory/Workarounds for RDP Flaw
- Explaining Premature Disclosure for IE Flaw
- XP SP2 Zero-Day?
- Dell, Spyware and My Way
- SWI Team May Start Blogging
- Pre-Patch Investigations Explained
- Schneier on Microsoft/Claria Hubbub
- Patch Deluge Redux
- Still no RSS Feed for Advisories
- Windows XP SP2 Remote Kernel DoS Flaw
- Cybercrime *Not* Terrorism
- A Message for Microsoft
- MS/Claria Deal Dead
- Why You Need Multiple AntiSpyware Apps
- It's Raining Patches
- Multiple Vendors Patching Today
- Low Hopes for Anti Spyware Coalition
- Hacker Manifesto
- 19 Deadly Sins of Software Security
- Momentum for MS AntiSpyware Rethink
- Lazy People and Default Settings
- London Bombing Trojan
- Talking a Lot, Saying Nothing
- Unimpressed with Spyware Downgrade Explanation
- Ed Bott on MSAS Claria Downgrades
- eEye Spies More Windows Flaws
- MS AntiSpyware Bordering on Irrelevance
- Some Fatherly Advice for Sasser Sven
-
▼
July
(39)