Thursday, July 14, 2005

Pre-Patch Investigations Explained

Robert Hensing, a Softie who recently joined the Secure Windows Initiative (SWI) defense team, dishes some details on what goes into patch-creation process at Microsoft, especially the investigative work that is done long before the product team starts coding the fix.

He describes the work done to create workarounds for the javaprxy.dll issue ahead of the full patch and while he recommends the use of temporary workarounds, Hensing made it clear they should "never be used indefinitely in place of the security update."