Tuesday, October 11, 2005

What's Not Patched

Today's patch day was interesting for what it did *not* fix. By my count, 4 of the 10 eEye-discovered flaws were addressed, leaving 6 unpatched, including three that are 136+, 99+ and 81+ days overdue.

The Jet DB engine flaw that I recently blogged about is also on the waiting list after more than 5 months. I asked Microsoft about this during an interview for my story today and was given the "patch-quality-takes-priority" excuse.

I say it's an excuse because when it takes that long to get a patch created and properly tested, something's very wrong with your process.