For the past several months, the second Tuesday of the month has been when Microsoft released updates for its software.
Now, the latest three Critical security bulletins, two of which corrected imaging flaws that could have been exploited by merely viewing a maliciously crafted image, were just part of a crowded day of updates.
By listening carefully, one could almost hear the dulcet tones of system administrators everywhere swearing at the likes of Microsoft, Oracle, Apple, Cisco, and even Firefox, and slamming their fists into large objects in frustration.
At least admins can plan out those updates, according to CTO Rick Greenwood of Shavlik, a company that produces patch management software. Microsoft always puts out its updates on the second Tuesday of a month. Oracle also provides regular updates, but in the middle of the month.
This time, Larry Ellison’s firm released a set of 49 patches for its applications. That’s not a release, that’s a jailbreak. And twelve other vendors pushed out patches on July 11 and 12, according to UK-based NISCC (National Infrastructure Security Co-ordination Center).
Pick a name, any tech name you like. Sun? It releases a weekly alert summary. Apple? Fixed a potential DoS exploit. Linux? Which distribution do you prefer: Red Hat, SUSE, Debian, Gentoo, Mandriva? All there. Cisco? Yes, them too.
Give all those firms credit for fixing problems on an ongoing basis. But we might have to give them credit for riding on Microsoft’s Patch Tuesday coattails, according to Neel Mehta of Internet Security Systems.
“If you look at what’s going on, it’s clear that some companies are trying to hide their security problems by releasing on Microsoft’s patch day. They know the press and public will be zeroing in on Microsoft, so they release a patch and avoid the publicity.”
David Utter is a staff writer for Murdok covering technology and business. Email him here.
