« Year in review podcast coming up | Main | What's a poor security guy to do? »

December 12, 2006

This Patch Tuesday is screaming for a 3rd party patch

With the Patch Tuesday release today it seems that Microsoft is up to their ears in fixes.  However, two of potentially the biggest were not included in this fix.  I am of course referring to the two MS Word holes that were found and have been exploited in the wild already.

Just a few months ago Determina, eEye and ZERT were falling over themselves to help us all with 3rd party patches to hold the fort down until Microsoft got around to it.  Now when it would seem the need is extreme, they are no where to be found.  Maybe they realized it is not a profitable business?  Maybe it is really hard to patch these?  I don't know, but this is part of the reason why I think the whole VA thing is dead as a stand alone strategy.

Posted at 04:01 PM in patching, vulnerability management |

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d83451e4d369e200d83503c35a69e2

Listed below are links to weblogs that reference This Patch Tuesday is screaming for a 3rd party patch:

Comments

My Photo

Subscribe to my blog

Enter your email address:

Delivered by FeedBurner

Lijit Search

Blog Networks

Creative Commons License
This work is licensed under a Creative Commons Attribution-Share Alike 2.5 License.

Search

Lijit Search

Attend a Computer Forensics Boot Camp to better your skills and become a better worker

Categories

Track my blog stats

Blog powered by TypePad
Member since 10/2005

About