Microsoft is facing patching problems

Hackers are turning the tables on Microsoft by using information contained in its security patches quicker than the company can get users to adopt them. While this may sound like Microsoft-bashing, the person who thinks this is Steve Ballmer, Microsoft’s CEO.

  • E-Mail
By  Peter Branton Published  September 17, 2003

Hackers are turning the tables on Microsoft by using information contained in its security patches quicker than the company can get users to adopt them. While this may sound like Microsoft-bashing, the person who thinks this is Steve Ballmer, Microsoft’s CEO.

In a speech Ballmer gave in the US this week, he admitted the company was finding it difficult to get patches distributed quickly enough among its vast user base. “We need to improve the entire patch-management process,” he said. “We’ve made some progress in improving patch-management tools, but we have to continue to improve the speed, the resiliency, and the distribution of patches.”

Often, hackers are taking patches and reverse engineering them to find out exactly what the vulnerability is and then exploiting it before Microsoft can get the patch sent out, Ballmer said, “or at least before our customers have the opportunity to load the patch.” Microsoft is currently working at making the installation and deployment of patches easier and more seamless for business and consumer users, he said.

Ballmer said that Microsoft was “in many ways humbled by the developments of the last few weeks” and promised that it would continue to work to address customer concerns. However, he said customers also need to take more responsibility for security issues. “We find today that too many users are not fully utilising security technologies and not fully designing their networks for maximum security,” he said. “There’s a critical message that all of us in this industry need to convey to business customers and consumer customers who are on the internet, and that message is about encouraging them to take the right steps to put secure infrastructure in place.”

Work Microsoft is doing on security includes post-processing of source code to work out potential vulnerabilities in source code of software before it is released, Ballmer said.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code