January 7, 2008
Microsoft Patches a Windows Update Patch
Analysis of:
Microsoft Patch Puts Up Stop Sign For Some IE Users | www.computerworld.com
This analysis is solely the work of the author. It has not been edited or endorsed by GLG.
Implications: ● The release of a Windows Update patch that potentially crashes Internet Explorer 6 is a major faux pas for Microsoft. ● As with all software, IT organizations need to thoroughly test any Microsoft patches prior to allowing them to be installed on users' PCs. ● Microsoft should have reacted more quickly once the problem was reported; initially advising users to manually edit the Windows Registry was not an adequate solution.
Analysis: Included in its monthly Windows Update patches on December 11, 2007 was a security patch for Internet Explorer (5.1, 6, and 7) that, in some cases, caused Internet Explorer 6 to crash or freeze in Windows XP SP2 operating system environments. As Windows Update is supposed to fix problems and/or enhance security, an update that creates problems of its own represents a major faux pas for Microsoft and serves to undermine user confidence in its monthly Windows and Microsoft Update patch releases.
While Microsoft has now released a patch to fix the problem, it did not do so until December 20, nine days later. Microsoft's initial response was to minimize the extent of the problem and advise affected users to manually edit the Windows Registry, a process that can cause significant system damage if incorrectly performed. While Microsoft certainly needed to exercise caution and ensure that the patch to the original patch did not create additional problems, it might have considered pulling the original patch and rerelease it with the fix included.
There is certain to be some speculation that Microsoft delayed its response in an effort to induce IE6 users to migrate to IE7. While I don't believe this to be true, it will like cause users that have previously not considered non-Microsoft browsers to now consider installing one, if only for backup in the event of a future problem. Furthermore, it may even serve as another reason for users to consider Linux.
As with all software, Microsoft patches should be thoroughly tested by IT organizations before they are installed on users' PCs. Individual and home users might want to reconsider the automatic download and installation of Microsoft patches and, with the possible exception of "zero-day" vulnerabilities, delay installing any updates for a few days to see if any problems have been reported.
Analysis: Included in its monthly Windows Update patches on December 11, 2007 was a security patch for Internet Explorer (5.1, 6, and 7) that, in some cases, caused Internet Explorer 6 to crash or freeze in Windows XP SP2 operating system environments. As Windows Update is supposed to fix problems and/or enhance security, an update that creates problems of its own represents a major faux pas for Microsoft and serves to undermine user confidence in its monthly Windows and Microsoft Update patch releases.
While Microsoft has now released a patch to fix the problem, it did not do so until December 20, nine days later. Microsoft's initial response was to minimize the extent of the problem and advise affected users to manually edit the Windows Registry, a process that can cause significant system damage if incorrectly performed. While Microsoft certainly needed to exercise caution and ensure that the patch to the original patch did not create additional problems, it might have considered pulling the original patch and rerelease it with the fix included.
There is certain to be some speculation that Microsoft delayed its response in an effort to induce IE6 users to migrate to IE7. While I don't believe this to be true, it will like cause users that have previously not considered non-Microsoft browsers to now consider installing one, if only for backup in the event of a future problem. Furthermore, it may even serve as another reason for users to consider Linux.
As with all software, Microsoft patches should be thoroughly tested by IT organizations before they are installed on users' PCs. Individual and home users might want to reconsider the automatic download and installation of Microsoft patches and, with the possible exception of "zero-day" vulnerabilities, delay installing any updates for a few days to see if any problems have been reported.
Report a Concern
More GLG News in
Technology, Media & Telecom
Most Popular:
Source Article | Expert Analyses
U.S wind power strangled by antiquated power grid
www.iht.com
Western Digital working on 20,000 RPM Raptor
www.bit-tech.net
Bandwidth crisis is Tellabs' chance
www.suntimes.com
Google - What is the limit for this giant?
www.ft.com
Symphony deploys Ekinops 360 in Bangkok optical network
lw.pennnet.com
How much of a Threat To Ciena is “Next-Generation” Optical Firmware?
September 4, 2008
Not So Fast - SSD's Are On The Way, But Rotational Drives Are Not Spinning Down Yet
September 2, 2008
iPhone reception problem resloved, but....
August 29, 2008
Would Tellabs Consider Merging With Ciena Again?
August 28, 2008
An Industry Giant Gains Momentum - And A Serious Blow to Canon
August 28, 2008