Microsoft Draws User Ire With Its Latest Release of Patches
Frustration mounts as users struggle to install numerous fixes
April 19, 2004 12:00 PM ETComputerworld -
Microsoft Corp.'s release last week of three critical patches to fix 20 flaws in various Windows products drew flak from users who expressed frustration at the company's continuing problems with security.
In one of its biggest monthly patch releases to date, Microsoft issued updates aimed at closing several major holes in products ranging from Windows NT 4.0 to the 64-bit edition of Windows Server 2003. Also affected were several versions of its Outlook Express e-mail program.
One of the patches fixed 14 separate vulnerabilities; another fixed four.
"We are extremely concerned by the high amount of vulnerabilities and patches from Microsoft. This goes against the credibility of what they have been saying," said Michael Kamens, global security director at Thermo Electron Corp.
The fact that even a new product such as Windows Server 2003 has problems "brings no great joy to our hearts," said Kamens, who had to patch more than 4,000 Windows systems last week at the Waltham, Mass.-based scientific equipment manufacturer.
Among the flaws considered particularly dangerous was a buffer overrun vulnerability in a user authentication function called the Local Security Authority Subsystem. Hackers who successfully exploit the flaw could take complete control of compromised systems.
A buffer overrun flaw related to a component used to secure communications between servers and clients on public networks was also deemed a critical risk, for the same reason.
Both flaws present "high-value targets" for hackers because they involve security and authentication components in Windows, said Neel Mehta, a research engineer at Internet Security Systems Inc. in Atlanta. "I expect [the flaws] to be exploited in a very short time," Mehta said.
Southern Regional Health System in Riverdale, Ga., had to patch nearly 100 Windows NT and Windows 2000 servers last week.
"These announcements are becoming more like the Chicken Little [story]," said Reid Burch, the health care organization's network services manager. "I'm not saying that we're ignoring the patches. But it has become comical that these patches are released so frequently."
Since the hospital has to run patient care applications around the clock, the task of patching systems is very difficult, Burch added.
Fenwick & West LLP had to allocate three IT workers to patching duties last week, and by Thursday, all three were working overtime, said Matt Kesner, the Mountain View, Calif.-based law firm's chief technology officer.
Even so, the firm was having problems getting the patches installed, with some machines requiring multiple attempts and 12 PCs needing to be completely reformatted to accept the patches.
"Despite the fact that
Security
Additional Resources



Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.
White Papers & Webcasts
Dell Proconsult Windows 7 Readiness Assessment
Download Now
Extending Client Refresh - 11 Steps to Maximize Savings
Register Now!
Southern Company
Download Now
Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!
Defending Against the Storm
Download Now
Managing Mobility: Improve Data Security, Compliance and Manageability
Download This Resource Now!
Share our Strength
Download Now
Consolidate Your Servers and Storage to Lower Costs with Oracle Database 11g
Register for this webcast!
The Commercialization of ITIL: Lessons Learned
Register for this event today!
