Network World - Microsoft Corp.'s monthly patch release triggers a race between hackers, vendors and customers.
The engineers at vulnerability testing tool vendor nCircle Network Security Inc. spend $100 per month at the coffee shop in the lobby of their office building in downtown San Francisco. But there is one day each month when a trip to the cafe is more urgent than at any other time: Patch Tuesday.
As anyone involved in running a Windows network knows, this falls on the second Tuesday of the month and is the day when Microsoft announces product vulnerabilities and releases patches for them. For the nCircle engineers, it's the start of a very long day that's filled with coffee, work and more work.
"We know we won't get any sleep when it's Patch Tuesday," says Michael Murray, director of nCircle's Vulnerability & Exposure Research Team (VERT), whose engineers rarely go home before 2 a.m. on the big day.
Microsoft last year released 45 security bulletins and patches; 18 of them deemed "critical" (the highest rating) and 19 "important" (the second-highest). October was the busiest and most crucial month, as Microsoft hit customers with 10 patches, seven rated "critical."
As soon as Microsoft releases its patches, nCircle's programmers in San Francisco and Toronto begin unraveling the fixes. It's a race between them and hackers who might be doing the same. The engineers have 24 hours to meet service-level agreements with their customers to determine what has changed in the software and to deliver tests that the customers can use to decide whether their systems need to be patched.
Microsoft doesn't publicize the changes, so that exploits for the vulnerabilities can't be created -- not immediately anyway.
Knowing Microsoft's patch schedule lets the programmers mentally prepare for Patch Day. Murray is based at nCircle's Toronto office, but for Patch Tuesday on Dec. 14, 2004, he's at the San Francisco facility.
The day begins on a promising note: Microsoft is five minutes early, issuing its patches at 10:05 a.m. Four VERT engineers in San Francisco gather at the company's "war room," a tiny office that's barely large enough to house a table that sits eight people. Nine engineers in Toronto wait for Murray to open the phone bridge, which will stay open all day.
Microsoft has issued five patches, each rated "important." Murray, his PowerBook perched on the table amid cables, two digital projectors and the conference call unit, clicks between the pages Microsoft has posted about the vulnerabilities and patches. He scribbles on a whiteboard the vulnerabilities
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
Richi Jennings: Eolas shakedown -- please don't feed the (patent) trolls