Microsoft fixes up patch system
The company pledged Tuesday to improve its system for sending out security fixes, or patches, to existing products. Ninety-five percent of attacks happen after a patch for a known software vulnerability has been issued, said Scott Charney, chief trustworthy computing strategist at Microsoft, during a keynote speech at the software maker's TechEd conference here.
By the end of the year, the company intends to consolidate from eight to two the number of ways that patches are distributed to customers. One of the two new systems will address changes to the Windows operating system, while the other will apply to Microsoft's business applications. Eventually, Microsoft will consolidate its patch management into a single tool that can work across all the company's products, Charney said.
In addition, Microsoft plans to ensure that Windows fixes add themselves automatically to the operating system's internal registry, rather than to different parts of the system. By introducing consistency and by making sure all patches register as present within the software, there's a better chance that fixes will be implemented correctly, the company expects.
[ Read more ]