With the regular security updates released by Microsoft to patch their software, consumers could be excused for thinking that this is due to product faults or flaws. However, the savvier of us will be aware that there are many out there who seek to exploit software code for financial gain or through malicious intent.
This leaves Microsoft in the difficult position of wanting to please customers by ensuring vulnerabilities are reduced as much as possible and not inconveniencing them with barrages of changes to their software.
So, beginning way back with Windows 98, Microsoft began issuing updates for their operating systems. The modern ‘Microsoft Update’ is a streamlined process which keeps track of which updates are installed on an Operating System and also other installed Microsoft applications. Where an update is missing, this will be listed with either a ‘critical, important, moderate and low’ level vulnerability.
It is typically the case that users would see an alert on the desktop notifying them of these updates being made available on the 2nd Tuesday of every month – known as ‘Patch Tuesday’. (Over here in the UK, the updates are mostly seen to be available on the second Wednesday due to time differences). Equally, this can be configured to automatically download and install updates at a scheduled time. The default settings for updates to be applied are 0300 and will install critical and security updates only.
This update process can be further managed by a remote solution (such as Windows Server Update Services) which will allow an administrator to approve or reject certain updates from being deployed to multiple servers – thus allowing vetting of updates prior to deployment (though this practice should be carefully controlled as lack of approval will result in a vulnerability being present for longer than is necessary).
This ‘Patch Tuesday’ – for February 2010 – sees the release of 13 updates which apply to the following Microsoft Operating Systems and you can find out more on the implications of the updates to your systems here.
The great value in these updates provided by the software giant is to protect their software against these threats and hence protecting the businesses which rely upon them to function.