Microsoft Stretching The Definition Of Critical Patch
from the caveat-patcher dept
Microsoft is known for putting out a prodigious number of security patches each month, which is a result of the high number of vulnerabilities constantly being found in its software. Typically, the company releases all of its patches on one day, so as to give it time to test patches and ease the burden of installation; the downside is that sometimes users have to wait several weeks before a known hole gets fixed. But whether it does a good job at patching or not, at least a patch is typically something that businesses and users want. However, the company is now pushing patches that serve its own purposes, as opposed to that of its users. When a circumvention technique was discovered for its PlaysForSure DRM, the company immediately rushed out a patch, which it labelled as ‘critical’, not even waiting for Patch Tuesday. Of course, most people wouldn’t be inclined to install a patch that prevented them from enjoying their music as they saw fit, but most people wouldn’t question Microsoft when it says a patch is critical, either. This isn’t the first time that Microsoft seems to be abusing the definition of a security update. In July, it announced that the forthcoming version of Internet Explorer would be pushed upon users as a High Priority security update. Again, it’s good for Microsoft that users download the new browser — which comes with a default MSN searchbox for the first time — but it doesn’t seem like it should be labelled as a security update. If the company insists on using this channel as a way to protect its own interests, as opposed to its users, it could impair its ambitions to improve its standing with respect to security issues.