IE - Hong Kong Porn Connection - Patch Tuesday Must Die.
Microsoft is now shedding a little more light on the zero-day XML vulnerability. It seems some Hong Kong-based pornography sites are dropping the trojans Trojan:Win32/VB.IQ.dr and Trojan:Win32/VB.IQ on unsuspecting PC users. This in addition to exploits discovered on a popular Taiwan search engine. The details are here. A release to patch this vulnerability is to be released today.
(BTW I wonder what that job is like – “Just checking on potential viruses chief”) I digress – really I appreciate all the MS team does to keep us in the dark keep us up to date on this serious security flaw in every instance of that little blue E on all the desktops in the world. I mean if Hong Kong porn is not safe, then who is…?
All kidding aside can we stop the Patch Tuesday nonsense? We now have a second “out of band” update this year. Hackers are now celebrating “Exploit Wednesday” - look it up. Some environments take weeks to approve these type of updates, even emergency ones. I bet there are plenty of steamed folks out there about this little escapade. Reports say this XML exploit started the day after the last regular patch.
I know things get exploited – fine. And don’t start with the Mac and Linux tripe. It’s just a fact that everything can be pwned. I just have issues with the notification and resolution. How you deal with it is what really determines how protected an organization is. Patch Tuesday must die. It’s like putting a sign on your lawn that says, “I am not home from the hours of 8am-530pm”. Let’s put the call out today to put a nail in this thing. Stop Patch Tuesday. We need updates as they happen. 30 days is too long think about it. Think about all the little vulnerabilities that don’t get the press. Hacker releases exploit on Wednesday, if it gets found, it might make the next round of patches. IT gets the update, tests on systems, releases to production – That could be 6 weeks of password-stealing, PC Zombie fun.
NOTE: I know there are crews at MS that have busted to get this thing identified and fixed – Thank you. Again, I just don’t think the announcement strategy is working. I know I will get some flames for this and some people who agree. If someone has a better way, then speak up.