Gates Defends Microsoft Patch Efforts

Microsoft chairman Bill Gates defended the company’s handling of security patches Monday following widespread attacks on the Internet by suspected Russian organized crime gangs.


Two of the Internet Explorer vulnerabilities exploited in the attacks were discovered in active use on June 6th, and have not yet been patched by Microsoft, according to an analysis by IT security company Symantec. [Symantec publishes SecurityFocus]. The attacks also used a controversial Internet Explorer feature that permits local HTML documents to create or overwrite files on a user’s computer. Though not a bug in and of itself, security researchers warned as early as last August that the feature becomes a serious attack vector when used in conjunction with Internet Explorer holes.


Still, speaking at a press conference here Monday, Gates told journalists that Microsoft’s patching process compares well with competitors’. “You know, the time — the average time — to fix on an operating system other than Windows is typically ninety to a hundred days,” said Gates. “Today we have that down to less than forty-eight hours.”


Asked by SecurityFocus about the Russian hacks of last week, Gates hinted that the attacks wouldn’t have been possible if administrators had installed a security patch Microsoft made available for its IIS Web server product last April.


http://www.securityfocus.com/news/9004

Leave a Reply