I was more than pleased to see Microsoft step out of the monthly patch cycle to release MS06-055. Hopefully, this rare event will reoccur as necessary.
Microsoft patch statistics continue to bode poorly for IE. According to the Symantec Internet Security Threat Report, Trends for January 06 - June 06, "Microsoft had the longest exposure-to-patch time in the browser industry...it took Microsoft an average of nine days to issue a bug fix, while Apple published a patch within five days, Opera within two days and Mozilla within one day." In my previous post, where I mentioned three days for Mozilla to patch, I was obviously overstated their average.
To be fair, MS is making strides on the OS front. Again, from Symantec's report, "Microsoft, however, leads the ranking in the operating system segment: The exposure time of a Windows security issue was 13 days; Sun had the longest patch release time with 89 days followed by HP with 53 days. Apple took an average of 37 days. Red Hat matched Microsoft's time of 13 days."
So, two up, one down for MS...better, getting better.
Monday, October 02, 2006
Subscribe to:
Posts (Atom)
Moving blog to HolisticInfoSec.io
toolsmith and HolisticInfoSec have moved. I've decided to consolidate all content on one platform, namely an R markdown blogdown sit...
-
Continuing where we left off in The HELK vs APTSimulator - Part 1 , I will focus our attention on additional, useful HELK features to ...
-
As you weigh how best to improve your organization's digital forensics and incident response (DFIR) capabilities heading into 2017, cons...
-
When, in October and November 's toolsmith posts, I redefined DFIR under the premise of D eeper F unctionality for I nvestigators in R ...