Saturday, June 9, 2012

Microsoft Software Defects


Microsoft’s monthly batch of security patches, for June 2012, include critical fixes for security holes in a wide range of Microsoft applications.

Seven security bulletins address twenty-eight documented vulnerabilities in Microsoft Windows, Internet Explorer, Visual Basic for Applications, Dynamics AX, and the .NET Framework. Three of the 7 bulletins are rated “critical”, especially with regard to the reliability of .Net.  The bulletin addresses flaws that could lead to remote code execution attacks with little or no user interaction. Four bulletins will carry an “important” rating and deal with vulnerabilities that could be exploited in code execution and privilege corruption.

Microsoft also released an emergency fix to block “active attacks” that use unauthorized digital certificates from the Microsoft Certificate Authority. This can lead to sophisticated man-in-the-middle attacks as part of the Flame malware, which has suspected links to sophisticated attackers.

SUMMARY
The highly distributed Microsoft software has created an industry dominant vulnerability surface for its offerings because.  Update of software must ultimately take place in millions of location after the announcement about the defects is announced.

Individual software packages, such as Windows, Visual Basic etc. manage software reliability through the largely centralized project teams at Microsoft HQ, which is time-consuming. The diversity of code, the large number of options, a persistent compulsion for maintaining upward compatibility and the organizational separation between hardware testing and implementation increased the number of defects. Once a software fix is identified, tested and then distributed it may take an additional indefinite amount of time before it can be actually installed as a protective measure.

In contrast, centrally managed software architecture and vendor distributed software can instantly update millions of devices and thousands of servers. There is no major gap in the time between the discovery of a “bug” and when it can be installed. With increased dependency by malware actors to take advantage of zero-day defects, the advantages of cloud-based software maintenance surpass methods currently deployed by Microsoft for maintaining software integrity.    

6 comments:

  1. Pretty section of content. I just stumbled upon your blog and in accession capital
    to assert that I acquire in fact enjoyed account your blog posts.
    Any way I'll be subscribing to your feeds and even I achievement you access consistently rapidly.
    Feel free to visit my weblog ; Finding The Perfect Godmother Gifts

    ReplyDelete
  2. nice posting.. thanks for sharing.

    ReplyDelete
  3. Nice post...I like it...and appreciate you share it.

    Church Software

    ReplyDelete
  4. I would surely give 10 on 10 for such incredible content.
    www.c2logix.com

    ReplyDelete
  5. It’s never too late to improve your information and your contents inspire me.
    price per head company

    ReplyDelete
  6. The beauty of the forex market is the fact that market is open round the clock Sun-Fri.domain name

    ReplyDelete

For comments please e-mail paul@strassmann.com