Microsoft Delays Patch Tool, Challenges Cisco - InformationWeek
IoT
IoT
Software // Enterprise Applications
News
7/16/2004
05:14 PM
50%
50%
RELATED EVENTS
Moving UEBA Beyond the Ground Floor
Sep 20, 2017
This webinar will provide the details you need about UEBA so you can make the decisions on how bes ...Read More>>

Microsoft Delays Patch Tool, Challenges Cisco

Software vendor releases security patches, a tool, and a network-access plan

Last week was a busy one for business-technology and security professionals defending computer systems and networks that run Microsoft applications and operating systems. They had to deal with software patches, cleanup tools, and newly discovered security holes. They also got details on Microsoft's network-security initiative--and disappointing news about another delay in a patch-management tool that promises to work with a variety of the vendor's products.

Microsoft issued seven security bulletins with a total of 21 software patches, including two rated as critical. One of the vulnerabilities, a buffer overflow within Windows Task Scheduler, could let an attacker take over an unpatched system.

The company also released a tool designed to remove a piece of malicious code known as Download.ject that plants a Trojan horse on the computers of Web surfers and was part of a widespread Internet attack last month. And it said it would bolster antivirus defenses for users of its Hotmail E-mail service.

chartBut Microsoft told customers they would have to wait until the first half of next year for Windows Update Services, a free Windows Server tool that aims to simplify the patching process for many Microsoft applications. It's the second delay for the tool, which was originally planned for the first half of this year.

"That's a real disappointment," says Lloyd Hession, chief security officer with Radianz, which provides network services to the financial-services industry. Businesses have been looking for Microsoft to improve the patching process and will be unhappy with the delay, he says. But if Microsoft is taking more time to make sure the quality-control aspects of the patching tool are solid, then the delay is understandable, Hession says.

Microsoft says it's incorporating suggestions from testers of Windows Update Services and that it hopes to issue another test version of the product in the fourth quarter. The company also attributes the delay, in part, to work its doing on an automatic-update agent in Windows XP Service Pack 2, the security-oriented upgrade to Windows XP that's now slated for release next month.

Microsoft also unveiled details about a security initiative called Network Access Protection. Much like the Network Admission Control initiative from networking leader Cisco Systems, NAP will check to make sure a computer has up-to-date security patches and antivirus signatures before it's allowed to access the network. Some 25 tech companies say they'll support NAP. Cisco, however, wasn't on the list and wouldn't discuss whether it will support the initiative. NAP is scheduled to be part of the next release of Windows Server 2003, known as R2 and slated for the second half of next year.

With Microsoft competing with Cisco's efforts, as well as an initiative by the Trusted Computing Group to build a similar standard, analysts are concerned there may be too many standards attempting to do what NAP aims to accomplish. "We're urging the two of them [Cisco and Microsoft] to compromise. The two need to support a common protocol," says John Pescatore, a VP and research fellow with Gartner.

Microsoft says it agrees. "We've heard that loud and clear," says Steve Anderson, director of marketing for Windows Server. "We want one architecture and one set of standards where everyone can play."

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
[Interop ITX 2017] State Of DevOps Report
[Interop ITX 2017] State Of DevOps Report
The DevOps movement brings application development and infrastructure operations together to increase efficiency and deploy applications more quickly. But embracing DevOps means making significant cultural, organizational, and technological changes. This research report will examine how and why IT organizations are adopting DevOps methodologies, the effects on their staff and processes, and the tools they are utilizing for the best results.
Register for InformationWeek Newsletters
White Papers
Current Issue
IT Strategies to Conquer the Cloud
Chances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll