http://blog.didierstevens.com/2007/03/09/no-microsoft-security-bulletins-for-march-2007/ (blog 'DidierStevens) Tue, 06 Jan 2009 12:16:03 +0000 http://wordpress.org/?v=MU hourly 1 http://blog.didierstevens.com/2007/03/09/no-microsoft-security-bulletins-for-march-2007/#comment-1232 Ron Tue, 27 Mar 2007 05:26:11 +0000 http://didierstevens.wordpress.com/2007/03/09/no-microsoft-security-bulletins-for-march-2007/#comment-1232 I've seen this canned 'announcement' dozens of times now. I just wish M$ (and all of their unpaid propagandists) would tell the whole truth. Sure they did not issue any official 'security' patches. So imagine my surprise when on that Tuesday I rebooted my machine and had to wait while M$ installed 3 patches... (or were they malware?). When I checked, they appeared legit. Assuming they really were M$ patches, how many times before this has M$ stacked multiple fixes into a patch, millions of times! So I wonder if any of the fixes in these patches had a security aspect. I’ve seen this canned ‘announcement’ dozens of times now. I just wish M$ (and all of their unpaid propagandists) would tell the whole truth. Sure they did not issue any official ’security’ patches. So imagine my surprise when on that Tuesday I rebooted my machine and had to wait while M$ installed 3 patches… (or were they malware?). When I checked, they appeared legit. Assuming they really were M$ patches, how many times before this has M$ stacked multiple fixes into a patch, millions of times! So I wonder if any of the fixes in these patches had a security aspect.

]]> http://blog.didierstevens.com/2007/03/09/no-microsoft-security-bulletins-for-march-2007/#comment-728 No Microsoft security patches for March at Security Samizdat Fri, 09 Mar 2007 09:35:54 +0000 http://didierstevens.wordpress.com/2007/03/09/no-microsoft-security-bulletins-for-march-2007/#comment-728 [...] Didier Stevens wonders if any zero-day exploit will be released this week: It will be interesting to see if new zero-days will appear in the coming days. We often see new zero-days just after patch Tuesday. There’s a theory that states that exploit writers do this to maximize the life-time of the exploit. If this theory is correct, we should already see new zero-days appearing between now and Tuesday, because exploit writers won’t have to wait for Tuesday to maximize the life-time of the exploits. [...] [...] Didier Stevens wonders if any zero-day exploit will be released this week: It will be interesting to see if new zero-days will appear in the coming days. We often see new zero-days just after patch Tuesday. There’s a theory that states that exploit writers do this to maximize the life-time of the exploit. If this theory is correct, we should already see new zero-days appearing between now and Tuesday, because exploit writers won’t have to wait for Tuesday to maximize the life-time of the exploits. [...]

]]>