Microsoft security updates block security updates

Lo sapevo che prima o poi ci sarebbero riusciti (ovviamente con una patch che non c’entra nulla con la sicurezza):

Apparently, a revised version of Service Pack 1 for Microsoft Office 2003 causes an error in patch management. Microsoft describes workarounds for the problem in its security advisory. The vendor says it will provide a proper patch as soon as its analysis has been completed. Microsoft adds that the matter is not related to the patch blockade recently caused by System Center Configuration Manager (SSCM).

Conclusions

Collectively, our “Verizon Business 2008 Data Breach Investigations Report”, along with our earlier studies, suggests that getting the right mix of countermeasures in an enterprise is far from simple. Rather than “do more,” all three studies seem to suggest that we should “work smarter.” The Sasser study shows that in some cases working harder seems to not only consume significant resources, but is also sometimes counterproductive. Unfortunately, precious few of us have the data or risk models available to show us exactly how to focus our limited time and resources.

A control like patching, which has very simple and predictable behavior when used on individual computers, (i.e., home computers) seems to have more complex control effectiveness behavior when used in a community of computers (as in our enterprises).

Communities behave differently than individuals.

This reminds me of the differences between individual medicine and community health. After all, you can effectively treat an individual with cholera with a mixture of salt and sugar water, but putting salt and sugar in the drinking water does nothing to reduce cholera in the community.

Verizon Business Security Blog » Blog Archive » Patching Conundrum

In the information age, we all have a data shadow.
Schneier on Security: Our Data, Ourselves