What is Patch Tuesday?
Excellent explanation of Patch Tuesday by TMI Engineering
Patch Tuesday is the second Tuesday of each month, the day on which Microsoft releases security patches.
Starting with Windows 98, Microsoft included a “Windows Update” system, that would check for patches to Windows and its components which Microsoft would release intermittently. With the release of Microsoft Update, this system also checks for updates to other Microsoft products, including Office, Visual Studio, SQL Server, and other.
Patch deployment costs
The Windows Update system suffered from two problems, affecting opposite ends of the users scale. On the one hand, less experienced users were not aware of it, and did not run it. Microsoft’s solution was to introduce the concept of “Automatic Update”, which would pro-actively inform the user that an update was available for their system.
The second problem affected large deployments of Windows, such as can be found at large companies. Such large deployments found it increasingly difficult to make sure all systems across the company were all up to date. The problem was made worse by the fact that, occasionally, a patch issued by Microsoft would break existing functionality, and would have to be uninstalled.
In order to reduce the costs related to the deployment of patches, Microsoft introduced the concept of Patch Tuesday. The idea is that security patches are accumulated over a period of one month, and then dispatched all at once on an anticipated date which system administrators can prepare for. This date was set not too close to the beginning of the week, and yet far enough from the end of the week to allow any problems that may arise to be resolved before the weekend. System administrators can mark the second Tuesday of the month as the “day in which machines are updated”, and plan accordingly. The name “Patch Tuesday” has been in use since the third quarter of 2004. It is becoming synonymous for the day any software vendor issues a vulnerability patch. Some editors/analysts talk about “Exploit Wednesday” as the day after, or even “Day Zero” immediately following the update, when hackers can launch attacks against the newly announced vulnerabilities
Security implications of Patch Tuesday
The most obvious security implication is that security problems that have a solution are withheld from the public for a period of up to a month. Implicitly, this policy assumes that most attacks use information reverse engineered from the security patches that fix the vulnerability, rather than true “Zero day attack” exploits. It is unknown to what extent this assumption is true.
In the past, there were some cases where either vulnerability information or actual worms were released to the public a day or two before patch Tuesday. This does not leave Microsoft enough time to incorporate a fix for said vulnerabilities, and thus, theoretically, leave a one month window for attackers or the worm to exploit the hole, before a patch is available to formally fix it. This phenomenon is unrelated to Exploit Wednesday.
Exploit Wednesday
Many exploits are seen shortly after the release of a patch. By analyzing the patch, exploit developers can more easily figure out how to exploit the underlying vulnerability. Therefore the term “Exploit Wednesday” was coined. Also, starting to abuse an exploit on this day gives malicious code writers the longest period of time before a fix is supplied to users. Malware authors can sit on a new exploit until after a given patch Tuesday, knowing that there will be an entire month before Microsoft releases any patch to fix it.
Other consequences
Immediately following Patch Tuesday, millions of computers are rebooted within a short period of time. This causes an exceptional strain on other internet companies. For example, in August 2007, Skype experienced a two-day outage following Patch Tuesday.
For more information see…
* Microsoft: Bullitens & Advisories
* Microsoft Support Website
* Microsoft Windows Update
From : Wikipedia
Source: http://blog.tmiva.com/2008/03/what-is-patch-tuesday.html
Google’s Android Targeted by Malware
Security experts at Kaspersky Lab stated they have discovered a malware application that targets the Google Android mobile operating system in Russia. The malware named “Trojan-SMS.AndroidOS.FakePlayer.a” is the first of its kind specifically implement to target the Android mobile OS according to the researchers at Kaspersky Lab.
The malware hides as a media-player called “Movie Player”, and when installed it begins to send text messages to a premium rate number without the knowledge of the Android-base device owner.
Even though initial cases are in Russia, Android-based users all over should be aware of the matter and be vigilant when downloading applications to their mobile device.
SecurityOrb.com has five key recommendations for Android-based cell-phone users:
- Pay close attention to the services that an application requests access to when it is being installed.
- Check the permissions of your apps and revoke unnecessary access to remote locations and SMS request.
- Install apps from trusted companies and sources ONLY.
- Set Android-based device to only download applications that are in the Android Market
- Research, read and/or review before installing apps
Attend 15th Annual Hacker Halted Information Security Event and Get a Free iPad
Make plans now to attend the fifteenth annual Hacker Halted information security event – October 9-15 in Miami. The format includes a 4-day training Academy, followed by a 2-day conference on October 13-14 and 1-day of free Training (October 15) for all registrants. The two-day Conference features a comprehensive program presented in three tracks.
Register for the 2-day conference by August 31 and receive a FREE iPad onsite. No tricks or anything else to purchase.
Readers of this message may also receive a $100 discount off the 2-day conference fees – pay just $1,199 instead of $1,299 which includes the free iPad – by registering with the code HHQZM3 on the electronic registration page at www.hackerhalted.com You MUST register by August 31 when this offer and discount code will expire.
Jailbreaking Apple’s Mobile iProducts Get Easier
As the popularity of the small Apple products (iPhone, iPad, iTouch) take off, they are drawing the attention of hackers. Some hackers just want to access the OS so they can remove roadblocks for application customization and to add unauthorized tools and programs, while others might want to do damage or steal your information.
The two different groups of hackers have different motives but both look to do the same thing and that is get access at the core of the mobile devices and makes the system do more. This type of hacking is called “jailbreaking” or “jailbreak”, which basically replaces the operating system on your device with an “enhanced” version, which may allow you to download additional programs, get more customization on your device or add more functionality.
Last week the website “jailbreakme’dot’com” publicly announced that they can do a website based jailbreak of your device. That is all and well for those that want to jailbreak their device (may be harmful to your device), but it was recently discovered that you could jailbreak someone else’s device, remotely, yes remotely. This as you can imagine, has caused a stir among users of these devices. Apple has said they have created a patch for the issue, but there is no present release date at this time.
Custom Lightbox!
Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
SecurityOrb Live Stream on The Tech Talk Show 1450 WOL
Listen to me live tonight on TheTechTalkShow @ 7:00pm on WOL-AM 1450 (DC) or listen online @ http://bit.ly/xCG7d #Security, #Technology
