Microsoft criticized for silent patches

Some security researchers took issue last week with little-documented changes made by Microsoft to Windows in the last batch of security updates, but the software giant responded in a blog posting on Saturday that sometimes less information means better security.

The criticism focused on two issues in Microsoft's security bulletin documenting the changes to Windows systems by a patch released last Tuesday. The advisory stated that the vulnerability being fixed was privately reported but that a "variation" of the flaw had been publicly disclosed in May 2004. Microsoft should have stated that the original vulnerability--more than 700 days old--had been fixed as well as a more recent, privately disclosed flaw, vulnerability researcher Matthew Murphy stated in a blog post. Microsoft criticized for silent patches

Linked by shanmuga Monday, 17th April 2006 11:53PM