Refer to 'Malaysia Technology News'
It goes that whenever Microsoft detected vulnerabilities, it will proceed to create security patches. However, just one day before the patches are to be released as Windows updates to for its products, such information is to be released for partners (Microsoft Active Protections Program partners) for them to patch up their own security products so that there will be no misunderstanding between security products and Microsoft products when the updates are in forced.
For instance, a vulnerability is detected by Microsoft internal security team on day 1. A patch is created and released out to end users on day 2. Hackers receive such information and proceed to create a threat based on the confirmed vulnerability. Hence for those PC which did not install the updates, it will be vulnerable to attacks. To make things worst, if security partners' products also didn't have enough time to deliver essential updates, the threat will not have been detected on day 2.
What this means that Microsoft own security team is core defense for its products. Partners' products may come handy to serve as safety net.
Nevertheless, having said that, it is also possible that partners are the ones who will identify the vulnerabilities before Microsoft find it by itself.
The lesson that we learned here is that hackers rely on insider's information in order to gain insight into potential vulnerabilities and often times, it is information communication leakage which give rise to such possibilities.
It goes that whenever Microsoft detected vulnerabilities, it will proceed to create security patches. However, just one day before the patches are to be released as Windows updates to for its products, such information is to be released for partners (Microsoft Active Protections Program partners) for them to patch up their own security products so that there will be no misunderstanding between security products and Microsoft products when the updates are in forced.
For instance, a vulnerability is detected by Microsoft internal security team on day 1. A patch is created and released out to end users on day 2. Hackers receive such information and proceed to create a threat based on the confirmed vulnerability. Hence for those PC which did not install the updates, it will be vulnerable to attacks. To make things worst, if security partners' products also didn't have enough time to deliver essential updates, the threat will not have been detected on day 2.
What this means that Microsoft own security team is core defense for its products. Partners' products may come handy to serve as safety net.
Nevertheless, having said that, it is also possible that partners are the ones who will identify the vulnerabilities before Microsoft find it by itself.
The lesson that we learned here is that hackers rely on insider's information in order to gain insight into potential vulnerabilities and often times, it is information communication leakage which give rise to such possibilities.
Comments