Patch Tavis Day

Filed Under: Malware, Microsoft, Podcast, Vulnerability

Yesterday was Patch Tuesday, or as I like to call it (hopefully for the last time) "Patch Tavis Day".

Amongst the other vulnerabilities that Microsoft published in its regular round-up of security patches was a fix for the zero day vulnerability found by Tavis Ormandy in Windows XP's Help and Support Center.

Windows XP's Help Support Center

In my opinion, Ormandy irresponsibly disclosed the vulnerability before Microsoft had a chance to fix the problem, making it easy for cybercriminals to exploit the flaw and infect innocent users.

The good news is that now Microsoft has now issued a fix for the problem. But I bet they (and countless other internet users and industry observers) wish that the first that they had heard of this problem was when the patch was rolled-out, rather than when Ormandy acted petulantly.

Find out about all of the latest Microsoft security updates from their website, and roll out the patches as soon as possible.

Sophos blogger Chet Wisniewski discussed Patch Tuesday and the Tavis Ormandy controversy in the latest edition of the "Sophos Chet Chat" podcast.

Chet's podcasts make a great listen each week if you have an interest in computer security, so if you haven't already done so subscribe to them via via RSS or iTunes.

An archive of older shows is also available.

, ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley