Patch Tavis Day

Yesterday was Patch Tuesday, or as I like to call it (hopefully for the last time) “Patch Tavis Day”.

Amongst the other vulnerabilities that Microsoft published in its regular round-up of security patches was a fix for the zero day vulnerability found by Tavis Ormandy in Windows XP’s Help and Support Center.

Windows XP's Help Support Center

In my opinion, Ormandy irresponsibly disclosed the vulnerability before Microsoft had a chance to fix the problem, making it easy for cybercriminals to exploit the flaw and infect innocent users.

The good news is that now Microsoft has now issued a fix for the problem. But I bet they (and countless other internet users and industry observers) wish that the first that they had heard of this problem was when the patch was rolled-out, rather than when Ormandy acted petulantly.

Find out about all of the latest Microsoft security updates from their website, and roll out the patches as soon as possible.

Sophos blogger Chet Wisniewski discussed Patch Tuesday and the Tavis Ormandy controversy in the latest edition of the “Sophos Chet Chat” podcast.

Chet’s podcasts make a great listen each week if you have an interest in computer security, so if you haven’t already done so subscribe to them via via RSS or iTunes.

An archive of older shows is also available.