Search Ask Leo!:

YouTube - Facebook - Twitter - Discord - About

Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

How fast can Microsoft fix a bug?

by

Was Microsoft’s WMF Exploit response fast enough?

Become a Patron of Ask Leo! and go ad-free!


Transcript

I’m sure you’re tired of hearing it, so I’ll only say it once: if you
haven’t installed the official Microsoft patch for the WMF Exploit, go do it
now. I’ve got links in the show notes.

The sequence of events surrounding the WMF exploit is actually pretty
interesting. A big bad bug is found and publicized, and while Microsoft is
testing their official fix for the problem, several rogue patches are released,
the tech press even starts to recommend that those rogue patches be used, and
finally the mainstream press starts to apply pressure for it to be released as
soon as possible. After about a week or so of public vulnerability, Microsoft
engages and does exactly that, releasing the WMF patch roughly four days ahead
of schedule.

Should it have been released even earlier?

There’s a huge risk when a situation becomes so serious that unofficial
patches and workarounds become recommended solutions. In this case I’ve not
heard of any problems, but the opportunity for error, or even maliciousness, is
huge. Getting the official fix for such a public, high profile error, has to
happen quickly.

Now I know some people consider me a Microsoft apologist because I worked
there for many years, but I really do understand Microsoft’s side of the
situation as well. Windows is an incredibly complex piece of software, and the
test matrix – the sequence of scenarios, applications and hardware
configurations that changes must be tested against – is massive. More massive,
I expect, than most people realize. And the cost of “getting it wrong” can be
very high. A high priority fix produced and released under high visibility at
high speed can’t be allowed to meet anything other than the highest quality
bar. And yes, there is a release process – a bureaucracy even – in place to
make sure that happens.

But is it fast enough?

It might be time for Microsoft to get creative. Perhaps by releasing a
provisionally approved patch when the situation is serious enough. Yes, that
might require fixing the fix, should problems become evident and the
possibility of handling that would have to be part of the plan.

It boils down to some serious risk analysis on Microsoft’s part. Is it
better to allow a known exploit to remain in the wild, where it, or rogue
patches potentially damage customers machines, or would it be better to
-release a not-quite-fully-cooked solution quickly that could be further
updated as needs warrant?

I know what I, as a user, would vote for.

I’d love to hear what you think. Visit askleo.info, and enter 9679 in the go to article number box. Leave a comment, I read them all. And while you’re there: sign up for my free weekly newsletter.

This is a presentation of askleo.info, a free on-line technical question and answer service. Hundreds of questions and answers are online and ready to help solve your computer problems.

That’s askleo.info.

Subscribe to Confident Computing! Tech problem solving & safety tips with a weekly confidence boost in your inbox every week.

I'll see you there!

10 Reasons Your Computer is Slow

Slow Computer?

Speed up with my FREE special report: 10 Reasons Your Computer is Slow, now updated for Windows 10.

No strings. No email. Here's the direct download. (Just right-click and "Save As...".)

Related Posts

How do compromised signing certificates affect me? And how do I stay safe? - Https encryption and digital signatures used to validate some programs rely on an infrastructure of trusted signing authorities. Interesting things happen when one of those authorities is breeched, or makes a mistake.
Someone's Peeking! What’s an Exploit? - Industry experts use the term "exploit" in several ways, which makes warning messages pretty unclear. Stay safe by assuming the worst.
Should I be worried about this "WMF Exploit" that everyone's been talking about? - Yes, it’s serious. But, no, you don’t have to go through withdrawal. In an unprecedented move, Microsoft has released the patch for the problem ahead of schedule.
Why Didn’t Microsoft Fix the Bug I Care About? - Not all bugs will be fixed or be fixed quickly. Not all bugs are even actually bugs. I'll look at why some bugs might never get fixed - even those you consider important.

1 thought on “How fast can Microsoft fix a bug?”

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Additional information is available at https://askleo.com/creative-commons-license/.