|Home » Industry Watch
Zero Day Wednesday the 13th
Microsoft patch their software too. Ahem.
The Redmond software company rolled out another patch update this week. Other vendors do the same but they're rarely under the same pressure - or level of attack - as Microsoft.
Malicious code to exploit these new holes in Outlook Express, Windows Mail, and Windows itself has already been spotted in the wild. And more than half the holes in the six patches in this latest 'security update' are rated 'critical'.
The update was announced as always on the second Tuesday of the month: 'Patch Tuesday'.
The Big Diff!
But there's a big difference between what Microsoft do (or do not do) and what others do. Microsoft's software gets attacked all the time; software from other vendors does not.
And there's a reason for this: the so called 'ROI' - 'return on investment'.
The most often cited 'ROI' is the Microsoft demographic: the world is polluted with clueless Microsoft software users. And it's true: the world is (presently) polluted with clueless Microsoft software users. But that's not the end of it.
Programs like Outlook Express, Windows Mail, and Windows themselves offer a great 'ROI' because once the black hats break through their perimeters it's already 'game over': Microsoft have no inner barriers or defenses in their operating systems.
And that means that hacking Microsoft software is good not only because there are so many suckers almost literally begging for it but most importantly because it's so bloody easy to do.
Today more and more attacks are 'targeted' anyway: the black hats aren't going for fifteen minutes of fame anymore for creating a worldwide worm outbreak - they're going for money.
And no matter the demographic you simply can't make money trying to hack any software other than Microsoft's.
All of which is hardly news to most visitors to this site; but if you're a newcomer and you're still running Microsoft software and you have to admit you really don't have a clue - then do yourself a favour and get one.
Rixstep: FBI Target Windows
CNET: Zero-day Wednesdays
Radsoft: Zero Day Wednesday
Beware: Zero-day follows Patch Tuesday
ZDNet: Zero-day attacks continue to hit Microsoft
ZDNet UK: Microsoft besieged by zero-day attacks
eWEEK: Microsoft Issues Word Zero-Day Attack Alert