Windows Security Exploits


The W32.Blaster worm that struck last week infected millions of computers and caused a lot of IT shops to drop everything to repair the damage. I've talked to the heads of several large IT shops and most of them were affected in significant ways. The ones who weren't had installed the patch from Microsoft before the worm struck. I've written about the problems with too many patches in the past and this just highlights it. An article in ComputerWorld gives a slightly different twist to the problem.

One thing companies ought to pay particular attention to in this last episode is the short amount of time between when the vulnerability was announced and when the worm appeared. Most companies assume they have some time to apply patches and many are afraid to do so automatically. There was less than one month between the announcement of the vulnerability and the appearance of the worm exploiting it. As this time shortens, companies will have to be better and better at applying patches and be willing to do automatic updates. Even the best run IT shops find this to be a challenge. Organizations with a disorganized desktop management strategy will find that they are spending all their time managing desktops---reacting to problems rather than solving them.