Friday, March 9, 2007

Light at the End of the Tunnel?

...or do I hear a train coming?

Microsoft has announced (http://www.microsoft.com/technet/security/bulletin/advance.mspx) that there will be no Black Tuesday (no security patches) this month. Have we finally turned the tide? I think not.

SANS Internet Storm Center keeps a list of knows security vulnerabilities that are not patched "The missing Microsoft patches." (http://isc.sans.org/diary.html?storyid=1940&dshield=5dcab42dbdd98865096b12b60165295c) So if it was a light month why not catch up on unpatched vulnerabilities before another one becomes critical?

In my opinion Microsoft is giving battered IT workers a break due to their Daylight Savings Time (DST) patch requirements. The new US DST starts this weekend (three weeks earlier than previously).

The real problem is the herculean tasks required to up grade all but the latest Microsoft products (Windows XP, 2003 Server and Exchange 2007). As an example Windows 2000 requires manual registry settings, but that is not as bad as Exchange.

For any version prior to Exchange 2007, and how many ran out and updated to that yet? Microsoft supplies utilities that must be run against every Exchange users mailbox. Now these utilities are resource intensive and have been causing total outages on Exchange while running the utility at worst, and apparently intermittent outages on some servers.

While I don't claim to have insider information on all the companies running Exchange what I have seen and heard all point to companies scrambling this week to be prepared for the time change.

You might think shame on the companies for waiting for the last minute, but on the other hand think about:
  • Lean and mean IT departments
  • Microsoft must be coming out with a less painful method...
Right now I don't know if I condone or condemn Microsoft's actions, But I do think in a perfect world a better course of action would have been to delay Black Tuesday by a week.

4 comments:

tralfaz said...

Microsoft must have known about this back in 2005 when Congress decided to screw up our lives with this change. It seems our all mighty Operating System provider should have made patches for this a long long time ago. Scrambling now only means they were not prepared, and now we all suffer with less updates from Redmond.

Ed said...

Right. It's not a bad ms. I only hear people explain why ms does or does not do something as because of some bad mean ugly attribution to the big boy.

Why so much ms hate? Is it just the norm in-crowd thing to do? Can't we all just get along? :)

My macbook didn't cough or giggle on the dst change. It just worked.

My tivo series2 , on the other hand, changed time hours before the official 2am marker. Was that my tivo provider, or my cable provider? I really think my cable provider does everything in its power to make my tivo look bad. And doesn't the time on the tivo come from the cable signal?

What happened to all my programs like SNL?

waaaaaa. Damn Comcast mfs.

Leonard said...

Ed,

It depends on what the Tivo uses for time sync. It could be calling home to Tivo, getting it from Comcast or an internet (NTP) time server. All it takes is one person or system to glitch.

Leonard said...

BTW I don't hate or even dislike MS. I'm not above stating my complaints about what they do.

IMHO the requirements to update Exchange where tortuous on the IT community and on the Exchange users.

What is a company to do when they have hundreds or thousands of users on their beefy server?

I never did see anything explaining what happened when an updated Exchange user sent a meeting notice to an updated Exchange user.

I do know many users that received old meeting notices again, and if they deleted the, call it the resent notice, to avoid confusion it deleted the meeting from the calendar. If it was a repeating meeting that was changed the users ended up with old information in the calendar entry.