Following a series of rapid hacking incidents exploiting security vulnerabilities in Internet Explorer and customer dissatisfaction over delays in releasing patches, Microsoft is currently seeking a new approach to provide faster security updates.
Hackers have begun spreading malicious code that exploits the latest security flaws in Internet Explorer since last weekend, and to date, hundreds of malicious websites containing this exploit code have emerged.
Meanwhile, Microsoft is still in the process of developing a patch, which is expected to be released on April 11. However, experts believe that Microsoft has been too sluggish in responding to serious security threats.
Todd Towles, a security consultant, stated that Microsoft has a practice of “holding” security patches to release them simultaneously with its monthly security updates. This could be detrimental to users, as they would lack a protective barrier, especially home users.
Microsoft is now looking for a new direction to provide faster patches, although the company has not yet issued any experimental security updates. Stephen Toulouse, a security program director at Microsoft, remarked, “We will face many challenges.”
The first challenge is quality control. Microsoft must ensure that every security update is compatible with various systems.
The idea of releasing unsupported software is not unfamiliar to Microsoft. The software developer has released many trial versions of its applications for testers over the years. In recent months, Microsoft has become more transparent and agile in providing information about upcoming products.
However, the careful testing process is still only maintained for commercial software. This process is not suitable for security patches. If Microsoft releases a patch for an unknown vulnerability, that very patch could serve as a tool for hackers to discover weaknesses and launch attacks.
Regardless of what changes Microsoft considers, the sluggishness in releasing updates has already created a significant gap. However, third-party companies have managed to fill this void.
With the new security flaw in Internet Explorer, two security firms have already provided temporary patches to protect users before the official patch is released.
