Patching on the Rise at Microsoft


Microsoft recently admitted that it had released more patches during the second half of 2008 than it had in the beginning of the year. No surprise here, and we certainly didn't need Microsoft to tell us this. We could have looked at the history of its patches. What is surprising, in a weird kind of way, is the fact that Microsoft admitted it, which is something you don't see the software giant do all that often. Now let's look at the facts:


  • Microsoft fixed 67 percent more flaws in the second half of 2008 than in the first half.
  • It released 17 percent more security updates.
  • It patched 97 vulnerabilities in 42 separate security updates, compared to 2007 in which it patched 58 vulnerabilities in 36 updates.
  • During the second quarter, it released several multi-patches including:
    • MS08-052 - a five-patch update
    • MS08-058 - a six-patch update
    • MS08-072 - an eight-patch update
    • MS08-073 - a four-patch update


It would be easy for me to take a shot at Microsoft. However, I am not going to. I don't see how that would help anything. What I am going to do is offer advice. I don't pretend to know the first thing about running a software company, but as a user and security professional, I can offer my two cents to improve security and reliability:


  1. Don't redesign Windows again. We were all used to where things were and you moved them. Less frequent updates should equal less frequent patching.
  2. Don't redesign MS-Office again. See above.
  3. Remove all of the unused functions; they just take up space and cause vulnerabilities.
  4. Design with security in mind, not as an afterthought.
  5. Improve the graphics manipulation capability in MS-Word (my pet peeve).
  6. Why is the code for Windows so large? Code bloat.
  7. Cut down on the versions of Windows. It's too confusing.
  8. Microsoft has never provided a decent backup facility for Windows. Now is the time.


I truncated my list for brevity. My point here is that a good deal of Microsoft's problems come from the fact that it keeps changing rather than improving. Windows has been out since the 1980's. That means that Microsoft has over 25 years of experience with this product. You think it would have the bugs worked out by now? What do you think Microsoft could do to reduce the number of patches it releases?