On May 15, 2017, at 10:08 AM, J. Oquendo <joquendo@e-fensive.net> wrote:
Spot on. Shame on Microsoft for releasing patches and not forcing the installation versus letting security managers open up ISC^, and other nonsensical frameworks to do things like "change/patch management" tasks. I mean, who cares if one little patch knocks a business out of existence.
If Microsoft didn't open the security hole in the first place, then there wouldn't be a need to patch it afterwards. Of course, there will always be patches that need to be applied, and people do have to decide what is a sane patching process. But if a patch can be completely avoided because they were more careful and rigorous in their development to begin with, then as a whole the world would be better off.
I do believe Microsoft is directly responsible for making people such daft "To patch or not to patch" admins. Force feed patches on everyone! Then your next message will be: "I believe Microsoft is responsible for trillions of dollars by pushing out patches forcefully and negatively impacting businesses worldwide."
An ounce of prevention on their part would prevent a pound of cure having to be applied by everyone else in the world. But then Microsoft couldn't extract their value from selling that pound of cure, so that would be another problem.
Pain and anguish? I'm smiling and drinking coffee. I adore when security shenanigas occur. That is the sound of a cash register to me.
Not everyone licks their chops and thinks "fresh meat" when they see worldwide panic that results from a massive security hole like this. Some of us just want to get regular work done. -- Brad Knowles <brad@shub-internet.org>