MS Patch Tuesday and Skype outage – why things didn’t match
In the situation when Skype’s explanation written on 20th Aug, Microsoft’s response written on Monday too and Skype’s clarification written today, 21th Aug exist it’s time to share word with a short summary:
Why the security community reacted like it reacted?
1. Microsoft has released monthly security updates since January 2004
2. There was three critical MS patches in July, and four critical in June
3. Only four August critical patches included a mandatory reboot
4. Critical patch (MS07-044) for code execution issue in Excel needs no reboot
5. Critical patch (MS07-050) for VML needs reboot only if files in use
6. SecurityLab.ru released public Skype Network Remote DoS Exploit on 17th Aug
7. There was new Skype for Windows version 184.108.40.206 out on 17th Aug
8. A lot of home users go to Microsoft Update on Tuesday, not on Thursday…
Do we need more reasons? No. Boys and girls at Skype, please share information that you are aware of public PoC, what the new bugfix release fixes etc.
But the good news: Villu Arak of Skype states that their “bug has been squashed.” And
The parameters of the P2P network have been tuned to be smarter…
Fine, because there are Black Tuesday patches in the future too!