>Again, the message is M$ should fix their software. Trying to automate >the patch cycle without the permission of the user is and still does not >solve the initial problem.
Good point, but my emphasis was on people obtaining the patches in the first place. While yes, they might be unreliable, they at least cover the publicized exploit. When was the last time that a worm was extensively spread via an undocumented hole, or even a hole that was documented and never patched? MS is good about fixing what it finds. Whether or not those fixes cause further issues which require patching is a separate issue. As long as the patch is ahead of the virus, where does the accountability really fall? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
