Sept Patch Day

Tuesday was Microsoft patching day and this one left me scratching my head more than most. Maybe its my own fault for reading ntbugtraq and the babble of the tech writers. This jpeg patch seems tougher to decipher than the riddle of the sphinx. First you’ve got windows update that just gives you a tool to see if you have the file. Then you’ve got different Microsoft versions of the patch. At least that’s what it sounds like. You dont need a patch if you have Microsoft Office 2003 SP1, but if you haven’t applied that service patch then you need a patch. And there is an IE patch. Or is that the same thing. Then the file in question is used in other MS apps that MBSA doesn’t detect. Then you’ve got other applications that introduce their own vulnerable version of the file. And of course you’ve got a denial of service exploit already on the market. What a patching nightmare