I read in Ryan Naraine’s Zero Day blog that hackers are using Microsoft Security Response Center pre-patch advisories to create exploits prior to the patch release.
Microsoft claims that keeping users informed (and yet not disclosing too much information) is a balancing act, and it’s obvious that they don’t always get it right.
As a VAR or consultant, you can help your customers prepare for patches with our Patch Management Project Guide, but how can you really protect them from pre-patch exploits?
The answer might be host-based intrusion prevention systems (HIPS) and network access control (NAC). See Kevin Fogarty’s Channel Marker blog post for one vendor’s take.
If the hackers have Microsoft’s number, you can make sure that’s all they have. We’ve got your circus high wire balancing pole on SearchSecurityChannel.com, so keep checking our network access control and network intrusion management topic centers for the latest news and advice for resellers.