Early Saturday morning (01:00 Jul 31st) Microsoft released Microsoft Security Bulletin Summary for July 2004 – this was an unscheduled release, as predicted, to patch three vulnerabilities rated “critical” that could result in an attacker executing code in the context of a logged-on user.
Then, 13:00 on August 1st, Microsoft re-released the update saying it “has undergone a major revision increment”. Microsoft went on to say “Microsoft was made aware that the update provided for Windows XP customers running the new version of Windows Update, Windows Update Version 5, did not contain the final release code for the vulnerabilities addressed in the security bulletin”.
Microsoft was made aware? Is this not Microsoft’s own code? Patching is an arduous enough process without re-releasing patches. It’s no wonder people are considering moving to Open Source alternatives.