Steady Uptime for Microsoft, Symantec in Delivering Critical Updates

The software updating sites for Microsoft and Symantec have performed smoothly over the past week in delivering critical security updates to millions of users. The updates were notable for the number of products and users affected, and the serious risks faced by unpatched systems, including remote exploits. Thus, while we highlight a non-outage, it's hardly a non-event.

Microsoft announced 13 separate security fixes in its monthly update on Tuesday. After exploit code was published for a security hole in MSN Messenger, Microsoft began forcing users to update their software in order to use the popular instant messaging service.

A similar release of 12 updates last April led to significant performance problems for Microsoft's Windows Update, prompting Microsoft to add resources to the download site. This month the site has been highly available throughout. Dynamically updating charts of Windows Update's performance are available here.

Meanwhile, security vendor ISS found a flaw in Symantec's AntiVirus library, which is implemented in more than 60 versions of the company's products in use on desktop, server, and gateway systems. The hole could allow a remote attacker to execute code using a flaw in Symantec code handling UPX, a file compression format commonly used by hackers. "Stop reading and go patch now," the Internet Storm Center advised readers. If they did, Symantec's LiveUpdate site was widely available. A dynamically updating graph of LiveUpdate's performance is available here.