Every month, like clockwork, Microsoft releases security bulletins and every month people ask me if it’s small or a big release. While the exact details of the patches are generally treated as news, the expected workload each month really shouldn’t be a guessing game because Microsoft’s patch releases are predictably cyclical.

I don’t have any special inside knowledge, and I can’t speak for Microsoft, but when I look at the publicly available information it’s pretty clear to me how the cycle works.

60 Day QA Cycle

A 30 to 60 day QA cycle on a Microsoft patch is typical, and it’s actually pretty easy to tell how many days a patch was probably in QA. If you are curious, download the patch manually and take a look at the date the file was digitally signed. This isn’t an absolutely accurate date because a patch could drop in and out of the QA process several times, but it’s a reasonable approximation.

Using this method I calculated the average dates for the Dec 2009 patches at 54 days, November 2009 patches at 36 days, and October 2009 at 45 days. It’s not too hard to jump from those numbers to an average 60 day cycle.

The best weapon against the online thieves, spies and vandals who threaten global business and security would be international regulation of cyberspace.

hey are cloaked by pseudonyms and multiple addresses, but China’s legions of hackers were thrust into the spotlight last week after Google said it suffered a sophisticated cyber-attack emanating from China.

Microsoft says a security flaw in its Internet Explorer browser played a role in the recent computer attacks against Google and at least 20 other companies.

Hackers have released an application designed to thwart a Microsoft-packaged forensic toolkit used by law enforcement agencies to examine a suspect’s hard drive during a raid.
The hacker tool, dubbed DECAF, is designed to counteract the Computer Online Forensic Evidence Extractor, aka COFEE. The latter is a suite of 150 bundled, off-the-shelf forensic tools that run [...]

NEW YORK (Reuters) – The U.S. Federal Bureau of Investigation is probing a computer hacking that targeted Citigroup Inc and resulted in the theft of tens of million of dollars, The Wall Street Journal said, citing U.S. government officials.
U.S.
Citigroup disputed the report and said customers had not lost money.
The cyber attack, believed to be linked [...]

TEL AVIV (Reuters) – Israel is using its civilian technological advances to enhance cyberwarfare capabilities, the senior Israeli spymaster said on Tuesday in a rare public disclosure about the secret program.
Using computer networks for espionage — by hacking into databases — or to carry out sabotage through so-called “malicious software” planted in sensitive control systems [...]

Here in the states, T-Mobile has been no stranger to screw-ups, but we’d always just figured that their UK counterparts were stand-up guys.
After all, they’re British – as we all know, every one from that side of the pond is charming, affable, and rocks a bloody good accent.
Unfortunately, it looks like [...]

WASHINGTON (AP) – Hackers are increasingly targeting law firms and public relations companies with a sophisticated e-mail scheme that breaks into their computer networks to steal sensitive data, often linked to large corporate clients doing business overseas.
The FBI has issued an advisory that warns companies of “noticeable increases” in efforts to [...]

ACTIVISTS say they have seized control of nearly 300 Facebook community groups in an effort to expose how vulnerable online reputations are to tampering.
An organisation called Control Your Info (CYI) has claimed credit for commandeering 289 Facebook Groups, saying it was simple to get into poorly protected administrative settings at the [...]