FOSS Security Updates vs Microsoft Patch Day

Filed under
OSS
Security

It is almost that time again. The ritual of installing Microsoft patches released on the second Tuesday of each month to fix security problems with its operating systems and software. My company will be monitoring and installing these updates again for some of our local clients this week.

It is an ironic coincidence that I have received update notices from Mandriva for software installed on my Linux PC systems as well this weekend. These updates come regularly from the upstream developers through Mandriva to Mandriva end-users. These updates may be simple code fixes for bugs, upgrades to get new versions of software or security fixes to patch possible security problems. While looking at these today I thought it would be interesting to compare vulnerability wise what I am getting from Mandriva today with what Microsoft customers will be getting on Tuesday 14 September 2010.

First, to understand Microsoft’s vulnerability code words one must know the terminology Microsoft uses and what it means. This is found in this table borrowed from Microsoft:

complete story