LightningCrash
2[H]4U
- Joined
- Dec 29, 2000
- Messages
- 2,470
But it hasn't passed QA. As much as people like to bash Microsoft for not listening to customers, Patch Tuesday was basically what IT customers wanted, a consistent schedule to receive patches. If the issue is severe enough, Microsoft does from time to time do out of band patch releases.
But the question is about when it has passed QA.
In the case of missing a CPU in Oracle a bug could push a disclosure to patch timeline out over 100 days.
What really defines due care in these situations?
If the threat's not big enough for out of band patches... it wouldn't matter if Google had released it or if it had been discovered exploited in the wild via CryptoWaller 3.7, Microsoft would be running the same long procedure.