I've been writing about PCs for more than 20 years. So you'd think I'd have this technical stuff down pat. But as I research Microsoft security flaws month after month, I often scratch my head trying to figure out what the company's bulletins really mean.
Microsoft offers you two ways to learn about each newly discovered security flaw through its bulletin summaries: You can read the end-user version or the technical version. (Microsoft recently reorganized the way that it presents patch information; see last month's Bugs and Fixes for details.) Unfortunately, the consumer bulletins tend to be so dumbed-down that their explanations are virtually useless. Conversely, the technical bulletins are unduly complex in some places and intentionally vague in others. Microsoft says it doesn't want to reveal any information that will help the bad guys create trouble.
For an example of a Microsoft consumer bulletin, head to Microsoft TechNet, select one of the summary links, and click the End User version link. The insight that these bulletins provide amounts to: "Product Y has a flaw; click here to fix."
To plunge into the full technical spiel, click the Get More Technical Details link. On the separate page that appears, click the plus sign beside Technical Details for the nitty-gritty. These bulletins tend to use language that only a Microsoft programmer could love. Heck, even some of the titles are obscure: Just try getting your head around 'Heap Algorithm Update for Atypically Large Heap Requests'.
So how about it, Microsoft? We would like to hear about the major technical issues in language that we can understand, even though we don't write code for a living.
My advice to readers is to use Windows Update to select the critical updates you need to install. Ignore the end-user bulletins, and scan the technical details to learn whether your machine is vulnerable.
For more helpful descriptions of the most serious Windows flaws, pay a visit to CERT, EEye Digital Security, Grey Magic Software, and the SANS Institute. And find out the latest on Windows and Office holes by consulting Woody's Watch.