The “SSL Vulnerability” in critical security bulletin MS04-011 is different from the “PCT Vulnerability” in the same update, which allows a remote attacker to compromise unpatched systems running SSL. The MS04-011 critical update addresses 14 separate security issues, prompting criticism that the bundling of major fixes amounts to an effort by Microsoft to stage-manage security updates.
“I view the consolidation tactic as part of what I call Microsoft’s ‘security by PR,’ meaning public relations, strategy,” writes Jupiter Research analyst Joe Wilcox. “Certainly, Microsoft should be commended for warning customers of vulnerabilities and issuing the appropriate patches. But, I don’t think customers’ best interests, or even Microsoft’s, are served by apparently diminishing the overall security problem.”