IT directors have come back after the Christmas break to the first big security scare of the year - a flaw affecting all versions of Windows - raising concerns about how IT departments can cope with so-called "zero day attacks".
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
The first exploit code was acknowledged by Microsoft on 29 December, yet the official patch has only been made available today. And there have been reports of rogue websites and virus-infected e-mail exploiting the flaw, which can infect a PC when a user opens a .wmf image.
What makes this exploit interesting is that a third-party developer, Ilfak Guilfanov, produced a workaround which was independently verified by security body the Sans Institute. This workaround proved so popular on its release that Guilfanov's website, Hexblog.com, was temporarily suspended after being inundated with download requests.
The dilemma users face is whether they should apply a third-party workaround or wait for the official patch. Installing a third-party fix works well in the open source community, but how can you be sure it will work, and what indemnities do you have if something goes wrong?
The risk may be too great for many, outweighing the protection the workaround could provide. But waiting for the official patch leaves firms vulnerable.
When an exploit is in the wild, what is needed is some way for software companies such as Microsoft to work more closely with third-party developers to fast-track the approval of workarounds, giving users protection while the full patch is being developed.
The skills you need
The reality or size of the skills gap seems to vary according to who you talk to. Many IT professionals, especially older ones, could be excused for asking, "Skills gap? What skills gap?" when they find it hard to find a job despite excellent skills and experience.
On the other side of fence, some employers who find it hard to attract or retain the IT staff they need may be tempted by the siren call of outsourcing. Others, however, see developing the skills of in-house staff as the only route to long-term efficiency.
On page 18 we examine how skills management frameworks can help to make future needs and the path to meeting those needs visible and manageable.
And, of course, building effective teams is not simply about training. Motivating and retaining skilled staff is as much about corporate culture as about training and pay, as Computer Weekly's Best Places to Work Awards, whose shortlist we will announce next week, make clear.