Development of a Hotfix

Previous page
Table of content
Next page

Development of a Hotfix

Once product support or the MSRC identifies the need for a hotfix, the development process begins. This process differs between operating systems and applications, but the same general method is used:

  1. The vulnerability identified by MSRC or the bug identified by product support is escalated to the Microsoft sustained engineering team.

  2. The sustained engineering team investigates the bug and assigns it to a developer. The developer might be on the sustained engineering team or might be the core team developer responsible for the OS or application component.

  3. The developer creates an initial hotfix. This hotfix addresses the vulnerability or bug but does not undergo testing other than that performed by the developer. This version of the hotfix is referred to as a private.

  4. The private is sent to the customer who reported the problem to MSRC or to product support. The customer deploys the private to determine whether it corrects the problem.

  5. If the customer reports that the bug is fixed, the sustained engineering team registers the bug against the next version of the OS or application. This ensures that the next release does not include the same bug.

  6. The private is provided to the core team developer responsible for the OS or application component affected by the vulnerability. The developer reviews the hotfix to ensure no other issues exist.

  7. When the developer completes her analysis, the hotfix is submitted to the build lab, which creates the hotfix and runs it through several build verification tests.

  8. The hotfix is then passed through testers. The testers ensure that the hotfix works as expected. Because of time constraints, testing is not as extensive as the testing performed on service packs.

  9. Localization teams review the hotfix to determine whether localized versions are required for different language versions of the OS or application. If required, localized versions are developed.

  10. The completed hotfix is released to customers. If the hotfix is deemed a security update, Microsoft releases a related security bulletin that applies a vulnerability rating and provides further descriptions of the vulnerability.


Previous page
Table of content
Next page
Microsoft Windows Security Resource Kit
Microsoft Windows Security Resource Kit
ISBN: 0735621748
EAN: 2147483647
Year: 2003
Pages: 189
Authors: Ben Smith, Brian Komar
BUY ON AMAZON
ADO.NET 3.5 Cookbook (Cookbooks (OReilly))
Inside Network Security Assessment: Guarding Your IT Infrastructure
The Java Tutorial: A Short Course on the Basics, 4th Edition
Junos Cookbook (Cookbooks (OReilly))
MPLS Configuration on Cisco IOS Software
GDI+ Programming with C#
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy