Technology

Security and patch management: the Cigref curls again Microsoft

Cigref, a computer club of large French companies that represents more than 148 companies in France, returns to the topic of security patch management, and this time with reinforcements. In a joint press release, Cigref joins three associations representing CIOs in other European countries: Beltug in Belgium, CIO Platform Nederland in the Netherlands, and Voice CIO in Germany.

All four organizations are attacking the practices of software publishers, and Microsoft in particular, taking advantage of the Windows 11 release to assert their grievances: “On the one hand, while Microsoft is widely communicating its sustainability commitments, life The cycle of its products and services causes an implacable logic of programmed obsolescence of perfectly functional equipment stocks. On the other hand, Microsoft, like many other publishers, relies solely on users to manage vulnerabilities in its products and services, “summarize the authors of the press release.

For greater durability in the software

Regarding the logic of “planned obsolescence”, the associations have particularly in view the necessary prerequisites for the installation of Windows 11, namely, the need to have a TPM 2.0 chip and 4 GB of RAM memory to be able to wait. Migrate your devices to the latest version of Windows. For Cigref and its associates, this policy aims above all at guaranteeing Microsoft “a mechanical growth in its billing”, with users being obliged to renew part of their computer park in order to be able to make the switch to Windows 11. An annoying limitation for a user personal, but it becomes a real headache for CIOs who have to manage computer parks with thousands of workstations under Windows. Furthermore, Cigref and his allies regret the scheduled end of software support, which weighs a sword of Damocles on companies that will be deprived of security updates. For example, end of support for Windows 10 is scheduled for October 2025.

The second point that concerns organizations behind the press release is related to patch management by Microsoft. The signers of the press release demand that the software industry be subject to quality requirements and caution that the effort required to apply security patches represents a considerable effort for companies using these solutions. As an example, the press release cites a company of 150,000 employees that must mobilize the equivalent of fifteen full-time positions a year for patch management, that is, an average expense of one million dollars. Euros per year. The authors of the press release recall the example of corrective patches for the PrintNightmare vulnerabilities, a series of vulnerabilities discovered in the print spooler of Microsoft operating systems during the summer, which took 300 man-days to correct for the department of Enterprise IT. This series of flaws has given Microsoft a bad time, which has multiplied patches and solutions over the summer in order to solve all the vulnerabilities discovered by researchers, sometimes causing some confusion to the accused administrators. To ensure the safety of the equipment. Park.

A long war

This is not the first time that Cigref has expressed its demands against software providers: the association had already raised the alarm on these issues in November 2020, this time taking the wave, for example. Ransomware attacks against French companies, in order to ask publishers for better security guarantees for their products.

Among the proposals to solve the problem, the associations ask Microsoft to guarantee “the maintenance of support services and security patches in its software without a time limit, in exchange for a reasonable economic effort for the customer”, and to disassociate the functional updates of security updates, measures in particular carried by a bill currently examined by Parliament and supported by Cigref. Cigref also offers to open to third parties the possibility to continue providing IT support when the publisher decides to stop providing it. Finally, the associations also ask Microsoft to share in the additional costs generated by its security policy.

Woodmart Theme Nulled, WP Reset Pro, Newspaper 11.2, Newspaper – News & WooCommerce WordPress Theme, Premium Addons for Elementor, Rank Math Seo Pro Weadown, WeaPlay, WordPress Theme, Plugins, PHP Script, Jannah Nulled, Elementor Pro Weadown, Woocommerce Custom Product Ad, Business Consulting Nulled, Jnews 8.1.0 Nulled, Avada 7.4 Nulled, Nulledfire, Dokan Pro Nulled, Yoast Nulled, Flatsome Nulled, PW WooCommerce Gift Cards Pro Nulled, Astra Pro Nulled, Woodmart Theme Nulled, Slider Revolution Nulled, Wordfence Premium Nulled, Elementor Pro Weadown, Wpml Nulled, Consulting 6.1.4 Nulled, Fs Poster Plugin Nulled

Back to top button