MSFT quicker to patch DRM than security vulnerabilities

Bruce Schneier points out that Microsoft has re-classified "security patch" to include patches to Windows DRM. This is a big problem — best practice for Windows users is to run those critical patches that MSFT ships out on the first Tuesday of every month ("patch Tuesday") to ensure that your computer isn't compromised.

But running the latest Microsoft patch — which was hustled out the door well ahead of patch Tuesday — actually took away functionality from your machine, by breaking a program called FairUse4WM, which let you export your Windows Media files to competitors' formats.

Now, this isn't a "vulnerability" in the normal sense of the word: digital rights management is not a feature that users want. Being able to remove copy protection is a good thing for some users, and completely irrelevant for everyone else. No user is ever going to say: "Oh no. I can now play the music I bought for my computer in my car. I must install a patch so I can't do that anymore."

But to Microsoft, this vulnerability is a big deal. It affects the company's relationship with major record labels. It affects the company's product offerings. It affects the company's bottom line. Fixing this "vulnerability" is in the company's best interest; never mind the customer.

So Microsoft wasted no time; it issued a patch three days after learning about the hack. There's no month-long wait for copyright holders who rely on Microsoft's DRM.