[Zirro]

I certainly understand what you are saying, but I must repeat the essence of my previous post. For something so critical, there should simply be too many safeguards for any test to make it through all the way to end users.

If a test update really did make it through, it would warrant significant questioning of the procedures at Microsoft. If a test could get through without being discovered, then so might malicious code.

[dpark]

It was a test update and there will undoubtedly be a review of this. http://www.zdnet.com/article/microsoft-accidentally-issued-a...

The fact that a test patch got to this stage doesn't mean the safeguards aren't in place or that malicious code could have slipped through, though. Assuming even basic competence, this test update could not have been signed, and if someone had managed to push malicious code, the same would be true, so it wouldn't have been installed onto target machines.

[jdmichal]

> For something so critical, there should simply be too many safeguards for any test to make it through all the way to end users.

The only way to guarantee that is to not allow updates to be published at all.

> If a test could get through without being discovered, then so might malicious code.

You are conflating very different things. MSFT being able to publish updates is normal and does not require a security breach, even if one particular update shouldn't have been published. An external entity being able to publish an update containing malicious code would be a huge security breach, requiring both the ability to sign the update and to publish it.