Windows Update Servers Slowed By Rush To Patch

Microsoft's April security problems didn't stop when it rolled out four alerts and disclosed 20 vulnerabilities on Tuesday. That day, and the day after, Microsoft's update servers were plagued by slow downs that prevented some users from obtaining the necessary patches.

The U.K.-based Web performance monitoring firm Netcraft on Wednesday noted that Microsoft's Windows Update site -- the primary means for users to download security patches -- experienced "slow response times" in the wake of the release of the numerous critical updates.

Netscraft's numbers on Wednesday showed that the average wait at six Windows Update servers -- from New York and Amsterdam to Sydney and London -- ranged between 1.3 and 1.6 seconds, with the maximum waits as long as 20 seconds. Depending on the server, anywhere from five to eleven percent of the attempts to reach Windows Update failed.

"The sluggish performance of Windows Update was a particular challenge for Windows users on dial-up connections, as the Windows XP download is three megabytes," Netcraft said.

During Wednesday's monthly follow-up Webcast on the just-released vulnerabilities, Microsoft executives noted the high volume of users accessing Windows Update, saying that the number of requests was about double the norm.On Thursday, Microsoft acknowledged that the rush for patches had caused some problems.

"The increase in server activity did cause some performance slow downs yesterday," said a Microsoft spokesperson. "Microsoft has put into place additional resources and increased capacity to ensure that the increase in volume will not affect customer experience on Windows Update."

As of mid-morning Thursday, Microsoft said it was not having any problem meeting the increase in server traffic.

The Redmond, Wash.-based developer attributed the sluggishness of its Windows Update servers to its switch last year from a more frequently weekly release of vulnerabilities and patches to the current monthly schedule, as well as more use by customers of Windows Update and Auto Update.

Joe Wilcox, an analyst with Microsoft Monitor, an arm of Jupiter Research, sees it differently."What's different this time that would overload the servers? Two things. All the issues relate to Windows, so that increases the priority of downloading patches. And then there was the sheer number of patches that needed to be downloaded."

Tuesday's 20 vulnerabilities -- released in four alerts -- were an unprecedented number, and easily beat any earlier "record" for the most from Microsoft in one day.

"Just use Occam's Razor (the idea that the simplist explanation is the most likely) ," Wilcox said. "The heavy traffic was because of the large number of vulnerabilities. A lot of traffic and you get server slowdowns."

Wilcox also took Microsoft to task for what he called "security by PR" in consolidating multiple vulnerabilities into single bulletins. On Tuesday, two of the four alert bulletins contained a whopping 15 vulnerabilities.

"They're trying to make things seem better than they are," said Wilcox, by grouping several vulnerabilities under one bulletin's umbrella. "That may be good PR, but it's not necessarily good for IT managers trying to patch systems. They need as much information as they can get, as clearly as they can get it."Microsoft needs to be upfront on security, and this policy of consolidating vulnerabilities isn't that".