We've taken a look at this situation and incorporated some lessons learned. We will work very hard to help ensure something like this doesn't happen in the future.
Our test and engineering plan for that update that we began two weeks ago is on track to have that update ready for Tuesday.
This is why it takes so long, but that's not to say that if there's an exploit, we won't accelerate testing and get it out there as fast as we can. But if we find problems in the testing phase, it could trigger a restart and cause even more delays.
We can't leave anybody behind. And unfortunately you might be introducing new problems. So whenever we look at even a quick hack ... it's got to be of quality. That's what customers have told us time and again.
There might be privately reported issues that end up being in that update that haven't been disclosed yet. When we put out the bulletin, we talk about the information in the vulnerabilities … with a beta, how does that work exactly? Do you put out a kind-of-a-bulletin?
The maximum total severity rating for this month is Critical, so please update systems as soon as possible when the bulletin is available this coming Tuesday.
The key thing is really that we want to make people understand the risk with these flaws and that they enable automatic updates.
The huge responsibility we have is that we have to answer to our customers, and our customers represent potentially hundreds of millions of different configurations.
We're on all the [security mailing] lists, just like you are, and we investigate everything, even if it's a post about a simple weird behavior in a product.