Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > Microsoft criticized for silent patches

Reply
Thread Tools

Microsoft criticized for silent patches

 
 
Imhotep
Guest
Posts: n/a
 
      04-21-2006
"The criticism focused on a two issues in Microsoft's security bulletin
documenting the changes to Windows systems by a patch released last
Tuesday. The advisory stated that the vulnerability being fixed was
privately reported but that a "variation" of the flaw had been publicly
disclosed in May 2004. Microsoft should have stated that the original
vulnerability--more than 700 days old--had been fixed as well as a more
recent, privately disclosed flaw, vulnerability researcher Matthew Murphy
stated in a blog post."

"The information as published is extremely misleading and Microsoft's choice
not to document a publicly-reported vulnerability is not one that will be
for the benefit of its customers' security," wrote Murphy. The security
researcher, a student in the information systems program at Missouri State
University, is currently working with Metasploit founder HD Moore to find
flaws in Internet Explorer and other browsers using data fuzzing
techniques."

http://www.securityfocus.com/brief/187?ref=rss

Imhotep
 
Reply With Quote
 
 
 
 
Michael D. Ober
Guest
Posts: n/a
 
      04-21-2006

And your point is???

MS fixed the problem - finally. It is somewhat disconcerting that the
original flaw was reported over two years before it was fixed. You are
quibbling about the wording of the bulletin when you should be blasting MS
for taking two years to fix the problem.

Mike Ober.


"Imhotep" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ...
> "The criticism focused on a two issues in Microsoft's security bulletin
> documenting the changes to Windows systems by a patch released last
> Tuesday. The advisory stated that the vulnerability being fixed was
> privately reported but that a "variation" of the flaw had been publicly
> disclosed in May 2004. Microsoft should have stated that the original
> vulnerability--more than 700 days old--had been fixed as well as a more
> recent, privately disclosed flaw, vulnerability researcher Matthew Murphy
> stated in a blog post."
>
> "The information as published is extremely misleading and Microsoft's

choice
> not to document a publicly-reported vulnerability is not one that will be
> for the benefit of its customers' security," wrote Murphy. The security
> researcher, a student in the information systems program at Missouri State
> University, is currently working with Metasploit founder HD Moore to find
> flaws in Internet Explorer and other browsers using data fuzzing
> techniques."
>
> http://www.securityfocus.com/brief/187?ref=rss
>
> Imhotep




 
Reply With Quote
 
 
 
 
Imhotep
Guest
Posts: n/a
 
      04-22-2006
Michael D. Ober wrote:

>
> And your point is???
>
> MS fixed the problem - finally. It is somewhat disconcerting that the
> original flaw was reported over two years before it was fixed. You are
> quibbling about the wording of the bulletin when you should be blasting MS
> for taking two years to fix the problem.
>
> Mike Ober.
>
>
> "Imhotep" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) ...
>> "The criticism focused on a two issues in Microsoft's security bulletin
>> documenting the changes to Windows systems by a patch released last
>> Tuesday. The advisory stated that the vulnerability being fixed was
>> privately reported but that a "variation" of the flaw had been publicly
>> disclosed in May 2004. Microsoft should have stated that the original
>> vulnerability--more than 700 days old--had been fixed as well as a more
>> recent, privately disclosed flaw, vulnerability researcher Matthew Murphy
>> stated in a blog post."
>>
>> "The information as published is extremely misleading and Microsoft's

> choice
>> not to document a publicly-reported vulnerability is not one that will be
>> for the benefit of its customers' security," wrote Murphy. The security
>> researcher, a student in the information systems program at Missouri
>> State University, is currently working with Metasploit founder HD Moore
>> to find flaws in Internet Explorer and other browsers using data fuzzing
>> techniques."
>>
>> http://www.securityfocus.com/brief/187?ref=rss
>>
>> Imhotep



Quibbling??? I think the point of the article was that MS was trying to
deceive people...or at least, not being totally honest.

Imhotep
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
microsoft.public.certification, microsoft.public.cert.exam.mcsa, microsoft.public.cert.exam.mcad, microsoft.public.cert.exam.mcse, microsoft.public.cert.exam.mcsd loyola MCSE 4 11-15-2006 02:40 AM
microsoft.public.certification, microsoft.public.cert.exam.mcsa, microsoft.public.cert.exam.mcad, microsoft.public.cert.exam.mcse, microsoft.public.cert.exam.mcsd loyola Microsoft Certification 3 11-14-2006 05:18 PM
microsoft.public.certification, microsoft.public.cert.exam.mcsa, microsoft.public.cert.exam.mcad, microsoft.public.cert.exam.mcse, microsoft.public.cert.exam.mcsd realexxams@yahoo.com Microsoft Certification 0 05-10-2006 02:35 PM
PAgP - silent and non-silent modes andymacca Cisco 1 03-26-2006 06:28 PM
microsoft.public.dotnet.faqs,microsoft.public.dotnet.framework,microsoft.public.dotnet.framework.windowsforms,microsoft.public.dotnet.general,microsoft.public.dotnet.languages.vb Charles A. Lackman ASP .Net 1 12-08-2004 07:08 PM



Advertisments