Microsoft criticized for silent patches

Discussion in 'Computer Security' started by Imhotep, Apr 21, 2006.

  1. Imhotep

    Imhotep Guest

    "The criticism focused on a two issues in Microsoft's security bulletin
    documenting the changes to Windows systems by a patch released last
    Tuesday. The advisory stated that the vulnerability being fixed was
    privately reported but that a "variation" of the flaw had been publicly
    disclosed in May 2004. Microsoft should have stated that the original
    vulnerability--more than 700 days old--had been fixed as well as a more
    recent, privately disclosed flaw, vulnerability researcher Matthew Murphy
    stated in a blog post."

    "The information as published is extremely misleading and Microsoft's choice
    not to document a publicly-reported vulnerability is not one that will be
    for the benefit of its customers' security," wrote Murphy. The security
    researcher, a student in the information systems program at Missouri State
    University, is currently working with Metasploit founder HD Moore to find
    flaws in Internet Explorer and other browsers using data fuzzing
    techniques."

    http://www.securityfocus.com/brief/187?ref=rss

    Imhotep
    Imhotep, Apr 21, 2006
    #1
    1. Advertising

  2. And your point is???

    MS fixed the problem - finally. It is somewhat disconcerting that the
    original flaw was reported over two years before it was fixed. You are
    quibbling about the wording of the bulletin when you should be blasting MS
    for taking two years to fix the problem.

    Mike Ober.


    "Imhotep" <> wrote in message
    news:...
    > "The criticism focused on a two issues in Microsoft's security bulletin
    > documenting the changes to Windows systems by a patch released last
    > Tuesday. The advisory stated that the vulnerability being fixed was
    > privately reported but that a "variation" of the flaw had been publicly
    > disclosed in May 2004. Microsoft should have stated that the original
    > vulnerability--more than 700 days old--had been fixed as well as a more
    > recent, privately disclosed flaw, vulnerability researcher Matthew Murphy
    > stated in a blog post."
    >
    > "The information as published is extremely misleading and Microsoft's

    choice
    > not to document a publicly-reported vulnerability is not one that will be
    > for the benefit of its customers' security," wrote Murphy. The security
    > researcher, a student in the information systems program at Missouri State
    > University, is currently working with Metasploit founder HD Moore to find
    > flaws in Internet Explorer and other browsers using data fuzzing
    > techniques."
    >
    > http://www.securityfocus.com/brief/187?ref=rss
    >
    > Imhotep
    Michael D. Ober, Apr 21, 2006
    #2
    1. Advertising

  3. Imhotep

    Imhotep Guest

    Michael D. Ober wrote:

    >
    > And your point is???
    >
    > MS fixed the problem - finally. It is somewhat disconcerting that the
    > original flaw was reported over two years before it was fixed. You are
    > quibbling about the wording of the bulletin when you should be blasting MS
    > for taking two years to fix the problem.
    >
    > Mike Ober.
    >
    >
    > "Imhotep" <> wrote in message
    > news:...
    >> "The criticism focused on a two issues in Microsoft's security bulletin
    >> documenting the changes to Windows systems by a patch released last
    >> Tuesday. The advisory stated that the vulnerability being fixed was
    >> privately reported but that a "variation" of the flaw had been publicly
    >> disclosed in May 2004. Microsoft should have stated that the original
    >> vulnerability--more than 700 days old--had been fixed as well as a more
    >> recent, privately disclosed flaw, vulnerability researcher Matthew Murphy
    >> stated in a blog post."
    >>
    >> "The information as published is extremely misleading and Microsoft's

    > choice
    >> not to document a publicly-reported vulnerability is not one that will be
    >> for the benefit of its customers' security," wrote Murphy. The security
    >> researcher, a student in the information systems program at Missouri
    >> State University, is currently working with Metasploit founder HD Moore
    >> to find flaws in Internet Explorer and other browsers using data fuzzing
    >> techniques."
    >>
    >> http://www.securityfocus.com/brief/187?ref=rss
    >>
    >> Imhotep



    Quibbling??? I think the point of the article was that MS was trying to
    deceive people...or at least, not being totally honest.

    Imhotep
    Imhotep, Apr 22, 2006
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. andymacca

    PAgP - silent and non-silent modes

    andymacca, Mar 22, 2006, in forum: Cisco
    Replies:
    1
    Views:
    3,568
  2. Mcploppy ©

    Microsoft Patches 'Critical' Windows Hole

    Mcploppy ©, Jul 10, 2003, in forum: Computer Support
    Replies:
    1
    Views:
    507
    Jimchip
    Jul 10, 2003
  3. Bay0Wulf
    Replies:
    4
    Views:
    373
    Bay0Wulf
    Sep 19, 2003
  4. Boomer
    Replies:
    8
    Views:
    466
    Jimmy Dean
    Sep 20, 2003
  5. Giuen
    Replies:
    0
    Views:
    752
    Giuen
    Sep 12, 2008
Loading...

Share This Page