Microsoft patching zero-day Windows 7 SMB hole

by n3td3v November 14, 2009 1:38 PM PST

"3 days almost is more than enough time to send out a super-critical
patch for an issue like this via Windows Update"

You don't know much do you about what goes into it to roll out a patch
on a world-wide scale in such a widely used product. It cannot be done
in three days, it takes a least a month minimum to verify the
vulnerability, documentation prepared, the patch developed and tested
to meet the requirement.

If Microsoft rushed a patch and it wasn't to the correct standard and
it crashed every system world-wide, there would be an outcry.

There is no excuse for what Gaffié did, he has no respect for
Microsoft, its customers or internet security and the security
industry of security professionals.

Keep in mind security professionals need to test the Microsoft patches
in-house before they get rolled into individual corporate networks
even if a patch is released.

It's everybody affected by such bad disclosures as this not just
Microsoft. If you think this is teaching Microsoft a lesson its not,
its a sure way to get everyone in the security industry not to like
you though.

Security professionals are happy with the required time it takes
Microsoft to release a patch, it cannot be done any faster than it is
currently.

Gaffié is a loner on this issue if he thinks direct action will change
corporate policy, its border-line cyber-terrorism.

http://news.cnet.com/8618-27080_3-1...&blogId=245&messageId=8617311&tag=mncol;tback

http://sites.google.com/site/n3td3v/