Updated: 4/4/06; 7:10:18 PM.
Ted's Radio Weblog
Mission: Interoperable. Competition breeds Innovation. Monopolies breed stagnation. Working Well with Others is Good.
        

Saturday, February 12, 2005

InfoWorld: Top News reports "Microsoft warns customers about exploits for new flaws. BOSTON - Microsoft warned customers about computer code that exploits holes in the company's software and blamed security researchers for publishing proof of concept code to trigger the vulnerabilities, which was then turned into working attacks."

This isn't about shooting the messengers. It's common practice to notify vendors of a flaw when you find them and give a reasonable grace period before publicly releasing sufficient information to exploit the flaw, to give the vendor, Open Source or Closed, a chance to distribute a patch. In this case, the patches are already out there, as I blogged on Wednesday. It just takes a while for a few million people to patch. Most of us like to wait to hear if others discover problems with the patches.

However, it was Microsoft that publicized the vulnerabilities, and you can bet that others had already duplicated the exploits, based on the description Microsoft provided, as well as the binary patches that pointed to the affected code.

This still points back to Microsoft. Downloading and displaying a graphic should not allow remote code to be executed under any circumstances. A deep problem with the Microsoft operating system security model is exploited once again.
5:14:32 PM    comment []


© Copyright 2006 Ted Roche.   

Creative Commons License This work is licensed under a Creative Commons License.

  

 

February 2005
Sun Mon Tue Wed Thu Fri Sat
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28          
Jan   Mar


Click here to visit the Radio UserLand website.

Subscribe to "Ted's Radio Weblog" in Radio UserLand.

Click to see the XML version of this web page.

Click here to send an email to the editor of this weblog.
Blogroll