|
Posted by Imhotep on April 21, 2006, 8:39 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Michael D. Ober wrote:
>
> And your point is???
>
> MS fixed the problem - finally. It is somewhat disconcerting that the
> original flaw was reported over two years before it was fixed. You are
> quibbling about the wording of the bulletin when you should be blasting MS
> for taking two years to fix the problem.
>
> Mike Ober.
>
>
>> "The criticism focused on a two issues in Microsoft's security bulletin
>> documenting the changes to Windows systems by a patch released last
>> Tuesday. The advisory stated that the vulnerability being fixed was
>> privately reported but that a "variation" of the flaw had been publicly
>> disclosed in May 2004. Microsoft should have stated that the original
>> vulnerability--more than 700 days old--had been fixed as well as a more
>> recent, privately disclosed flaw, vulnerability researcher Matthew Murphy
>> stated in a blog post."
>>
>> "The information as published is extremely misleading and Microsoft's
> choice
>> not to document a publicly-reported vulnerability is not one that will be
>> for the benefit of its customers' security," wrote Murphy. The security
>> researcher, a student in the information systems program at Missouri
>> State University, is currently working with Metasploit founder HD Moore
>> to find flaws in Internet Explorer and other browsers using data fuzzing
>> techniques."
>>
>> http://www.securityfocus.com/brief/187?ref=rss
>>
>> Imhotep
Quibbling??? I think the point of the article was that MS was trying to
deceive people...or at least, not being totally honest.
Imhotep
| 
XML site map