Linked by Thom Holwerda on Wed 4th Jan 2006 22:45 UTC
Windows The saga around the WMF flaw in Windows continues. "A cryptographically signed version of Microsoft's patch for the Windows Metafile vulnerability accidentally leaked onto the Internet late Tuesday, adding a new wrinkle to the company's round-the-clock efforts to stop the flow of malicious exploits. The MSRC (Microsoft Security Response Center) acknowledged that a slip-up caused 'a fast-track, pre-release version of the update' to be posted to a security community site and urged users to 'disregard' the premature update."
Thread beginning with comment 81927
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: Too slow...
by Celerate on Thu 5th Jan 2006 02:58 UTC in reply to "Too slow..."
Member since:

Isn't that usually the case?

When a security hole becomes public knowledge it's a little late to be getting around to writing a patch. But that happens all to frequently anyway because either the company doesn't know about the problem, or hasn't scheduled time to fix it until there are exploits already in the wild and they realize they can't wait any longer.

Reply Parent Score: 1

RE[2]: Too slow...
by jsight on Thu 5th Jan 2006 03:27 in reply to "RE: Too slow..."
jsight Member since:

No, that's not always what happens. This issue has been known to MS (and the world) for at least a couple of weeks now, and they still haven't issued a patch.

Red Hat, Novell, etc, would never take that long to issue a patch for an issue with the severity of this one.

Reply Parent Score: 3

RE[3]: Too slow...
by gonzo on Thu 5th Jan 2006 04:28 in reply to "RE[2]: Too slow..."
gonzo Member since:

Red Hat, Novell, etc, would never take that long to issue a patch for an issue with the severity of this one.

How did you figure that one out?

Because.. super-guru-coders work at RH and Novell and at MS we have a bunch of kids?

Or could it be, because in "Linux world" it is acceptable that users/customers are, in fact, doing what is normally QA's job?

Here's what Ilfak Guilfanov says about it, but I guess you know better, right?

There is also a sense of division among those who want Microsoft to deliver the update now, as opposed to waiting until its monthly patch release on Jan. 10. What do you think Microsoft should do?

Guilfanov: I think Microsoft should develop a patch, (and) test and release it. And I believe that this is exactly what they are doing.

Rest of the interview

Reply Parent Score: -1