__/ [ Mark Kent ] on Saturday 30 September 2006 08:02 \__
> begin oe_protect.scr
> The Ghost In The Machine <ewill@xxxxxxxxxxxxxxxxxxxxxxx> espoused:
>> http://news.yahoo.com/s/pcworld/20060929/tc_pcworld/127336
>>
>>|Windows Bugs Still Not Patched
>>
>>|It has become a familiar pattern: A hacker posts exploit code to a
>>|security Web site; Microsoft follows soon after with a warning to
>>|customers.
>>
>>|The pattern was repeated again Thursday, only this
>>|time Microsoft's warning that it is investigating
>>|"new public reports" of a critical bug in Windows
>>|comes more than two months after sample code showing
>>|how to take advantage of the flaw was posted to
>>|the Web. Microsoft's advisory can be found [at
>>|http://www.microsoft.com/technet/security/advisory/926043.mspx].
>>
>>|The flaw that Microsoft warned about is in an ActiveX
>>|control (called WebViewFolderIcon) used by the Windows'
>>|graphical user interface software. It was first disclosed
>>|on July 18 as part of a month-long project by hacker
>>|HD Moore to expose problems in browser software.
>>|Moore's blog post on the flaw can be found [at
>>|http://browserfun.blogspot.com/2006/07/mobb-18-webviewfoldericon-setslice.html].
>>
>> ...
>>
>>|Microsoft executives could not immediately be reached for comment, but
>>|the company's security advisory said this latest WebViewFolderIcon bug
>>|will be patched on Oct. 10.
>>
>> [end excerpt]
>>
>> The question I have is: who writes this stuff and why?
>> Is it really news? Is it a puff-piece masquerading as
>> news? Is it a grudge match between H. D. Moore and
>> Microsoft? Will we ever know? Will Vista Solve Everything(tm)?
>>
>> And possibly most importantly: how much more of this sort
>> of crap will the public tolerate?
>
> It's a long time for unpatched vulnerabilities with exploits in the
> wild, though, isn't it?
I haven't read this thread yet, but are we talking about Windows here?
|
|
