Roy Schestowitz wrote:
> Microsoft knew of Windows .ANI flaw since December 2006
>
> ,----[ Quote ]
> | A private security research outfit says it notified Microsoft about
> | the animated cursor (.ani) code execution vulnerability since
> | December 2006, a full four months ahead of yesterday?s discovery
> | of Internet Explorer drive-by attacks.
> `----
>
> http://blogs.zdnet.com/security/?p=143
Class action suit time me thinks.
Dangerous vulns are a liability for businesses
and individuals that buy into micoshaft products.
Its an undisclosed balance sheet liability for those
businesses and micoshaft.
If the vuln has been swept under the carpet exposing
payees of micoshaft software to unacceptable risks,
then micoshaft should compensate users for the
mistakes that micoshaft management has made.
At best it should refund the cost of damage
estimates and repairs.
|
|