Microsoft knew of Windows .ANI flaw since December 2006
,----[ Quote ]
| A private security research outfit says it notified Microsoft about
| the animated cursor (.ani) code execution vulnerability since
| December 2006, a full four months ahead of yesterday?s discovery
| of Internet Explorer drive-by attacks.
`----
http://blogs.zdnet.com/security/?p=143
It's nice when the vendor tries to sweep its mistakes under the carpet until
it's too late, isn't it? Those counts of vulnerabilities makes you wonder
how many things get patched /quietly/. The vendor is dishonest and the
client is at great risk as a result.
Related:
Update: Windows zero-day flaw 'very dangerous,' experts say
,----[ Quote ]
| "It doesn't require a PhD in hacking," Brown said. "The number of people
| who can use this is huge."
|
| eEye considered it so dangerous that early this morning it released a
| rare unofficial patch to temporarily plug the dike. This is only the
| second time that eEye has put out an unsanctioned fix for a Microsoft bug.
`----
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9015138&intsrc=hm_list
http://tinyurl.com/2fxpsu
Microsoft: Attacks on Windows flaw rise
,----[ Quote ]
| Once hackers have access to a computer, they can install any number
| of nasty programs -- ones that steal passwords or record keystrokes,
| which the hackers could then sell to identity thieves.
`----
http://news.yahoo.com/s/ap/20070330/ap_on_hi_te/microsoft_vulnerability
|
|
