Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

[News] [Rival] Microsoft Refuses to Patch Own Critical Bugs

  • Subject: [News] [Rival] Microsoft Refuses to Patch Own Critical Bugs
  • From: Roy Schestowitz <newsgroups@xxxxxxxxxxxxxxx>
  • Date: Mon, 14 Dec 2009 02:02:53 +0000
  • Followup-to: comp.os.linux.advocacy
  • Newsgroups: comp.os.linux.advocacy
  • User-agent: KNode/4.3.1
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Why Doesn't Microsoft Look for Its Own Bugs?

,----[ Quote ]
| Sotirov noted that it's TippingPoint's and 
| VeriSign's customers who were paying for 
| this research and that Microsoft should be 
| paying too. Surely, I asked, Microsoft does 
| vulnerability research on their own 
| product. At this point another famous 
| researcher, Dino Dai Zovi, piped in to say 
| no: "Apple is the only vendor that I know 
| of that releases patches for vulns found 
| internally."
| 
| This rang true; I know I've read Apple 
| advisories that credited internal research 
| and I couldn't recall a Microsoft advisory 
| that credited their own. I looked and not a 
| single vulnerability disclosure (so far) in 
| 2009 was credited explicitly to Microsoft. 
| I asked Microsoft about it.
| 
| Their answer... Well, of course they look 
| for and find these things, but not so much.
`----

http://www.pcmag.com/article2/0,2817,2357051,00.asp

Microsoft knew of just-patched IE zero-day for months

,----[ Quote ]
| Microsoft may not have hustled as fast as 
| researchers thought when the company 
| patched a zero-day bug in Internet Explorer 
| (IE) just 18 days after exploit code went 
| public.
| 
| According to VeriSign iDefense, Microsoft 
| had information about the browser bug 
| nearly six months before the researcher 
| dubbed "K4mr4n" posted attack code to the 
| Bugtraq security mailing list on Nov. 20.
`----

http://www.computerworld.com/s/article/9142078/Microsoft_knew_of_just_patched_IE_zero_day_for_months


Recent:

Zero-day IE fix stars in last Patch Tuesday of the decade

,----[ Quote ]
| Tuesday is due to bring six bulletins, three
| of which are critical. The critical fixes
| address flaws in Windows and Office as well as
| IE. The Office update covers flaws in Project,
| Word and Works 8.5.
`----

http://www.theregister.co.uk/2009/12/04/ms_patch_tuesday_pre_alert/


Attacks Appear Imminent as IE Exploit Is Improved

,----[ Quote ]
| Hackers working on the open-source
| Metasploit project have spiffed up a zero-
| day attack on Microsoft's Internet
| Explorer, making it more reliable -- and
| more likely to be used by criminals.
|
| Security experts have been worried about
| the flaw since it was first disclosed on
| the Bugtraq mailing list Friday. But the
| original demonstration code was unreliable
| and has not been used in real-world
| attacks.
`----

http://www.pcworld.com/article/183190/attacks_appear_imminent_as_ie_exploit_is_improved.html


Microsoft IE exploit code unreliable, but more coming

http://www.networkworld.com/news/2009/112309-microsoft-ie-exploit-code.html?t51hb


Fixing the Internet Explorer Blues

,----[ Quote ]
| Earlier this week Microsoft announced yet
| another IE (Internet Explorer) bug. This
| one, Microsoft Security Advisory 977981, is
| one of the really bad ones that can allow
| attackers to take your Windows PC over.
| Yuck!
|
| [...]
|
| I think your best move to keep the world
| from sneaking in some malware over your
| browser is to get the latest versions of
| Firefox 3.5.5 or Google's Chrome 3.0.x Web
| browser. Neither is perfect, but they are
| better than IE. I wish I could recommend
| Opera, but I continue to have real concerns
| about Opera's built-in Web server security.
`----

http://www.itworld.com/security/86298/fixing-internet-explorer-blues


Microsoft Warns of IE Vulnerability

http://windowsitpro.com/mobile/pda/Article.cfm?ArticleID=103204&News=1


Microsoft Issues Security Advisory on IE Vulnerability

http://www.pcworld.com/article/182935/microsoft_issues_security_advisory_on_ie_vulnerability.html


Exploit code targets Internet Explorer zero-day display flaw

http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1375179,00.html


New Security Flaw Hits Internet Explorer 6 & 7

http://techfragments.com/1104/new-security-flaw-hits-internet-explorer-6-7


New attack targets weakness in Internet Explorer

http://voices.washingtonpost.com/securityfix/2009/11/new_attack_targets_weakness_in.html


Microsoft Issues Internet Explorer Security Advisory

http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=221901038


Microsoft warns of IE exploit code in the wild

,----[ Quote ]
| Microsoft on Monday said it is
| investigating a possible vulnerability in
| Internet Explorer after exploit code that
| allegedly can be used to take control of
| computers, if they visit a Web site hosting
| the code, was posted to a security mailing
| list.
`----

http://news.cnet.com/8301-1009_3-10403756-83.html


IE bug leaks private details from 50m PDF files

,----[ Quote ]
| A bug in Microsoft's Internet Explorer
| browser is causing more than 50 million
| files stored online to leak potentially
| sensitive information that could compromise
| user privacy, a security researcher said.
`----

http://www.theregister.co.uk/2009/11/23/internet_explorer_file_disclosure_bug/


Microsoft Corp. (MSFT) CFO Christopher P Liddell sells 20,000 Shares

http://www.gurufocus.com/news.php?id=63097


Microsoft loses top beancounter

,----[ Quote ]
| Microsoft is saying goodbye to its chief
| beancounter, Chris Liddell, after four and a
| half years in the post.
`----

http://www.theregister.co.uk/2009/11/25/microsoft_cfo_goes/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkslnM0ACgkQU4xAY3RXLo4NQwCfXzjoIuSuc1R/r7h3Ihn4IaMe
eCYAoJ+DiIHSdfFlcdSH9HHkTSFre0F1
=l4hV
-----END PGP SIGNATURE-----

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index