Microsoft criticized for silent patches

"The criticism focused on a two issues in Microsoft's security bulletin
documenting the changes to Windows systems by a patch released last
Tuesday. The advisory stated that the vulnerability being fixed was
privately reported but that a "variation" of the flaw had been publicly
disclosed in May 2004. Microsoft should have stated that the original
vulnerability--more than 700 days old--had been fixed as well as a more
recent, privately disclosed flaw, vulnerability researcher Matthew Murphy
stated in a blog post."

"The information as published is extremely misleading and Microsoft's choice
not to document a publicly-reported vulnerability is not one that will be
for the benefit of its customers' security," wrote Murphy. The security
researcher, a student in the information systems program at Missouri State
University, is currently working with Metasploit founder HD Moore to find
flaws in Internet Explorer and other browsers using data fuzzing
techniques."

http://www.securityfocus.com/brief/187?ref=rss

Imhotep

Re: Microsoft criticized for silent patches

And your point is???

MS fixed the problem - finally. It is somewhat disconcerting that the
original flaw was reported over two years before it was fixed. You are
quibbling about the wording of the bulletin when you should be blasting MS
for taking two years to fix the problem.

Mike Ober.


"Imhotep" wrote in message
news:srmdnZRfgex_29XZnZ2dneKdnZydnZ2d@adelphia.com...
> "The criticism focused on a two issues in Microsoft's security bulletin
> documenting the changes to Windows systems by a patch released last
> Tuesday. The advisory stated that the vulnerability being fixed was
> privately reported but that a "variation" of the flaw had been publicly
> disclosed in May 2004. Microsoft should have stated that the original
> vulnerability--more than 700 days old--had been fixed as well as a more
> recent, privately disclosed flaw, vulnerability researcher Matthew Murphy
> stated in a blog post."
>
> "The information as published is extremely misleading and Microsoft's
choice
> not to document a publicly-reported vulnerability is not one that will be
> for the benefit of its customers' security," wrote Murphy. The security
> researcher, a student in the information systems program at Missouri State
> University, is currently working with Metasploit founder HD Moore to find
> flaws in Internet Explorer and other browsers using data fuzzing
> techniques."
>
> http://www.securityfocus.com/brief/187?ref=rss
>
> Imhotep

Re: Microsoft criticized for silent patches

Michael D. Ober wrote:

>
> And your point is???
>
> MS fixed the problem - finally. It is somewhat disconcerting that the
> original flaw was reported over two years before it was fixed. You are
> quibbling about the wording of the bulletin when you should be blasting MS
> for taking two years to fix the problem.
>
> Mike Ober.
>
>
> "Imhotep" wrote in message
> news:srmdnZRfgex_29XZnZ2dneKdnZydnZ2d@adelphia.com...
>> "The criticism focused on a two issues in Microsoft's security bulletin
>> documenting the changes to Windows systems by a patch released last
>> Tuesday. The advisory stated that the vulnerability being fixed was
>> privately reported but that a "variation" of the flaw had been publicly
>> disclosed in May 2004. Microsoft should have stated that the original
>> vulnerability--more than 700 days old--had been fixed as well as a more
>> recent, privately disclosed flaw, vulnerability researcher Matthew Murphy
>> stated in a blog post."
>>
>> "The information as published is extremely misleading and Microsoft's
> choice
>> not to document a publicly-reported vulnerability is not one that will be
>> for the benefit of its customers' security," wrote Murphy. The security
>> researcher, a student in the information systems program at Missouri
>> State University, is currently working with Metasploit founder HD Moore
>> to find flaws in Internet Explorer and other browsers using data fuzzing
>> techniques."
>>
>> http://www.securityfocus.com/brief/187?ref=rss
>>
>> Imhotep


Quibbling??? I think the point of the article was that MS was trying to
deceive people...or at least, not being totally honest.

Imhotep