| Author |
Topic |
|
Kristen
Test
22859 Posts |
 Posted - 2010-01-22 : 03:05:28
|
| Is it just me? or is the scope of this fix (in particular the "Vulnerability Information" section), covering so many generations of IE, just staggering after so much time, so many "We've really really changed" speeches, and so much time & money spent reviewing and, supposedly, fixing potential security breech holes?http://www.microsoft.com/technet/security/bulletin/MS10-002.mspxKeep in mind that I'm a self confessed MS fanboy ... |
|
|
elwoos
Master Smack Fu Yak Hacker
2052 Posts |
Posted - 2010-01-22 : 05:56:08
|
| I found that completely underwhelming too especially as they have known about this for a good few months and weren't intending to do anything until February despite recognising the severity of the issue if [url]http://www.wired.com/threatlevel/2010/01/microsoft-zero-day-flaw/[/url] is to be believed.Is it just me or dies it seem like there is more to this than meets the eye?steve-----------Deja Moo - The feeling you've heard the same bull before. |
 |
|
|
Transact Charlie
Master Smack Fu Yak Hacker
3451 Posts |
Posted - 2010-01-22 : 06:22:37
|
| Well it would probably have been shorter to specify which environments were not effected. When that happens then it's a bad one.Charlie===============================================================Msg 3903, Level 16, State 1, Line 1736The ROLLBACK TRANSACTION request has no corresponding BEGIN TRANSACTION |
|
|
|
Kristen
Test
22859 Posts |
Posted - 2010-01-22 : 06:25:55
|
"they have known about this for a good few months "You are being too kind sir. I don't know if the Media Player error is in the same bracket, but that was 12 months ago I think. The rest are 3-6 which is definitely "a good few months" for something so pervasive.Haven't read your link, yet, but my 2p worth is that TippingPoint / ZeroDayInitiative (I forget which of the two is the one that pays out  ) "bought" this issue (i.e. by reward to finder - a service done to promote reporting of such issues without malicious intent, nor announcement in public domain) and thus has documented when they informed the Vendor.Hang on, I'll find a link:http://www.zerodayinitiative.com/advisories/published/"Is it just me or dies it seem like there is more to this than meets the eye?"I think so, rumblings that it was an insider at Google that used the loophole to gain access to mail etc. But if it is a foreign power cyber attack thingie they've used up a very effective "life" and will now have to find another one to continue the game. Maybe they have loads more where that came from though  "We're doomed ..." |
|
|
|
Kristen
Test
22859 Posts |
Posted - 2010-01-22 : 06:27:09
|
| P.S. 11 of their advisories were made public yesterday, I presume they keep them secret until the vendor announces a fix. Bit of a Red Letter Day I think ... |
|
|
|
Transact Charlie
Master Smack Fu Yak Hacker
3451 Posts |
Posted - 2010-01-22 : 06:34:05
|
quote:
Disclosure Timeline2009-08-14 - Vulnerability reported to vendor2010-01-21 - Coordinated public release of advisory
Ouch.Charlie===============================================================Msg 3903, Level 16, State 1, Line 1736The ROLLBACK TRANSACTION request has no corresponding BEGIN TRANSACTION |
|
|
|
Kristen
Test
22859 Posts |
Posted - 2010-01-22 : 06:45:12
|
| Interesting that the French government is on the list of people thanked on the MS Bulletin (as per my initial link).The French government have recommended that people switch away from using IE. I thought that was a bit of an extreme reaction, personally, but if they reported a major security flaw and it took 4 months to fix then maybe I should take note too ... |
|
|
|
robvolk
Most Valuable Yak
15732 Posts |
Posted - 2010-01-22 : 07:02:26
|
| There's always Chrome, Firefox, Safari, Opera, etc. etc. And they're all cross-platform too. |
|
|
|
Kristen
Test
22859 Posts |
|
|
Kristen
Test
22859 Posts |
Posted - 2010-01-25 : 14:31:21
|
| Possibly "Oh dear!"http://www.telegraph.co.uk/technology/microsoft/7073888/Internet-Explorer-hit-with-new-set-of-security-flaws.html |
|
|
|
elwoos
Master Smack Fu Yak Hacker
2052 Posts |
Posted - 2010-01-26 : 04:44:32
|
quote:
The team at Microsoft has done an excellent job of responding quickly
Perhaps that is in comparison to Adobe  -----------Deja Moo - The feeling you've heard the same bull before. |
|
|
|
X002548
Not Just a Number
15586 Posts |
|
|
Kristen
Test
22859 Posts |
Posted - 2010-01-28 : 03:08:02
|
| Over here Dave also gives us "Dave ja vu"http://en.wikipedia.org/wiki/Dave_%28TV_channel%29 |
|
|
|
elwoos
Master Smack Fu Yak Hacker
2052 Posts |
Posted - 2010-01-29 : 10:09:12
|
| And there was me thinking you meant Dave Lister [url]http://en.wikipedia.org/wiki/Dave_Lister[/url]-----------Deja Moo - The feeling you've heard the same bull before. |
|
|
|
|
MS IE "Google" vulnerabilty