Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Why Microsoft should make windows open source
From: "James Matthews" <nytrokiss () gmail com>
Date: Mon, 2 Apr 2007 16:53:32 -0700

Hi Everyone

(This can also be an open letter to Microsoft)

Recently I have see a blog post of Microsoft's security team!  What i have
found disturbs me even more then when we find these 0days! This is what they
write!

I'm sure one question in people's minds is how we're able to release an
update for this issue so quickly. I mentioned on
Friday<http://blogs.technet.com/msrc/archive/2007/03/30/update-on-microsoft-security-advisory-935423.aspx#Vulnerability>that
this issue was first brought to us in late December 2006 and we've
been
working on our investigation and a security update since then. This update
was previously scheduled for release as part of the April monthly release on
April 10, 2007.

Are you telling me that this hole was around for just about 4 months and
they did nothing about it? I am not wondering why it took them so long to
come out with this patch not why they are putting out so early! Also when
they were told about this vulnerability they should of fixed it right away
as we have seen with the OpenBSD ICMP IP 6 hole! Core security told them
about it LESS THEN A WEEK LATER THERE WAS A PATCH.

So we ask why? Why does it take so long to put out a patch?

Due to the increased risk to customers from these latest attacks, we were
able to expedite our testing to ensure an update is ready for broad
distribution sooner than April 10.

Really? Then Please explain this paragraph

*Disclaimer: *

The information provided in this advisory is provided "as is" without
warranty of any kind. Microsoft disclaims all warranties, either express or
implied, including the warranties of merchantability and fitness for a
particular purpose. In no event shall Microsoft Corporation or its suppliers
be liable for any damages whatsoever including direct, indirect, incidental,
consequential, loss of business profits or special damages, even if
Microsoft Corporation or its suppliers have been advised of the possibility
of such damages. Some states do not allow the exclusion or limitation of
liability for consequential or incidental damages so the foregoing
limitation may not apply.

Links:
http://blogs.technet.com/msrc/archive/2007/04/01/latest-on-security-update-for-microsoft-security-advisory-935423.aspx
http://www.microsoft.com/technet/security/advisory/935423.mspx


I can go on and on but you all get the point!

James










--
http://www.goldwatches.com/watches.asp?Brand=39
http://www.wazoozle.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]