Microsoft historically takes a bad rap with respect to its handling of vulnerabilities. Maybe that might better worded as...They take a lot of heat from a lot of people whenever something, anything, small or large hits any public forum that something with the Microsoft name on it is found mildly vulnerable to any kind of attack. I'll admit it, I'm one of those people who can easily bash Microsoft.
This evening, I'm taking a different stance. I'm genuinely impressed by Microsoft's responsiveness as of late. The .ani file handling aka the GDI vulnerability was fixed rather quickly. Now they've got a more complex problem -- the RPC/DNS bug. Yes, I'd like to see the patch faster. Yes, I'd like it better if it were never vulnerable to start with (hrmm, don't end a sentence with a preposition). There seems to a different Microsoft so far in 2007. Today they gave us a new posting discussing a knowledge base article on the use of script to automate suggested mitigation efforts.
Communication is good.
I'd rather not have buggy code at all, but I'm happy to accept the efforts and communications.
(I'll now hide under the desk as everyone throws rocks at me)
Comments (1)
I won't throw rocks -- how about rose petals? :)
I have also been particularly impressed with the response by Microsoft in the two situations you referenced. As to a faster response, as I quoted from the 17Apr07 MSRC Blog in my recent post on this issue:
"For this issue, our teams are working on developing and testing 133 separate updates: one in every language for every currently supported version of Windows servers. Each of these has to be tested to ensure they effectively protect against the vulnerability..."
Posted by Corrine | April 22, 2007 12:11 PM
Posted on April 22, 2007 12:11