Tuesday, March 11, 2008

Microsoft finally patched it..

Remember my previous blog posting on 17th Jan 08 on the vulnerability in Microsoft Excel (Vulnerability in Microsoft Excel....). It was a critical vulnerability that allowed remote user to execute arbitrary code on the target user's system.

After 2 months, Microsoft finally released a patch for the vulnerability. The March monthly black tuesday, they release 4 crtitcal patches.

In the Microsoft Security Bulletin MS08-014 - Critical- (Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution - 949029), it addresses the vulnerability for Microsoft Security Advisory -(Vulnerability in Microsoft Excel Could Allow Remote Code Execution - 947563). It took Microsoft more than 2 months (since the vulnerability was announced) to patch a critical vulnerability.

This is just one of the example of how long microsoft takes to patch a critical vulnerabilty. Imagine how many things a hacker can do with that vulnerability for 2 months.

Microsoft really "focus" in secure computing, three "cheers" to Microsoft and Bill Gates. ;P

Related Report:
- Microsoft Security Bulletin Summary for March 2008

No comments: