Remember my previous blog posting on 17th Jan 08 on the vulnerability in Microsoft Excel (Vulnerability in Microsoft Excel....). It was a critical vulnerability that allowed remote user to execute arbitrary code on the target user's system.After 2 months, Microsoft finally released a patch for the vulnerability. The March monthly black tuesday, they release 4 crtitcal patches.
In the Microsoft Security Bulletin MS08-014 - Critical- (Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution - 949029), it addresses the vulnerability for Microsoft Security Advisory -(Vulnerability in Microsoft Excel Could Allow Remote Code Execution - 947563). It took Microsoft more than 2 months (since the vulnerability was announced) to patch a critical vulnerability.
This is just one of the example of how long microsoft takes to patch a critical vulnerabilty. Imagine how many things a hacker can do with that vulnerability for 2 months.
Microsoft really "focus" in secure computing, three "cheers" to Microsoft and Bill Gates. ;P
Related Report:
- Microsoft Security Bulletin Summary for March 2008
No comments:
Post a Comment