Re: what we REALLY learned from WMF



What we really learn from this all WMF "thingie", is that when Microsoft wants to, it can.

Microsoft released the WMF patch ahead of schedule
( http://blogs.securiteam.com/index.php/archives/181 )

Yep, THEY released the PATCH ahead of schedule.

What does that teach us?

"We?" "Us?" Just who are you referring to? A vulnerability was discovered, they researched it, created and tested a patch (like they always do) and issued it. Done. Move on, please. There is nothing to learn here, other than the fact that everyone and their brother came out of the woodwork saying that the world was going to end and spreading mis-information. I believe even *you* posted erroneous information. Nice.


First everyone bitches about how bad Microsoft security is, how they don't "get it" and how they don't care. Then, when they issue a patch out-of-cycle, we hear pompous comments like "See! I told you so! They can do it if they want to, so they should do EVERYTHING like this!!" They handled it the right way, and still, they get criticism. Great.

Maybe it’s just that we are used to sluggishness. Perhaps it is time we, as users and clients, started DEMANDING of Microsoft to push things up a notch.

Oh, that's rich. Let's see-- wasn't it YOU that said to Dave Litchfield regarding Oracle:


<snip>
That is your choice.. although I personally believe you are being very
extreme in your take on how alone Oracle is.

It's not that I disagree with their behavior being questionable, I
honestly believe a survey of how all vendors do where the s**t floats to
the top without singling out the Bad but rather the Good, would work
better.
</snip>

So, it's OK for Oracle to have the worst security (both in product and in attitude) of any vendor on the face of the planet, and to take the "Oh, let's not pick on them by singling them out" mindset, but now you are DEMANDING that every patch be treated like the WMF patch just because YOU said so?? Why are you singling out Microsoft here?

What about WINE? Where is your DEMAND that THEY patch immediately? Where is the patch, anyway? Oh, there isn't one yet. Shouldn't you be ripping them a new one? After all, WINE is still vulnerable to the WMF exploit.

Put in the necessary resources, and release patches within days of first discovery. I’m willing to live with weeks and months in comparison to the year+ that we have seen sometimes. Naturally some problems take longer to fix, but you get my drift.

Oh, I totally get your drift. You are biased, and speak with a forked tongue.


t



Relevant Pages

  • Re: [Full-disclosure] Security Alert: Unofficial IE patches appear on internet
    ... created by a vulnerability is as serious as this case and the available ... Microsoft will be inclined strongly against holding on to this patch. ... Microsoft often have patches ready but wait for the corporate known ...
    (Full-Disclosure)
  • Re: Worm in Patch
    ... a naive and trusting nature in your personality believing that you would ... "receive a patch" instead of getting it from a trusted source..? ... Essentially - Microsoft never emails you a patch. ... using Windows XP "prettifications". ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Why do i keep on receiving shutdown system ?
    ... the Microsoft provided information on the matter can be ... The Symantec Repair utility and manual removal instructions can be found ... The patch that would have prevented this whole fiasco for you: ... If you have Sasser, the Microsoft provided information on the matter can be ...
    (microsoft.public.windowsxp.security_admin)
  • Re: NT Authority..
    ... You could have Blaster or you could have Sasser. ... the Microsoft provided information on the matter can be ... The patch that would have prevented this whole fiasco for you: ... After enabling the Internet Connection Firewall or creating the read-only ...
    (microsoft.public.windowsxp.help_and_support)
  • So Windows Update is a dog, now what?
    ... extension, that means that the soon-to-be-released Windows Update, ... How about someone getting serious about patch management over at ... In their explanation of the severity rating scheme, the Microsoft ... incredibly reliable mechanism for getting patches onto systems, ...
    (NT-Bugtraq)