It won't be. They say so in the article. On Fri, Jul 10, 2009 at 9:55 AM, HELP_PC <g...@enter.it> wrote:
> > > And who will assure us that Tuesday patches will be really definitive ? > > *GuidoElia* > *HELPPC* > > > ------------------------------ > *Da:* Rob Bonfiglio [mailto:robbonfig...@gmail.com] > *Inviato:* venerdì 10 luglio 2009 14.56 > *A:* NT System Admin Issues > *Oggetto:* Re: IE zero day exploit Microsoft new for 1+ yrs of this flaw > > I'm not defending them....not knowing much about how the attack works > it's hard for me to defend them; 16-18 months does seem like an excessive > amount of time. But the fact that one of the discoverers of the > vulnerability did kind of defend them in the article should be taken into > account. This is a quote from the article: > > *Although Reavey declined to get specific today, Smith, one of the > researchers who reported the vulnerability, hinted at reasons. "The nature > of this flaw is sort of unique," he said. "The mechanics of this are sort of > unique as well. It was those unique qualities that required more time than > Microsoft would normally need."* > > *Smith refused to criticize Microsoft for not patching sooner. "All along > the way, they've told me how far things have progressed," he said of > Microsoft's security team. "They would ping me every time they reached a > milestone on the fix."* > > On Fri, Jul 10, 2009 at 8:37 AM, Ziots, Edward <ezi...@lifespan.org>wrote: > >> >> http://www.computerworld.com/s/article/9135370/Microsoft_admits_it_knew_of_critical_IE_bug_in_early_08?source=CTWNLE_nlt_dailyam_2009-07-10 >> >> You know this type of stuff really burns me up, they knew since early 08 >> of this flaw, and did nothing about it, to fix it and get a patch out. No >> they gotta wait till hackers start exploiting this on a mass scale, and then >> they start paying attention. Scary part is how many other exploits do they >> know about that could have system-compromise type payloads, and haven't done >> anything about it. >> >> Again another PR nightmare and another black-eye for M$ because of there >> lack of due-diligence, has put customers at risk. >> >> Now note the fix is supposed to be coming out Tuesday for the various >> reported flaws ( including the last 2 IE ones) but it's a little too late >> when the bad guys already have plowed through thousands of computers and >> websites, with there exploits, and now those machines are apart of botnets, >> that are probably behind the spamming, and DDOS/DOS of GOVT sites, which has >> been posted on ISC from SANS. >> >> Any thoughts folks? Tell yeah TAM's >> >> Z >> >> >> Edward Ziots >> Network Engineer >> Lifespan Organization >> MCSE,MCSA,MCP+I, ME, CCA, Security +, Network + >> ezi...@lifespan.org >> Phone:401-639-3505 >> ________________________________________ >> From: Eric Wittersheim [mailto:eric.wittersh...@gmail.com] >> Sent: Thursday, July 09, 2009 6:35 PM >> To: NT System Admin Issues >> Subject: Re: Trend Micro and IE zero day exploit >> >> hmm, makes me wonder if OpenDNS is offering something like this. I think >> I'll take a look. >> On Thu, Jul 9, 2009 at 5:07 PM, Devin Meade <devin.me...@gmail.com> >> wrote: >> FYI - If you have Trend Micro Office Scan and are using the web reputation >> feature, you are covered: >> >> >> http://us.trendmicro.com/us/threats/microsoft-mpeg-vulnerability/index.html >> "Trend Micro products with Web Reputation technology currently block >> malicious URLs associated with this exploit." >> >> -- Devin >> >> >> >> >> >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~