Yeah, seriously. Is it a flaw that should have been rectified earlier? Sure.
Is there response NOW what I would hope for? Yes. I'd rather a company be willing to change posture for the better than not. -sc > -----Original Message----- > From: Ben Scott [mailto:[email protected]] > Sent: Thursday, August 26, 2010 9:46 AM > To: NT System Admin Issues > Subject: Re: Insecure Library Loading Vulnerability > > On Thu, Aug 26, 2010 at 9:08 AM, Steven M. Caesare > <[email protected]> wrote: > > For all of the bashing MS gets, I think it's good to see that > > internally the security teams take the vuln notifications seriously > > and were diligent in cooperating... > > Seriously? As I mentioned earlier, Microsoft's software has been criticized > for its search path behavior for literally decades. MS-DOS had this problem > and people pointed it out. Microsoft waited until this started to be seriously > attacked before doing anything about it. > They deserve condemnation on this one, not praise. > > -- Ben > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
