I can't go along with you here. This has been documented as an issue -- for decades -- and MSFT has told people how to do it right -- for decades. Don't blame MSFT as a company for people (including some internal programmers!) for not following safe programming recommendations.
Changing this behavior removes functionality that MAY BE DESIRABLE. Just not in every situation. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -----Original Message----- From: Ben Scott [mailto:[email protected]] Sent: Thursday, August 26, 2010 9:46 AM To: NT System Admin Issues Subject: Re: Insecure Library Loading Vulnerability On Thu, Aug 26, 2010 at 9:08 AM, Steven M. Caesare <[email protected]> wrote: > For all of the bashing MS gets, I think it's good to see that > internally the security teams take the vuln notifications seriously > and were diligent in cooperating... Seriously? As I mentioned earlier, Microsoft's software has been criticized for its search path behavior for literally decades. MS-DOS had this problem and people pointed it out. Microsoft waited until this started to be seriously attacked before doing anything about it. They deserve condemnation on this one, not praise. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
