Adam Fields (weblog)

This blog is largely deprecated, but is being preserved here for historical interest. Check out my index page at adamfields.com for more up to date info. My main trade is technology strategy, process/project management, and performance optimization consulting, with a focus on enterprise and open source CMS and related technologies. More information. I write periodic long pieces here, shorter stuff goes on twitter or app.net.

1/3/2006

WMF exploit unofficial patch

Filed under: — adam @ 11:55 am

This is pretty unbelievable. A major exploit was announced, diagnosed, and confirmed. While Microsoft has sat on their ass and said they won’t have a patch available FOR ANOTHER WEEK, someone has reverse engineered the binary and issued their own patch. The patch has been verified by a number of reliable sources as being trustworthy, effective, and reversible. Install it now, if you use Windows.

http://isc.sans.org/diary.php?storyid=994

I’m not a lawyer, but this sounds like grounds for bringing a negligence lawsuit against Microsoft. It is completely unacceptable that the fix is simple enough that it can be done by someone without access to the source, there are known exploits in the wild, and it’s going to take another week for an official patch.

One Response to “WMF exploit unofficial patch”

  1. jvastine Says:
    January 7th, 2006 at 12:12 pm

    I agree wholeheartedly with your post. When will the
    consumers bnand together & hold Microsoft accountable
    for being lazy & producing faulty products? You do not
    encounter such a neglegent attitude in the open source
    world. When will the government officials of every
    nation, as well as corporate leaders/decision makers wake
    up & hold Microsoft accountable? I just don’t get it…
    this is crazy! Just like MS pointing the blame at security
    experts & hackers for exposing these issues, then treating
    them as though they are crackers & script kiddies. How
    did everything become so twisted?

Powered by WordPress