Bugtraq mailing list archives
Re: New from the MS Advisory
From: Damaged Industries <damaged () damaged no-ip com>
Date: Thu, 5 Jan 2006 17:35:00 -0500
Windows Automatic Update now has the patch for this, live. On Tue, Jan 03, 2006 at 08:19:21AM -0500, Larry Seltzer wrote:
*What's Microsoft's response to the availability of third party patches for the WMF vulnerability? Microsoft recommends that customers download and deploy the security update for the WMF vulnerability that we are targeting for release on January 10, 2006. As a general rule, it is a best practice to utilize security updates for software vulnerabilities from the original vendor of the software. With Microsoft software, Microsoft carefully reviews and tests security updates to ensure that they are of high quality and have been evaluated thoroughly for application compatibility. In addition, Microsoft's security updates are offered in 23 languages for all affected versions of the software simultaneously. Microsoft cannot provide similar assurance for independent third party security updates. * Why is it taking Microsoft so long to issue a security update? Creating security updates that effectively fix vulnerabilities is an extensive process. There are many factors that impact the length of time between the discovery of a vulnerability and the release of a security update. When a potential vulnerability is reported, designated product specific security experts investigate the scope and impact of a threat on the affected product. Once the MSRC knows the extent and the severity of the vulnerability, they work to develop an update for every supported version affected. Once the update is built, it must be tested with the different operating systems and applications it affects, then localized for many markets and languages across the globe.
-- I'll pretend to trust you if you'll pretend to trust me. Damaged Industries .-. damaged at damaged.no-ip.com .-. / \ .-. _ .-. / \ \-------/-----\-----/---\---/-\---/---\-----/-----\-------/ \ / \ / `-' `-' \ / \ / \ / `-' KeyID: 0x19F8B6A2 `-' \ / `-' http://damaged.no-ip.com/pub.asc `-' 35F1 BB56 DF58 F7D6 CFAF 3ED5 F306 F170 19F8 B6A2
Current thread:
- New from the MS Advisory Larry Seltzer (Jan 03)
- Re: New from the MS Advisory Damaged Industries (Jan 05)