Information Security News mailing list archives
Re: Microsoft upgrades IE flaw to critical after criticism
From: InfoSec News <isn () c4i org>
Date: Wed, 11 Dec 2002 02:25:18 -0600 (CST)
Forwarded from: joerg () fs is uni-sb de Allow me to comment a little bit on this one:
http://www.nwfusion.com/news/2002/1209msflaw.html By Joris Evers IDG News Service 12/09/02 Microsoft raised the risk rating on a security flaw in Internet Explorer (IE) to "critical" after criticism prompted it to reexamine the issue, the company said Friday.
The company did hardly get 'prompted to reexamine the issue'. It got told directly that it is wrong, on the edge of lying. In the words of Thor Larholm on Bugtraq, http://online.securityfocus.com/archive/1/302174/2002-11-30/2002-12-06/0 "It seems like Microsoft are deliberately downplaying the severity of their vulnerabilities in an attempt to gain less bad press. It sure would look bad to release 2 critical cumulative updates in just 2 weeks, but that is exactly what has been done. As it stands now, the bulletin is released and most journalists willing to comment have already noticed the "Moderate" label and the extensive list of (incorrect) mitigating factors, and quite likely will not write anything on just how severe this really is. I doubt most people care to read the revisions to the bulletin that will come later." It is possible that the article by nwfusion references another MS Security bulletin, as MS chose to change the Severity Rating of some bulletins lately. I lost track of IE patches some years ago, I am afraid. Trustworthy Bulletin Initiative might be the next step MS wants to take... Regards, Joerg - ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.
Current thread:
- Microsoft upgrades IE flaw to critical after criticism InfoSec News (Dec 10)
- <Possible follow-ups>
- Re: Microsoft upgrades IE flaw to critical after criticism InfoSec News (Dec 11)
- RE: Microsoft upgrades IE flaw to critical after criticism InfoSec News (Dec 13)
- Re: Microsoft upgrades IE flaw to critical after criticism InfoSec News (Dec 17)
- RE: Microsoft upgrades IE flaw to critical after criticism InfoSec News (Dec 17)
- RE: Microsoft upgrades IE flaw to critical after criticism InfoSec News (Dec 18)
- Re: Microsoft upgrades IE flaw to critical after criticism InfoSec News (Dec 20)