Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Micro$oft to patch Google engineer's zero-day next week


  • Please log in to reply
4 replies to this topic

#1 Union_Thug

Union_Thug

    Bleeps with the fishes...


  • Members
  • 2,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is everything
  • Local time:07:29 AM

Posted 09 July 2010 - 09:08 PM

http://www.infoworld.com/d/security-centra...ecurity_central

July 09, 2010
By Gregg Keizer | Computerworld

Microsoft said it will deliver four security updates next week to patch five vulnerabilities in Windows and Office, including the bug that a Google researcher took public a month ago.

As expected, the slate for next Tuesday is relatively short: Microsoft has been shipping alternating large and small batches of fixes, with the larger updates landing in even-numbered months. In June, for example, the company issued 10 bulletins that patched a record-tying 34 vulnerabilities. May's collection, meanwhile, amounted to just two bulletins that fixed two flaws.

"This month is light, and would have been even lighter if Tavis hadn't forced them to move faster than their norm [to patch his vulnerability]," said Wolfgang Kandek, the chief technology officer of Qualys.

snip

While some security researchers criticized Ormandy for taking the bug public, others rose to his defense, blasting both Microsoft and the press -- including Computerworld -- for linking Ormandy to his employer, Google.

Last week, a group of anonymous researchers who called themselves the Microsoft-Spurned Researcher Collective (MSRC) -- a play on the acronym used by the Microsoft team bug-investigation team -- retaliated by releasing information about an unpatched vulnerability in Windows Vista and Server 2008. The group published its bug report because of what it said was Microsoft's "hostility toward security researchers," and cited the Ormandy incident as the most recent example.

"This shows that Microsoft can move very quickly when it's necessary," said Kandek of Microsoft's patching speed.


More at link



BC AdBot (Login to Remove)

 


#2 Layback Bear

Layback Bear

  • Members
  • 1,880 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Ohio
  • Local time:06:29 AM

Posted 11 July 2010 - 01:35 PM

I like the idea that a group of security people are posting security threats in windows and getting M/S off there dead bass and verify the concerns and get the fixes out sooner.

#3 chromebuster

chromebuster

  • Members
  • 899 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the crazy city of Boston, In the North East reaches of New England
  • Local time:07:29 AM

Posted 11 July 2010 - 10:12 PM

But at the same time, you have to think about how good Microsoft is at what they do. I mean, they do try hard, just maybe a little work is needed for them to get fully up to par with security. They have their Antivirus now (much better than the antivirus of the Dos 6 days according to Randy Abrams of Eset), so now they just need to work on efficiency.

The AccessCop Network is just me and my crew. 

Some call me The Queen of Cambridge


#4 Layback Bear

Layback Bear

  • Members
  • 1,880 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Ohio
  • Local time:06:29 AM

Posted 12 July 2010 - 02:18 PM

You are correct chromebuster, Microsoft is doing a very much better when it comes to security and I thank them for that. I can also say in the same thought pattern, it's about time and don't stop now. Microsoft has the money and expertise to get better and do it faster. I also want to thank them for Window 7, great job.

#5 chromebuster

chromebuster

  • Members
  • 899 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the crazy city of Boston, In the North East reaches of New England
  • Local time:07:29 AM

Posted 12 July 2010 - 03:21 PM

You're telling me. I have finally got my Mom running windows 7, and despite her pleas of "I'm fine with what I have" and "I don't need to update", she just played with the OS a bit and now she loves it and she doesn't want anything else. And BTW, if you guys want that white paper from Eset, I can either upload it here for those who want to take it, or I can try to find the link again (though I don't remember what it was called).

The AccessCop Network is just me and my crew. 

Some call me The Queen of Cambridge





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users