This is familiar:
Microsoft Corp. said on Tuesday a “critical” flaw in most versions of its flagship Windows operating system could allow hackers to break into personal computers and snoop on sensitive data.
Although no computers were reported to have been compromised, the world’s largest software maker warned that Windows NT, Windows 2000, Windows XP and Windows Server 2003 were at risk. Microsoft announced the flaw in its monthly security bulletin.
The company offered software updates to fix the software flaw, which it assigned its most severe rating of “critical.”
However, I found this kind of curios:
Marc Maiffret, co-founder of eEye Digital Security, the company that discovered the flaw, criticized Microsoft for taking more than six months to come up with a patch to fix the problem.
. . .
“We contacted Microsoft about these vulnerabilities 200 days ago, which is insane,” he said. “Even the most secure Windows networks are going to be vulnerable to this flaw, which is very unique.”
I’m not a computer expert, nor will I play on the blog. But 200 days seems like a long time to come up with a fix.
Download Patch.
200 days isn’t a long time to come up with a fix; it’s an unconscionably long time to come up with a fix. And it’s an unconscionably long time to leave machines (including mission critical servers with sensitive data) exposed to a security flaw, especially considering that black hat (i.e., evil) hackers learn about security flaws about the same time that white hat (i.e., good) hackers do….