Gadgetell | Tech News, Reviews, and Interesting Things

Dabbledoo Media Gadgetell Gamertell Appletell
Subscribe to our content for free: (?)
Get our Daily Email
Sections: Tech News, Computers, Security, Software / Applications

Does Microsoft really have security experts?

by XXCJCM on Oct 8, 2006 at 02:26 AM
Add a Comment

Microsoft Windows Update screenWow…I hope Mr. Bill Gate won’t be mad at me or Gadgetell for asking this kind of question. I know Microsoft has an army of those security consultants but I am not sure what do they do. You might be wondering why I asked. I had just read the latest Microsoft security news at Mobile Tech Today by Tim Gray October 6, 2006 10:56AM and here is what it says:

Discovered by Sunbelt Software, the vulnerability involved the way that the browser handles Vector Markup Language (VML) graphics. Reports had emerged that hackers were exploiting the flaw by creating Web pages could download spyware or keyloggers onto a user’s system.

Did you get what I am trying to convey here? A lot of Windows security vulnerabilities are discovered by third parties, not Microsoft security consultants, at least that is what I am made to understand from my limited reading and knowledge. Even if Redmond does discover a weakness in their software, they just quietly develop the patches and make them available for download. A good public relation exercise is definitely in practice here.

More often than not, those third parties are….yes, your guess is as good as mine…hackers. By the time the news get to Microsoft, the damage is already done. I bet, Microsoft engineers then had to stay overnight to come up with fixes and quickly put up the patches for download.

The vulnerability that was discovered by Sunbelt Software mentioned in the report is related to the way Microsoft IE browser handles VML. I checked Windows Security Update webpage and found out only last month, published 12th September 2006, there was a list of patches already issued supposedly to cater for the same VML vulnerability.

Microsoft released a critical security update today that addresses a remote code execution vulnerability that exists in the Vector Markup Language (VML) implementation in Microsoft Windows:
• MS06-055 - addresses a vulnerability in Microsoft Windows

As part of Microsoft’s routine, monthly security update cycle, we released the following 3 security updates on September 12, 2006:
• MS06-052 - addresses a vulnerability in Microsoft Windows
• MS06-053 - addresses a vulnerability in Microsoft Windows
• MS06-054 - addresses a vulnerability in Microsoft Office

We also re-released the following 2 security updates on September 12, 2006:
• MS06-040 - addresses a vulnerability in Microsoft Windows
• MS06-042 - addresses a vulnerability in Internet Explorer, a component of Windows

Is Microsoft telling us that the previous patches didn’t work? Which brings another question….how stringent is their quality assurance testing with regards to security? I will let your thought runs wild on that.

In the mean time, don’t forget this coming Tuesday, 10th October 2006, you have to run your Windows update again. Happy downloading….!

Read [Mobile Tech Today]

Keep up with the latest gadget goodness! - Subscribe to our feed


Permalink Print
Join the Discussion

Name: *

Email: *

Location (Links to Google Maps):

URL:

Enter Your Comment Below...

* Required fields

Remember my information?

Notify me of follow-up comments?

Submit the word you see below:


Special Features

Live from CES 2009

CES 2009

We're live from the world's largest tradeshow. Hit up our dedicated CES page for keynote coverage, product announcements, interviews, and photo galleries from the show floor. We're excited... are you?

Continue Reading »

Live from Macworld 2009

Macworld 2009

The Appletell staff is working their way through the show floor at Macworld 2009 to bring you the latest Apple products and accessories. Hit the Macworld page for non-stop coverage...

Continue Reading »