Microsoft admits it knew about IE bug last year
The unpatched ActiveX security flaw in Internet Explorer that is being exploited has been known to Microsoft for over a year. At Computerworld, Gregg Keizer reports:
Microsoft on Thursday confirmed it has known about a bug behind widespread Internet Explorer (IE) attacks for more than a year, but defended its security process against critics.
The delay in dealing with the security problem is being criticized:
The 16- to 18-month stretch between early 2008 and now is too long for Microsoft’s customers to go without a patch, said John Pescatore, Gartner’s primary security analyst. “That’s just not an acceptable timeframe,” Pescatore said. “It shouldn’t take a year, not [for] a company the size of Microsoft.
“It’s really hard to think of some technical reason why it would take 18 months. That means it must be for other reasons, business reasons or product reasons or priority reasons,” he said. “But this had to have been pretty high-priority.”
The temporary fix for the problem was posted here.
Did you enjoy this post? Why not leave a comment below and continue the conversation, or subscribe to my feed and get articles like this delivered automatically to your feed reader.
Comments
No comments yet.
Sorry, the comment form is closed at this time.