Barney's Blog

Blog archive

Microsoft Fixes IE Problem Pronto

Recently we talked about an IE elevation of privilege flaw that was publicized by a "security" company before the flaw was fixed. I put security in quote markets because I can't for the life of me see how security is enhanced when hackers are told how to attack our machines, and without giving the vendor a chance to glue up a patch.

Many of you agreed, as seen here.

Microsoft fortunately was able to fix this flaw fast and rushed out an out-of-band patch today. I guess this "security" firm can pat itself on the back for making Microsoft hop to, but this disclosure still left all IE users vulnerable for about a week. Your moms must be proud.

Trust me, this next observation has zero political content. I was looking at the "security" company's management roster to see if I knew anyone, then clicked on the Board of Directors. Two of the members are from Bain Capital. Just an observation. My guess is that Rapid7 investors might not be fans of publicizing open holes, especially given the reaction I see from IT pros (and more especially in an election year).

On another note with no political ax to grind, did you hear that Mitt Romney tried to hire Steve Ballmer when Steve was fresh out of Harvard? It's true.

What should real security companies do when they find a flaw? Wise and cogent answers welcome if you've got 'em at dbarney@redmondmag.com.

Posted by Doug Barney on 09/21/2012 at 1:19 PM


comments powered by Disqus

Reader Comments:

Fri, Sep 21, 2012 H Pa

Douggie, Douggie, Douggie, if your comments aren't with political undertones then why must you specifically mention Names and/or companies that are currently involved in political events? I would have preferred that you stay with IT technical stuff and stay out of politics. Unless of course you're attempting to get into politics using a technical column........

Fri, Sep 21, 2012 Bob Nebraska

Yea wait until the Hackers deside to focus on the other Browsers. SSDD

Fri, Sep 21, 2012 Bob Nebraska

Yea, wait until the hacker focus on the the other Browsers. SSDD

Fri, Sep 21, 2012 Dan Iowa

OK... Correct me if I'm wrong, but the way I understood it, the discovery was of the vulnerability being actively exploited in the wild. If that's true, IE users were vulnerable for about a week regardless of whether it was disclosed. Publicizing it gave Microsoft the opportunity to fix, and for users to take counter measures in the mean time.

Add Your Comment Now:

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Comment:
Please type the letters/numbers you see above

Redmond Tech Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.