Microsoft Fixes IE Problem Pronto
Recently we talked about an IE elevation of privilege flaw that was publicized by a "security" company before the flaw was fixed. I put security in quote markets because I can't for the life of me see how security is enhanced when hackers are told how to attack our machines, and without giving the vendor a chance to glue up a patch.
Many of you agreed, as seen here.
Microsoft fortunately was able to fix this flaw fast and rushed out an out-of-band patch today. I guess this "security" firm can pat itself on the back for making Microsoft hop to, but this disclosure still left all IE users vulnerable for about a week. Your moms must be proud.
Trust me, this next observation has zero political content. I was looking at the "security" company's management roster to see if I knew anyone, then clicked on the Board of Directors. Two of the members are from Bain Capital. Just an observation. My guess is that Rapid7 investors might not be fans of publicizing open holes, especially given the reaction I see from IT pros (and more especially in an election year).
On another note with no political ax to grind, did you hear that Mitt Romney tried to hire Steve Ballmer when Steve was fresh out of Harvard? It's true.
What should real security companies do when they find a flaw? Wise and cogent answers welcome if you've got 'em at firstname.lastname@example.org.
Posted by Doug Barney on 09/21/2012 at 10:49 AM