Barney's Blog

Blog archive

Microsoft Fixes IE Problem Pronto

Recently we talked about an IE elevation of privilege flaw that was publicized by a "security" company before the flaw was fixed. I put security in quote markets because I can't for the life of me see how security is enhanced when hackers are told how to attack our machines, and without giving the vendor a chance to glue up a patch.

Many of you agreed, as seen here.

Microsoft fortunately was able to fix this flaw fast and rushed out an out-of-band patch today. I guess this "security" firm can pat itself on the back for making Microsoft hop to, but this disclosure still left all IE users vulnerable for about a week. Your moms must be proud.

Trust me, this next observation has zero political content. I was looking at the "security" company's management roster to see if I knew anyone, then clicked on the Board of Directors. Two of the members are from Bain Capital. Just an observation. My guess is that Rapid7 investors might not be fans of publicizing open holes, especially given the reaction I see from IT pros (and more especially in an election year).

On another note with no political ax to grind, did you hear that Mitt Romney tried to hire Steve Ballmer when Steve was fresh out of Harvard? It's true.

What should real security companies do when they find a flaw? Wise and cogent answers welcome if you've got 'em at dbarney@redmondmag.com.

Posted by Doug Barney on 09/21/2012 at 1:19 PM


Featured

  • Office Mobile Apps To End as Microsoft Highlights New Office App

    Microsoft plans to end support for Windows 10 Mobile applications on Jan. 12, 2021, according to a Friday announcement.

  • Is Microsoft Finally Reinventing Office?

    Microsoft is testing out a new technology called "Fluid Framework." It could mean that Brien's dream of one Office app to rule them all might soon become reality.

  • Azure Active Directory Connect Preview Adds Support for Disconnected AD Forests

    Microsoft on Thursday announced a preview of a new "Cloud Provisioning" feature for the Azure Active Directory Connect service that promises to bring together scattered Active Directory "forests."

  • Microsoft Defender ATP Gets macOS Investigation Support

    The endpoint and detection response (EDR) feature in Microsoft Defender Advanced Threat Protection (ATP) has reached the "general availability" stage for macOS devices.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.