Windows Help Needs Help
The help system for Windows XP and Server 2003 has a flaw that could (but hasn't yet) allow remote code execution exploits. For the attack to work, a user will have to visit a malicious Web site or click a bad link in a spam message.
The flaw was discovered by Google which blasted Microsoft for waiting to release the information. Correct me if I'm wrong, but disclosing an unpatched flaw is an open invitation to hackers, n'est-ce pas?
What do you think? Should flaws be publicized before there's a remedy? Send me a malicious-code-free e-mail with your thoughts to firstname.lastname@example.org.
Posted by Doug Barney on 06/14/2010 at 1:17 PM