Barney's Blog

Blog archive

Microsoft Fixes IE Problem Pronto

Recently we talked about an IE elevation of privilege flaw that was publicized by a "security" company before the flaw was fixed. I put security in quote markets because I can't for the life of me see how security is enhanced when hackers are told how to attack our machines, and without giving the vendor a chance to glue up a patch.

Many of you agreed, as seen here.

Microsoft fortunately was able to fix this flaw fast and rushed out an out-of-band patch today. I guess this "security" firm can pat itself on the back for making Microsoft hop to, but this disclosure still left all IE users vulnerable for about a week. Your moms must be proud.

Trust me, this next observation has zero political content. I was looking at the "security" company's management roster to see if I knew anyone, then clicked on the Board of Directors. Two of the members are from Bain Capital. Just an observation. My guess is that Rapid7 investors might not be fans of publicizing open holes, especially given the reaction I see from IT pros (and more especially in an election year).

On another note with no political ax to grind, did you hear that Mitt Romney tried to hire Steve Ballmer when Steve was fresh out of Harvard? It's true.

What should real security companies do when they find a flaw? Wise and cogent answers welcome if you've got 'em at [email protected]

Posted by Doug Barney on 09/21/2012 at 1:19 PM


Featured

  • Malwarebytes Affirms Other APT Attack Methods Used Besides 'Solorigate'

    Security solutions company Malwarebytes affirmed on Monday that alternative methods besides tainted SolarWinds Orion software were used in the recent "Solorigate" advanced persistent threat (APT) attacks.

  • How To Fix the Hyper-V Read Only Disk Problem

    DOS might seem like a relic now, but sometimes it's the only way to fix a problem that Windows seems ill-equipped to deal with -- like this one.

  • Microsoft Warns IT Pros on Windows Netlogon Fix Coming Next Month

    Microsoft on Thursday issued a reminder to organizations to ensure that their systems are properly patched for a "Critical"-rated Windows Netlogon vulnerability before next month's "update Tuesday" patch distribution arrives.

  • Microsoft Nudging Skype for Business Users to Teams

    Microsoft on Thursday announced some perks and prods for Skype for Business unified communications users, with the aim of moving them to the Microsoft Teams collaboration service instead.

comments powered by Disqus