What we really learn from this all WMF "thingie", is that when Microsoft wants to, it can.Microsoft released the WMF patch ahead of schedule ( http://blogs.securiteam.com/index.php/archives/181 ) Yep, THEY released the PATCH ahead of schedule. What does that teach us?
"We?" "Us?" Just who are you referring to? A vulnerability was discovered, they researched it, created and tested a patch (like they always do) and issued it. Done. Move on, please. There is nothing to learn here, other than the fact that everyone and their brother came out of the woodwork saying that the world was going to end and spreading mis-information. I believe even *you* posted erroneous information. Nice.
First everyone bitches about how bad Microsoft security is, how they don't "get it" and how they don't care. Then, when they issue a patch out-of-cycle, we hear pompous comments like "See! I told you so! They can do it if they want to, so they should do EVERYTHING like this!!" They handled it the right way, and still, they get criticism. Great.
Maybe it’s just that we are used to sluggishness. Perhaps it is time we, as users and clients, started DEMANDING of Microsoft to push things up a notch.
Oh, that's rich. Let's see-- wasn't it YOU that said to Dave Litchfield regarding Oracle:
<snip>
That is your choice.. although I personally believe you are being very extreme in your take on how alone Oracle is. It's not that I disagree with their behavior being questionable, I honestly believe a survey of how all vendors do where the s**t floats to the top without singling out the Bad but rather the Good, would work better.
</snip>So, it's OK for Oracle to have the worst security (both in product and in attitude) of any vendor on the face of the planet, and to take the "Oh, let's not pick on them by singling them out" mindset, but now you are DEMANDING that every patch be treated like the WMF patch just because YOU said so?? Why are you singling out Microsoft here?
What about WINE? Where is your DEMAND that THEY patch immediately? Where is the patch, anyway? Oh, there isn't one yet. Shouldn't you be ripping them a new one? After all, WINE is still vulnerable to the WMF exploit.
Put in the necessary resources, and release patches within days of first discovery. I’m willing to live with weeks and months in comparison to the year+ that we have seen sometimes. Naturally some problems take longer to fix, but you get my drift.
Oh, I totally get your drift. You are biased, and speak with a forked tongue.
t