Microsoft’s Patch Tuesday has struck again. It seems, that in order to enjoy Microsoft’s recent patch days, one must really appreciate the oh-so-sweet smell of downplay.
Richard Smith recently posted on funsec about a possible security issue with Microsoft Outlook. This blog post details my initial findings on the issue, including information that indicates it may be more broad than previously thought.
A colleague of mine once used a term that seemed very fitting to a particular security process. He termed it what it was, in my opinion: a disgrace. That’s hard to say seriously without immediately thinking of the company that has, in the security space, re-defined what it means to be a disgrace: Oracle.
We’ve been hearing a lot about software distributors downplaying vulnerabilities in their code. It seems like a familiar tune. Gadi’s post hits on it. I talked about it two weeks ago after Mozilla managed to (yet again) severely downplay some trivially-exploitable vulnerabilities fixed by recent patches. Judging from this week’s Windows Media Player fiasco, the lesson hasn’t been learned.