|
|||||||
| Other Tech News The latest community based technology news from across the globe. (If you aren't a community newsposter then use the "Submit News" section.) |
 |
|
|
Thread Tools |
Apr 1, 2007, 10:54 PM
|
#1 |
|
DriverHeaven Extreme Member
Join Date: Apr 2004
Posts: 7,275
Rep Power: 89   |
Better Hope That the ANI Attacks Pass over Your Computer
Source: eWeek
________ There are many reasons to be disappointed in Microsoft over the .ANI vulnerability that is the talk of the security community the last few days. The analysis of the bug and its history speak badly of Microsoft's efforts in many ways: The company's patching practices came up short, its security protection technologies came up short, and its code analysis was shoddy. There are many reasons why this should never have happened, and now we should all be upset about it. The most glaring problem is the fact that Microsoft was informed of this vulnerability on Dec. 20, 2006, by Determina. It's April now and Microsoft released no updates last month. It's possible that the company is planning to wait for the April patch day (April 10), but my guess is that a patch will be coming out "out of cycle" the way they did for the WMF bug. |
|
|
|
Apr 1, 2007, 11:52 PM
|
#2 |
|
Flash Banner Hater
|
Applied the eeye patch, now surely Microsoft should have come up with an immediate mitigation measure, even if not a 100% functional patch?
http://research.eeye.com/html/alerts.../20070328.html
__________________
Mary had a little lamb, Her father shot it dead Now Mary takes her lamb to school, Between two crusts of bread 
|
|
|
|
|
| Thread Tools | |
|
|
