A security researcher has downplayed the significance of publicly released attack code exploiting a critical vulnerability in newer versions of Windows, saying it isn't reliable enough to force Microsoft to issue an emergency patch. The exploit, which on Monday was folded into the open-source Metasploit penetration testing kit, …
This type of attitude just goes to show why Microsoft's number of "critical" security flaws is such a ridiculous understatement. They don't consider it to be critical because it only works half the time? I guess no hacker would ever try to do it twice...
Obviously 50% isn't considered serious enough. Never mind the impact of a successful attack, I suppose.
Well that's funky then, there's 50/50 chance you'll be alright then!
Jeez, talk about glass half full over empty!
"They don't consider it to be critical"
not saying you're wrong, but where does it say that?
all it says is they aren't going to release an OOB patch
@ Fritz: Where does it say that MS said that? nowhere.
@Frumious blablabla: I don´t see any comment from MS stating that 50% isen´t considered serious. Do you?
@Fuzzy: There is a 50% chance you diden´t read the whole thing as well I suppose. Reread it to get the numbers right the 50% was under some specific circumstances.
Seriously RTFA before the Anti-Ms feelings take over and start leaking out. There are SO many many many resons and arguments against Ms the least you could do was to pick the right once to pick at. Like the article does with how they missed the hole in the first place.
If it's 50% maximum success rate, and only if it's running under VMWare then a normal critical patch on a tuesday seems fine to me.
Also remember that unless your brain dead the exploit can only be done from inside your firewall too...
So IF you have someone inside your network who has the knowledge, drive and tools, and your using the very latest version of the platform under VMWare then at best it's a 50% chance of it working...
Don't think that warrents an out of schedule patch.
Of course it's not critical...
... it isn't going to cost Microsoft any money.
(You did realise that's the definition of "critical", didn't you?)
micro-weenie has a great excuse not to patch a 'defined and known' problem...
"A security researcher has downplayed the significance of publicly released attack code exploiting a critical vulnerability in newer versions of Windows, saying it isn't reliable enough to force Microsoft to issue an emergency patch."
So, if it is a defined security problem that only works (let's say for arguments sake) 10% of the time...
In 5 days time at just a 10% success rate, how many computers can be affected??
with 1,000,000 computers as a theoretical number, that would be 100,000. Not an impossible number in 5 days.
Wonder why I don't use whine-doze