Microsoft released an emergency IE patch on Tuesday after deciding that an upswing in hacking attacks targeting a zero-day vulnerability in IE 6 and 7 couldn't wait for the next scheduled edition of Patch Tuesday, due on 13 April. The cumulative IE update (MS10-018) also fixes nine other security bugs in Microsoft's browser …
Well done MS.
One point to MS for getting out of their way to fix this. Now for something completely different: Hi MS, if you could try and deliver fit-for-purpose software to your _paying_ customers the first time around.... _that_ would be neat. We all can understand that software development is not an exact science, and that no complex piece of code can be guaranteed to be bug-free whatever testing you put it through, but seriously, this is getting ridiculous. I'm talking Exchange here (amongst others). We have several thousand users, and an Exchange system up to scale. For the last 5 years there has not been a month without a serious Exchange outage (the hardware and back-end are fine, mind you. Exchange just keeps dropping hundreds of mailboxes semi-randomly for no apparent reason.). That's only 1 to 2 % of mailboxes at a time, and that's temporary, most of the time, so no problem. Who needs their mailbox available more than 5 days out of 7 (randomly) anyway? Well, according to the service queue that we regularly have to replace with a recorded apology, lots of people.
Thank you for not listening, thanks to the accumulation of blunders I might be allowed to finally switch to a real system
Pissed anon tired of strugling with Exchange shortcomings
he bug was responsibly disclosed to them before it became public,
Best said with Rowan Atkinson-like voice and gestures for added comical value. Though the statement in itself is rather hillarious /as is/.
How many months to confirm?
"Microsoft fix cam little over three weeks after it publicly confirmed the flaw. A patch development time of two months or more is much more commonplace."
And how many months it took MS to confirm the flaw? MS doesn't say. I wouldn't either if I were MS.
There are dozens of flaws MS has never confirmed and some of those just vanished after monthly patch, 6 to 12 months later. Some didn't.
Story tells us that the flaw (and fix for it, presumably) was delivered to MS, but story doesn't tell when. My bet is somewhere in 2009 or so and MS dragged their feet until the hole became in wide use and then they started to do something about it.
That's the method of operation for them. Anything else is an exception.
Use something else.
Who still uses IE if not in a work environment? Best thing to come out of the browser choice screen was the variable alternatives and proof there actually was alternatives.
I am currently using a new one each month for a change, April is called sleipnir I think.
If cars were sold the way that IE has been the streets would be littered with crashed vehicles and bodies as small things in the vehicle managment systems kept failing.
Not that the auto-industry has a good history on recalls but no-one seems to have sued MS for having their bank account taken over.
As with several cars -- it's best to keep clear of the dodgy products and use something that has less fundamental problems (he says as the latest version of Firefox is released).
Safe Programming Language ?
If MS were serious about their "Security Development Lifecycle" they would stop using plain C/C++. I am not saying they should code in .Net - that would be a performance no-no.
But there do exist programming languages with a proper type system and proper runtime checks. Ada Pascal could be brought to that level.
This one already has these properties:
http://code.google.com/p/sappeur/ (Free SW)
...they could release a NEW version of Windows - one that is NOT based on past mistakes. This one could have some kind of "old windows emulator" if necessary. If Apple can do it (and even AMIGA can do it!) then surely Microsoft can!
should be "Ada AND Pascal could be brought to that level."
Message to the Register
Please just put a sticky note at the top of the page that says "Microsoft software is full of bugs - they fix some nearly every day but it's like using pebbles to hold back a flood..."
That way you can save time writing a new version of the "MS glaring security bug"/"MS fix a bug or two" stories nearly every day!