Microsoft released an emergency IE patch on Tuesday after deciding that an upswing in hacking attacks targeting a zero-day vulnerability in IE 6 and 7 couldn't wait for the next scheduled edition of Patch Tuesday, due on 13 April. The cumulative IE update (MS10-018) also fixes nine other security bugs in Microsoft's browser …

COMMENTS

House rules Send corrections

This topic is closed for new posts.

Wednesday 31st March 2010 08:00 GMT Anonymous Coward

Well done MS.

One point to MS for getting out of their way to fix this. Now for something completely different: Hi MS, if you could try and deliver fit-for-purpose software to your _paying_ customers the first time around.... _that_ would be neat. We all can understand that software development is not an exact science, and that no complex piece of code can be guaranteed to be bug-free whatever testing you put it through, but seriously, this is getting ridiculous. I'm talking Exchange here (amongst others). We have several thousand users, and an Exchange system up to scale. For the last 5 years there has not been a month without a serious Exchange outage (the hardware and back-end are fine, mind you. Exchange just keeps dropping hundreds of mailboxes semi-randomly for no apparent reason.). That's only 1 to 2 % of mailboxes at a time, and that's temporary, most of the time, so no problem. Who needs their mailbox available more than 5 days out of 7 (randomly) anyway? Well, according to the service queue that we regularly have to replace with a recorded apology, lots of people.

Thank you for not listening, thanks to the accumulation of blunders I might be allowed to finally switch to a real system

Pissed anon tired of strugling with Exchange shortcomings

5 4
Wednesday 31st March 2010 08:00 GMT ElReg!comments!Pierre

he bug was responsibly disclosed to them before it became public,

Best said with Rowan Atkinson-like voice and gestures for added comical value. Though the statement in itself is rather hillarious /as is/.

0 0
Wednesday 31st March 2010 08:03 GMT Anonymous Coward

How many months to confirm?

"Microsoft fix cam little over three weeks after it publicly confirmed the flaw. A patch development time of two months or more is much more commonplace."

And how many months it took MS to confirm the flaw? MS doesn't say. I wouldn't either if I were MS.

There are dozens of flaws MS has never confirmed and some of those just vanished after monthly patch, 6 to 12 months later. Some didn't.

Story tells us that the flaw (and fix for it, presumably) was delivered to MS, but story doesn't tell when. My bet is somewhere in 2009 or so and MS dragged their feet until the hole became in wide use and then they started to do something about it.

That's the method of operation for them. Anything else is an exception.

2 2
Wednesday 31st March 2010 09:31 GMT alistair millington

Use something else.

Who still uses IE if not in a work environment? Best thing to come out of the browser choice screen was the variable alternatives and proof there actually was alternatives.

I am currently using a new one each month for a change, April is called sleipnir I think.

1 1
Wednesday 31st March 2010 10:06 GMT Elmer Phud

Cars

If cars were sold the way that IE has been the streets would be littered with crashed vehicles and bodies as small things in the vehicle managment systems kept failing.

Not that the auto-industry has a good history on recalls but no-one seems to have sued MS for having their bank account taken over.

As with several cars -- it's best to keep clear of the dodgy products and use something that has less fundamental problems (he says as the latest version of Firefox is released).

2 1
Wednesday 31st March 2010 13:07 GMT Anonymous Coward

Safe Programming Language ?

If MS were serious about their "Security Development Lifecycle" they would stop using plain C/C++. I am not saying they should code in .Net - that would be a performance no-no.

But there do exist programming languages with a proper type system and proper runtime checks. Ada Pascal could be brought to that level.

This one already has these properties:

http://code.google.com/p/sappeur/ (Free SW)

0 1
1. Wednesday 31st March 2010 15:23 GMT Anonymous Coward
  
  Alternatively...
  
  ...they could release a NEW version of Windows - one that is NOT based on past mistakes. This one could have some kind of "old windows emulator" if necessary. If Apple can do it (and even AMIGA can do it!) then surely Microsoft can!
  
  2 0
Wednesday 31st March 2010 13:22 GMT Anonymous Coward

Errata

should be "Ada AND Pascal could be brought to that level."

0 0
Wednesday 31st March 2010 15:23 GMT Anonymous Coward

Message to the Register

Please just put a sticky note at the top of the page that says "Microsoft software is full of bugs - they fix some nearly every day but it's like using pebbles to hold back a flood..."

That way you can save time writing a new version of the "MS glaring security bug"/"MS fix a bug or two" stories nearly every day!

1 0