Sign in / up

back to article Researcher: No emergency patch for critical Windows bug

A security researcher has downplayed the significance of publicly released attack code exploiting a critical vulnerability in newer versions of Windows, saying it isn't reliable enough to force Microsoft to issue an emergency patch. The exploit, which on Monday was folded into the open-source Metasploit penetration testing kit …

COMMENTS

House rules Send corrections
This topic is closed for new posts.
  1. Fritz
    FAIL

    Strange definitions

    This type of attitude just goes to show why Microsoft's number of "critical" security flaws is such a ridiculous understatement. They don't consider it to be critical because it only works half the time? I guess no hacker would ever try to do it twice...

    0 0
  2. Frumious Bandersnatch

    probabalistic infection

    Obviously 50% isn't considered serious enough. Never mind the impact of a successful attack, I suppose.

    0 0
  3. The Fuzzy Wotnot
    Pint

    Funky!

    Well that's funky then, there's 50/50 chance you'll be alright then!

    Jeez, talk about glass half full over empty!

    0 0
  4. frymaster

    @Fritz

    "They don't consider it to be critical"

    not saying you're wrong, but where does it say that?

    all it says is they aren't going to release an OOB patch

    0 0
  5. Anonymous Coward
    FAIL

    RTFA

    @ Fritz: Where does it say that MS said that? nowhere.

    @Frumious blablabla: I don´t see any comment from MS stating that 50% isen´t considered serious. Do you?

    @Fuzzy: There is a 50% chance you diden´t read the whole thing as well I suppose. Reread it to get the numbers right the 50% was under some specific circumstances.

    Seriously RTFA before the Anti-Ms feelings take over and start leaking out. There are SO many many many resons and arguments against Ms the least you could do was to pick the right once to pick at. Like the article does with how they missed the hole in the first place.

    0 0
  6. The Original Steve

    Fair Enough

    If it's 50% maximum success rate, and only if it's running under VMWare then a normal critical patch on a tuesday seems fine to me.

    Also remember that unless your brain dead the exploit can only be done from inside your firewall too...

    So IF you have someone inside your network who has the knowledge, drive and tools, and your using the very latest version of the platform under VMWare then at best it's a 50% chance of it working...

    Don't think that warrents an out of schedule patch.

    0 0
  7. Anonymous Coward
    Anonymous Coward

    Of course it's not critical...

    ... it isn't going to cost Microsoft any money.

    (You did realise that's the definition of "critical", didn't you?)

    0 0
  8. vr villa

    improbable thinking?

    micro-weenie has a great excuse not to patch a 'defined and known' problem...

    quoting:

    "A security researcher has downplayed the significance of publicly released attack code exploiting a critical vulnerability in newer versions of Windows, saying it isn't reliable enough to force Microsoft to issue an emergency patch."

    So, if it is a defined security problem that only works (let's say for arguments sake) 10% of the time...

    In 5 days time at just a 10% success rate, how many computers can be affected??

    with 1,000,000 computers as a theoretical number, that would be 100,000. Not an impossible number in 5 days.

    Wonder why I don't use whine-doze

    0 0
This topic is closed for new posts.

Other stories you might like