|
What we really learn from this all WMF "thingie", is that when Microsoft wants to, it can. Microsoft released the WMF patch ahead of schedule ( http://blogs.securiteam.com/index.php/archives/181 ) Yep, THEY released the PATCH ahead of schedule. What does that teach us? There are a few options: 1. When Microsoft wants to, it can. There was obviously pressure with this 0day, still =97 most damage out there from vulnerabilities is done AFTER Microsoft releases the patch and the vulnerability becomes public. 2. Microsoft decided to jump through a few QA tests this time, and release a patch. Why should they be releasing BETA patches? If they do, maybe they should release BETA patches more often, let those who want to - use them. It can probably also shorten the testing period considerably. If this patch is not BETA, but things did just /happen/ to progress more swiftly.. than maybe we should re-visit option #1 above. ... Maybe it=92s just that we are used to sluggishness. Perhaps it is time we, as users and clients, started DEMANDING of Microsoft to push things up a notch. ... Put in the necessary resources, and release patches within days of first discovery. I=92m willing to live with weeks and months in comparison to the year+ that we have seen sometimes. Naturally some problems take longer to fix, but you get my drift. It=92s just like with false positives=85 as an industry we are now used to them. We don=92t treat them as bugs, we treat them as an =93acceptable level of=94, as I heard Aviram mention a few times. ... The rest is in my blog entry on the subject: http://blogs.securiteam.com/index.php/archives/182 Gadi.