[OT] Microsoft to patch 17-year-old computer bug
D. Hugh Redelmeier
hugh-pmF8o41NoarQT0dZR+AlfA at public.gmane.org
Fri Feb 5 15:01:58 UTC 2010
| From: Stephen <stephen-d-bJEeYj9oJeDQT0dZR+AlfA at public.gmane.org>
| http://news.bbc.co.uk/2/hi/technology/8499859.stm
|
| Now they can start working on the 16 year old bugs.
I inferred from the BBC article that Microsoft just learned of the
problem and will fix it soon.
"The ancient bug was discovered by Google security researcher
Tavis Ormandy in January 2010 and involves a utility that
allows newer versions of Windows to run programs that date
from the DOS era."
In fact, Ormandy says:
"Microsoft was informed about this vulnerability on 12-Jun-2009, and
they confirmed receipt of my report on 22-Jun-2009."
See
http://archives.neohapsis.com/archives/fulldisclosure/2010-01/0346.html
(Perhaps it was only a 16 year old bug then.)
See that article anyway. It shows how intricate the flaw is. It has
nothing to do with "a utility" as far as I can see.
I seem to remember that the DOS support is not in 64-bit Vista and 7
so they may not have this weakness.
Lessons:
- complicated interfaces are hard to secure and it is hard to be confident
of their security
- news reports, even from the BBC, are often inaccurate.
- The inaccuraccies have random effects. In this case, one makes MS
look better (supresses the fact that they have known about the bug
for 6 months), even though the net effect of the article is to make
MS look worse than I feel is warranted.
- obscure bugs matter a lot when they hit the front pages (think
Toyota perhaps -- hard to tell that one)
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list