eWeek reports that Microsoft is getting some flack on its handling of security issues. Yes, this is the same Microsoft that thinks it's good for you to render your MP3s unplayable just because you happened to accidentally regenerate a cryptographic key when reinstalling the OS (a quick fix that works for most many inexplicable problems). Here's the current corporate response:
While KDE was fixing the problem, Microsoft officials would say only that the company was investigating it. Nine days after the advisory was published, Microsoft posted an article to its TechNet site explaining the flaw and saying that the scenario and the likelihood of an attacker being caught make exploitation of the vulnerability unlikely.Compare this to KDE's initial response, and their updated resolution to the matter, as of today.Microsoft security officials said the delay was necessary to investigate the issue, since Benham released his advisory without notifying Microsoft first. The company said it will issue a patch, but officials could not say when.
"It's in the nature of these issues that we have to do highly detailed research," said Scott Culp, manager of the Microsoft Security Response Center, in Redmond, Wash.
