Steve Manzuik
Steve Manzuik
deal doubt faster finding move rogue unless
Overall, they have improved, there's no doubt about that. But unless they move faster on some of these high-impact vulnerabilities, we'll always deal with rogue researchers finding the same things,
bit eight gets nine september
I think September will be quiet. When we get the six, seven, eight or nine patches, it gets to be a bit more difficult.
argument buy dark feels flaw guy pain resources system time
I don't buy the argument that they are aiding attackers. The attackers are already reverse-engineering the patches. They have the time and resources to find out where the flaw lies. The guy that feels the pain is the system administrator who is in the dark and who can't do his own reverse-engineering.
assigned code execution means
We've assigned it our 'High' rating, which means the vulnerability allows for code execution,
mean potential seen
The potential is there. We haven't seen any exploitation, but it doesn't mean it can't be done.
dangerous extremely hackers issue microsoft sets sharing smart takes time tools using
There are some extremely smart hackers out there using and sharing the tools that find these vulnerabilities. When Microsoft takes a long time to issue fixes, it sets up a dangerous situation,
account attention clicking generally links locking mitigate paying protect risk sites sources system themselves users using web
Users can protect themselves by not clicking on any links in e-mails from unrecognized sources and by generally paying attention to what Web sites they are visiting. Locking down a system and not using the administrator account at all times lowers the risk but does not mitigate the vulnerability.
access actual allow crash critical data error exploited expose flaw information local machine network running
This flaw is not as critical as some because it can only be exploited on the local network and even if it is compromised, the error would only be able to crash the server, not expose the data or put information at risk. Basically, someone on the local network could crash the machine running the software. It doesn't allow for any kind of actual access to the machine or to the data.
bad dark guy ignore left patch simply spent time
They are simply left in the dark and may ignore a patch that is super-critical to their environment. Meanwhile, the bad guy has spent the time to find out what was silently fixed.
against intended meant microsoft patch protection rather replace temporary
This patch is not meant to replace the forthcoming Microsoft patch, rather it is intended as a temporary protection against this flaw.
list longer means microsoft patch
This month, Microsoft is only issuing one patch and we already know it's not one of ours. That means that our overdue list will keep getting longer and longer,
address far update
As far as we know, this update does not address our issues.
based customers delay depend details figure information install patch reality respond system
Microsoft's customers depend on that information to figure out how to respond to Patch Tuesday. The reality is, system administrators will delay deploying a patch based on the details of the bulletin. When details aren't included, he won't install that patch. That is a big problem.
assume exploit full malicious microsoft might problem provide safe
It's safe to assume that once we find a flaw, someone else will probably find it. The problem here is that someone malicious might find it and exploit it before Microsoft can provide full protection.