Microsoft released a patch for Windows on Tuesday that fixed one of the most severe security holes ever found in the operating system. Microsoft said it took more than six months to fix the problem and to make sure the patch was thoroughly tested. During this time, the vulnerabilities could have been exploited by another MSBlast-type attack, allowing a virus to rapidly infect a large number of Internet-connected computers, according to security experts.
EEye now says it has reported another seven as-yet-unpatched bugs to Microsoft, some as long as five months ago. The company is listing the report dates and seriousness of the bugs on its Web site, but will reveal no further information until Microsoft has released fixes.
Two of eEye's most dangerous flaws were reported to Microsoft on 10 September, 2003, while the third was brought to the company's attention a month later. According to eEye's Web site, the fixes are overdue by 94 and 66 days respectively.
EEye is one of many security research organisations reporting vulnerabilities to Microsoft, but is one of the few which allows the public to monitor the progress of its bug reports. Some researchers have been known to release public warnings about specific flaws if they judge a software vendor is taking too long to patch, a practice which vendors have heavily criticised.
According to eEye's Web site, full details of each vulnerability "will be disclosed to the public at the time a patch is released from the vendor".
Talkback
That's it!!! I've had it with all these #$%^$#@%^$ bugs and holes in WIndows! I'm going to switch to Linux or maybe even Mac OS X.
Go for it. I use it on my laptop and at home it is excellent. The easiest one to use that supports a lot of hardware is Mandrake
Easy to install.
Microsoft operating systems and IE get the most attention regarding bugs, but their other products are full of bugs too! I just downloaded sp 1 for Visual Studio 2002 and now the program is deleting datasets and data adapters after debugging. How can I put out a product when the foundation of the product is built on a pile of sand!
Microsoft doesn't even want to hear about their problems, unless of course you pay them!