![]() MS13-021 patched a single vulnerability in IE6, IE7, IE8, IE9, IE10 and the newest, IE11, on all supported editions of Windows, as well as XP. The update itself, designated MS13-021, was straightforward, or at least compared to the ruckus over XP. Others in the company's Trustworthy Computing group have long predicted that attacks against XP PCs would increase once support for the OS ended, and used the dire forecast to push customers into migrating to something newer. Microsoft should not have been surprised that news spread about the IE flaw or that media reports focused on the fact that the bug was the first example of XP's out-in-the-cold situation. "Unfortunately this is a sign of the times and this is not to say we don't take these reports seriously. "The reality is there have been a very small number of attacks based on this particular vulnerability and concerns were, frankly, overblown," Hall added. "One of the things that drove much of this coverage was that it coincided with the end of support for Windows XP," Hall asserted. "The news coverage of the last few days about a vulnerability in Internet Explorer (IE) has been tough for our customers and for us," she said to open the blog, then later argued that the IE bug made headlines only because of its timing. Hall also seemed to blame news reports about the flaw - in particular that most reports led with the fact that XP would be vulnerable - for forcing Microsoft's hand. It just leaves open the door for more patches either to XP or other platforms in the future." "What if there is another zero-day next week or next month? When is Microsoft really really really going to put their foot down? So I'm surprised they went against their word on the end of life date. "For me it begs the question: So when exactly is the end of life date for XP?" Storms said in an interview conducted via instant message. Microsoft dropped XP from its support list three weeks ago.īut Storms questioned whether Microsoft had, knowingly or not, set a precedent that outsiders would cite each time a new vulnerability in Windows XP appeared. "We made this exception based on the proximity to the end of support for Windows XP," Hall wrote. In that blog, Adrienne Hall, a general manager in Microsoft's Trustworthy Computing group, made plain that today's release was the exception, not the rule, going forward. In fact, today's turnabout was bigger news than the security update itself, something Microsoft tacitly acknowledged by posting a long blog post that dealt not with the patch or the vulnerability, but with its decision to give XP customers a break.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |