Microsoft Corp. first learned of the animated cursor flaw in Windows in December 2006, more than 100 days before it released an emergency patch. The release marked just the third time in more than two years it has released an out-of-cycle security update.The head of the company's security research lab defended the time spent investigating, developing and testing the fix. "Engineering a patch is a long, complex process," said Mark Miller, director of the Microsoft Security Response Center (MSRC). "We look at surrounding areas of code for similar vulnerabilities and, from our internal investigation, address as many as we can find."
Microsoft was alerted to the ANI file bug Dec. 20 by Alexander Sotirov, a vulnerability researcher at Determina Inc. in Redwood City, Calif. By mid-March, when Microsoft skipped its usual second-Tuesday-of-the-month updates, the investigation had been completed and a patch created, said Miller. "But it was still undergoing testing," he said, explaining why the patch wasn't released then.
Source: computerworld.com
Tags: security update | vulnerability | Patch | Flaw | Emergency | defends | animated cursor | windows | Technology | redwood city | Microsoft
No comments:
Post a Comment