on
March 15th 2006 at 9:36 am in Computers & Hardware, Media, Religion & Politics, Random Rantings, Security & Privacy, Software More specifically, the piece of shit they dare call ‘Excel’. Yes, it excells in fucking up documents. But I slightly digress.
Let’s look at the timeline that this vulnerability was reported:
Yesterday, ZDI reported:
2006.01.24 – Vulnerability reported to vendor
2006.02.21 – Digital Vaccine released to TippingPoint customers
2006.03.13 – Vulnerability information provided to ZDI security partners
2006.03.14 – Coordinated public release of advisory
Ah, so Microsoft knew about this for about 2 months already.
But the plot thickens. Xfocus tells us this:
2005.12.27 Informed the vendor.
2006.01.03 The vendor confirmed the vulnerability.
2006.03.14 The vendor releases a new version to fix the vulnerability.
Then, Hexview reports something different again:
Microsoft was notified on December 6th, 2006. The issue has been investigated
and the patch is currently available from Microsoft (MS06-012).
They obviously mean 2005 there and not 2006.
Anyway: it should be obvious that Microsoft let you ride their crap vulnerable software for over 3 months. The bad guys could even have known about this thing much longer than that.
Fuck proprietary software!
no comments 
