One of the things that I have found interesting is how some companies respond to vulnerability disclosure. I have worked with six large security vendors over the last couple of months and only one of them has their head lodged firmly in their posterior. But, everyone of them responded in a prompt and professional manner.
A Kiwi hacker has discovered that Microsoft may not be quite as diligent in responding to vulnerability disclosures.
From Stuff New Zealand:
“I assumed they were aware of the issue,” he said. The “bug” was first recognised five years ago, but was supposed to have been fixed.
The design flaw meant a person could take control of vast numbers of home or office PCs around the world in a single attack, read data, steal passwords or use them to distribute spam or viruses.
Mr Butler said while testing the flaw, he found more than 160,000 computers in NZ were vulnerable.
Microsoft confirmed the issue was serious and asked the newspaper not to publish specific details over fears they could be mis-used.
A lot of cold turkey sandwiches to go around since Microsoft had their folks working through the US holiday to find a fix. The race is on then. How long until the malware underground weaponizes this vulnerability and we see a new Storm worm outbreak?
[tags]New Zealand Hacker, Kiwi Hacker[/tags]
