Microsoft Knew About IE Hole For Months….WTF?

Just when I thought I could praise Microsoft for being quick to fix a flaw that existed in IE that allowed Chinese hackers to hack Google among others, I find out that Microsoft had known about this flaw for months:

The software giant had intended to release a patch for the flaw in February — more than four months after learning about it, but had to speed up that plan and role it out this week in the wake of news that Google and others had been hacked through the flaw, the world’s largest software maker acknowledged Thursday.

I think this supports the view that some people in the computer security community have that as soon as a flaw is found, the vendor should fix it. If that doesn’t happen in a reasonable amount of time, then the flaw should be publicized with a workaround to protect users. That way the vendor is forced to fix it ASAP. Given what happened in this case, it may be the only way to deal with situations like this to go going forward.

Leave a Reply

%d bloggers like this: