The patch for the dreaded "IFrame Vulnerability" was FINALLY released. It took microsoft 29 days to release a patch for arbitrary code execution in their browser that had available exploit code from about 27 days ago. That was absolutely rediculous.
http://secunia.com/advisories/12959/
According to link, XP SP2 already fixed it. So maybe half or more (correct me if I'm way off) of the patch's "target audience" was already patched.
Quote from: Yoni on December 01, 2004, 06:30 PM
According to link, XP SP2 already fixed it. So maybe half or more (correct me if I'm way off) of the patch's "target audience" was already patched.
Windows 2k3 and Windows 2000 were still vulnerable. And there are still a lot of corperations who haven't gotten approval to move to SP2 yet (because of all the incompatilibity issues we know it's going to cause)
Quote from: iago on December 01, 2004, 07:59 PM
Quote from: Yoni on December 01, 2004, 06:30 PM
According to link, XP SP2 already fixed it. So maybe half or more (correct me if I'm way off) of the patch's "target audience" was already patched.
Windows 2k3 and Windows 2000 were still vulnerable. And there are still a lot of corperations who haven't gotten approval to move to SP2 yet (because of all the incompatilibity issues we know it's going to cause)
I recently upgraded my development partition of XP to SP2. I haven't had any compatibility issues, despite my fear of them.
Quote from: MyndFyre on December 01, 2004, 08:24 PM
Quote from: iago on December 01, 2004, 07:59 PM
Quote from: Yoni on December 01, 2004, 06:30 PM
According to link, XP SP2 already fixed it. So maybe half or more (correct me if I'm way off) of the patch's "target audience" was already patched.
Windows 2k3 and Windows 2000 were still vulnerable. And there are still a lot of corperations who haven't gotten approval to move to SP2 yet (because of all the incompatilibity issues we know it's going to cause)
I recently upgraded my development partition of XP to SP2. I haven't had any compatibility issues, despite my fear of them.
We're definately going to have them. We have some crappy software being used. We're just hoping it won't go TOO badly.
Quote from: iago on December 01, 2004, 07:59 PM
Windows 2k3 and Windows 2000 were still vulnerable.
Actually,
Quote
NOTE: The vulnerability does not affect systems running Windows XP with SP2 installed nor Windows Server 2003.
But yes @ Win2k. And yes, I know lots of people didn't install it yet. I just threw a guess (based on absolutely nothing) that half of Windows users use XP SP2. Any based statistics?
well, the only statistics that I've seen are from Microsoft, "Over xxxx billion people have installed it!", but that doesn't really mean anything.
The odd part is that they fixed the problem in SP2, yet it took them a month to fix it on other platforms. It's confusing, like, did they manage to lose the bug that caused it or something? :/
Quote from: iago on December 02, 2004, 07:28 AM
well, the only statistics that I've seen are from Microsoft, "Over xxxx billion people have installed it!", but that doesn't really mean anything.
The odd part is that they fixed the problem in SP2, yet it took them a month to fix it on other platforms. It's confusing, like, did they manage to lose the bug that caused it or something? :/
The fix has to be backported to the older source tree and then there's a huge regression test matrix they have to run everything through to make sure it doesn't break stuff. But I'm not sure why it took them 27 days to do that when they've done other things much faster.
Perhaps it broke something at first?
Your msn icon requires auth Skywing?