http://www.microsoft.com/technet/security/advisory/912840.mspx
January 10th...is the target. > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Navroz Shariff > Sent: Tuesday, January 03, 2006 3:17 PM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] OT: WMF issue - patch on the 10th > > Regarding the June 10 WMF exploit patch release, can somone > please point me to Microsoft's article regarding the release. > > Thanks, > > Nav > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley > Sent: Tuesday, January 03, 2006 12:33 PM > To: ActiveDir@mail.activedir.org > Subject: [ActiveDir] OT: WMF issue - patch on the 10th > > What's Microsoft's response to the availability of third > party patches for the WMF vulnerability? > Microsoft recommends that customers download and deploy the > security update for the WMF vulnerability that we are > targeting for release on January 10, 2006. > > As a general rule, it is a best practice to utilize security > updates for software vulnerabilities from the original vendor > of the software. With Microsoft software, Microsoft carefully > reviews and tests security updates to ensure that they are of > high quality and have been evaluated thoroughly for > application compatibility. In addition, Microsoft's security > updates are offered in 23 languages for all affected versions > of the software simultaneously. > > Microsoft cannot provide similar assurance for independent > third party security updates. > > Why is it taking Microsoft so long to issue a security update? > Creating security updates that effectively fix > vulnerabilities is an extensive process. There are many > factors that impact the length of time between the discovery > of a vulnerability and the release of a security update. When > a potential vulnerability is reported, designated product > specific security experts investigate the scope and impact of > a threat on the affected product. Once the MSRC knows the > extent and the severity of the vulnerability, they work to > develop an update for every supported version affected. Once > the update is built, it must be tested with the different > operating systems and applications it affects, then localized > for many markets and languages across the globe. > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/