> -----Original Message----- > From: Derick Anderson [mailto:[EMAIL PROTECTED]
> Research? It took Zotob 6 or 7 days to come out after > MS05-39. There's a > 0-day for WMF which has been out for two days now: > > http://www.f-secure.com/weblog/archives/archive-122005.html#00000752 In reality they've probably already validated most if not all of the vulnerability. Microsoft seems to have decided for some reason that it is not in their [or maybe our] best interest for them to validate vulnerabilities until there is a patch out. Possibly they feel validating the vuln to the world increases the risk rather than decreasing it. > I'd love to have the time to research updates before applying > them but I > think there's more risk in waiting than in having MS standard > templates > applied. You have the luxury of installing patches without testing them exactly because Microsoft spends 30+ days testing their patches. If they didn't, MS patches would break something every time, and you would never install them without your own testing. I think you're actually supporting the argument for MS to take their time to release a tested patch. > It won't surprise me in the slightest when I start > getting WMF > exploit emails with the pictures embedded (rather than linked). I just > wonder whether Microsoft will have a patch out in time. No need to wonder. It will be at least 35 days to get a patch. This is nothing new, we all knew this when we bought our Windows computers. --------------------------------------------------------------------------- ---------------------------------------------------------------------------
