Re: Microsoft trying to put F.U.D. on Guilfanov 'temporary' patch

[Florian Weimer <fw () deneb enyo de>]

* Michael Blanchard:

> I wouldn't think that they would vouch for it.  Even when it's
> created by a trusted person such as Ilfak.

It's not just a trust issue.  If they were sure that Ilfak's approach
doesn't break anything important, they would release their own patch
(which probably does something similar) today, and defer it until the
January 10th, until proper regression testing and patch validation has
taken place.

I'm still a bit mystified how dangerous this vulnerability really is,
beyond the mad-clicking home user.  Maybe waiting one more week is the
right thing to do from a technical perspective.  It could prove a bad
PR move, though.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.