funsec mailing list archives
Re: Microsoft Makes Concessions to Security Software Makers
From: "Dude VanWinkle" <dudevanwinkle () gmail com>
Date: Sat, 14 Oct 2006 21:19:51 -0400
On 10/14/06, Nick FitzGerald <nick () virus-l demon co uk> wrote:
Dude VanWinkle wrote: > I would like to see a an exploit for this pre-release, which would > help answer an interesting question: If a working exploit was found in > the wild, would MS delay the ship date or just release a patch as soon > as they coded it. It would depend when the exploit was released relative to the code going gold/RTM. If "too close" to RTM (and there are far too many factors to consider in a hypothetical to give any idea of what that might be), or after it but before "public release", then you can bet that the security response folk would be working to ensure that it was either patched for the next Patch Tuesday (if it affected "enough" of the beta/RC releases) or at least to be ready for when the code was to be publicly released (November for corporate licensing programs, right?), so the first time Vista goes to WU (first time it goes online during/after install, yes?) it would pick it up.
As I am sure you know by now Vista already has several security hotfixes that are applied, but usually they bundle those fixes into the next build, but what I was referring to was the statement by Joanna and zdnet: http://www.networkworld.com/news/2006/080406-microsoft-blue-pill.html?page=2 In her presentation, Rutkowska suggested a few ways Microsoft might address the code-signing bypass issue, and Microsoft intends to review them. However, Microsoft probably won't hold up shipping Vista if it can't resolve the issue in time. --------------- I seem to remember Joanna using more definite terms when referring to a fix for preventing the processor virtualization "flaw" from being exploited, but my google skills are failing me tonight. Also that "fix" may have involved compromising their ability to deploy virtual instances that are indistinguishable from the real deal. Oops, I just "patched" the point I was trying to make into nonexistence. D'oh! -JP<who guesses if you talk to yourself long enough, you CAN answer all your questions> _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Microsoft Makes Concessions to Security Software Makers, (continued)
- Re: Microsoft Makes Concessions to Security Software Makers Drsolly (Oct 13)
- Re: Microsoft Makes Concessions to Security Software Makers Valdis . Kletnieks (Oct 13)
- Re: Microsoft Makes Concessions to Security Software Makers Rob, grandpa of Ryan, Trevor, Devon & Hannah (Oct 14)
- Re: Microsoft Makes Concessions to Security Software Makers Drsolly (Oct 14)
- Re: Microsoft Makes Concessions to Security Software Makers Rob, grandpa of Ryan, Trevor, Devon & Hannah (Oct 14)
- Re: Microsoft Makes Concessions to Security Software Makers Valdis . Kletnieks (Oct 14)
- Re: Microsoft Makes Concessions to Security Software Makers Nick FitzGerald (Oct 14)
- Re: Microsoft Makes Concessions to Security Software Makers Blue Boar (Oct 14)
- Re: Microsoft Makes Concessions to Security Software Makers Dude VanWinkle (Oct 14)
- Re: Microsoft Makes Concessions to Security Software Makers Nick FitzGerald (Oct 14)
- Re: Microsoft Makes Concessions to Security Software Makers Dude VanWinkle (Oct 14)
- Re: Microsoft Makes Concessions to Security Software Makers Nick FitzGerald (Oct 14)
- Re: Microsoft Makes Concessions to Security Software Makers Dude VanWinkle (Oct 14)
- Re: Microsoft Makes Concessions to Security Software Makers Blue Boar (Oct 14)
- Re: Microsoft Makes Concessions to Security Software Makers Dude VanWinkle (Oct 14)
- Re: Microsoft Makes Concessions to Security Software Makers Blue Boar (Oct 15)
- Re: Microsoft Makes Concessions to Security Software Makers Rob, grandpa of Ryan, Trevor, Devon & Hannah (Oct 14)
- Re: Microsoft Makes Concessions to Security Software Makers Blue Boar (Oct 14)
- Re: Microsoft Makes Concessions to Security Software Makers Nick FitzGerald (Oct 14)
- Re: Microsoft Makes Concessions to Security Software Makers Nick FitzGerald (Oct 14)
- Re: Microsoft Makes Concessions to Security Software Makers Nick FitzGerald (Oct 14)