funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Microsoft Makes Concessions to Security Software Makers

From: "Dude VanWinkle" <dudevanwinkle () gmail com>
Date: Sat, 14 Oct 2006 21:19:51 -0400
On 10/14/06, Nick FitzGerald <nick () virus-l demon co uk> wrote:

Dude VanWinkle wrote:

> I would like to see a an exploit for this pre-release, which would
> help answer an interesting question: If a working exploit was found in
> the wild, would MS delay the ship date or just release a patch as soon
> as they coded it.

It would depend when the exploit was released relative to the code
going gold/RTM.  If "too close" to RTM (and there are far too many
factors to consider in a hypothetical to give any idea of what that
might be), or after it but before "public release", then you can bet
that the security response folk would be working to ensure that it was
either patched for the next Patch Tuesday (if it affected "enough" of
the beta/RC releases) or at least to be ready for when the code was to
be publicly released (November for corporate licensing programs,
right?), so the first time Vista goes to WU (first time it goes online
during/after install, yes?) it would pick it up.



As I am sure you know by now Vista already has several security
hotfixes that are applied, but usually they bundle those fixes into
the next build, but what I was referring to was the statement by
Joanna and zdnet:

http://www.networkworld.com/news/2006/080406-microsoft-blue-pill.html?page=2

In her presentation, Rutkowska suggested a few ways Microsoft might
address the code-signing bypass issue, and Microsoft intends to review
them. However, Microsoft probably won't hold up shipping Vista if it
can't resolve the issue in time.

---------------

I seem to remember Joanna using more definite terms when referring to
a fix for preventing the processor virtualization "flaw" from being
exploited, but my google skills are failing me tonight. Also that
"fix" may have involved compromising their ability to deploy virtual
instances that are indistinguishable from the real deal.


Oops, I just "patched" the point I was trying to make into nonexistence. D'oh!

-JP<who guesses if you talk to yourself long enough, you CAN answer
all your questions>
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: