1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News MS warns over unpatched IIS flaw

Discussion in 'Article Discussion' started by CardJoe, 9 Sep 2009.

  1. CardJoe

    CardJoe Freelance Journalist

    Joined:
    3 Apr 2007
    Posts:
    11,343
    Likes Received:
    292
  2. thehippoz

    thehippoz New Member

    Joined:
    19 Dec 2008
    Posts:
    5,780
    Likes Received:
    174
    I like how they say it was not responsibly disclosed
     
  3. Flibblebot

    Flibblebot Smile with me

    Joined:
    19 Apr 2005
    Posts:
    4,654
    Likes Received:
    151
    It just shows the problem inherent in only releasing patches once a month: it gives the script kiddies up to a month to wreak their havoc. I know it makes sense from MS's point of view - it gives them a month to test new patches - but from a customer's perspective, it sucks sweaty monkey balls.

    That said, are many companies going to be running IIS with FTP enabled, let alone open it to all and sundry?
     
  4. kosch

    kosch Trango in the Mango

    Joined:
    12 Feb 2005
    Posts:
    1,879
    Likes Received:
    94
    Another reason why I dont use IIS for FTP Servers in our farm. :)
     
  5. Otto69

    Otto69 New Member

    Joined:
    6 Oct 2007
    Posts:
    253
    Likes Received:
    3
    IIS == Inherently Invade able Software?
     
  6. LordPyrinc

    LordPyrinc Legomaniac

    Joined:
    7 Mar 2008
    Posts:
    596
    Likes Received:
    5
    Rushing patches out the door without sufficient testing time is just as dangerous as that might break other functionality or introduce new problems of their own. I also know from my experiences as a software developer that sometimes you go into fix a problem and uncover other flaws downstream from that fix that need attention as well.
     
  7. Shagbag

    Shagbag All glory to the Hypnotoad!

    Joined:
    9 Nov 2006
    Posts:
    320
    Likes Received:
    4
    While Apache is not without bugs, at least they're fixed a lot faster than it takes Microsoft "time to test and develop a patch".

    FFS Microsoft, does it really take you a whole month to fix broken code? I can't believe your developers cannot read C++, so it must be your leviathon management structure that slows things down.
     
Tags: Add Tags

Share This Page