“Sample attack code released by security firms is putting unpatched PCs at risk, according to Microsoft.
Microsoft has urged customers to apply its latest security patches, after several companies published "proof of concept" attacks that exploit the flaws that the updates fix.
In a notice posted to its Web site late Thursday, the software giant highlighted proof-of-concept documentation, or sample software code to illustrate how a flaw might be used to attack a system, from two security software makers: Finjan Software and Core Security Technologies.
While Microsoft said it backs the disclosure of vulnerabilities and proof-of-concept code, a common practice in the IT security industry, it criticized the companies for publishing their test code mere hours after security patches had been released for the reported flaws.
"Microsoft will continue to support and advocate responsible disclosure, because we find it to be a vital tool to effectively identify and remedy security issues," the company said in its notice. "Microsoft is concerned that the publishing of proof-of-concept code within hours of the security updates being made available has put customers at increased risk."
Shortly after some of Core's proof-of-concept work was aired, an individual modified some of the code to create an actual threat, Microsoft said. The malicious code could expose computer users who have not yet installed its updates to attack.…”
http://techrepublic.com.com/5100-22_11-5574966.html
Posts
No comments:
Post a Comment