Microsoft tries to paint itself as “fighting the bad guys”
Summary: Software security ‘standard’ to be led by the company which made insecurity an acceptable engineering practice?
“Previously, roughly half a decade ago, Microsoft fonts also enabled remote hijacking of one’s Windows-running PC.”Microsoft is not just bad at security but also at patching security flaws; many people, especially in businesses, won’t install updates from Microsoft without qualms because these tend to break the software every now and then, even weeks ago. As IDG put it: “The saga of botched patch MS13-036 takes new twists and turns — including a problem with Multiple Master fonts” (familiar story, not the first of this kind).
Go on and wonder how poor modularity must be if a security patch can impact fonts. Previously, roughly half a decade ago, Microsoft fonts also enabled remote hijacking of one’s Windows-running PC. █
“Our products just aren’t engineered for security.”
–Brian Valentine, Microsoft executive