Microsoft is Still Lying About the Numbers of Vulnerabilities
- Dr. Roy Schestowitz
- 2011-02-20 13:44:43 UTC
- Modified: 2011-02-20 13:44:43 UTC
Summary: There are newer allegations referring to Microsoft's "silent updates" (whose existence was substantiated and confirmed by Microsoft already, but only after pressure had been applied)
THE MONOPOLIST from Redmond keeps lying about many things, even after the lies were shown and explained to the public. It does not deter Microsoft when it's publicly shown to be lying, unless or until the cost of the backlash outweighs the profits incurred by the lie/s.
Last year Microsoft
admitted that some of its patches were applied silently, meaning that secret activity was carried out to address secret flaws. Things are still the same based on
this new report which says:
Microsoft has explained its rationale for quietly fixing some security vulnerabilities without issuing an associated bulletin.
Such "silent updates" have been happening for years, but have escaped much notice outside the small community of reverse engineers. Normally the bugs in question are close relatives of disclosed vulnerabilities that emerge during the verification of suspected security problems using fuzzing and other approaches.
In other news,
"ZDI names and shames security vulnerabilities from Microsoft, IBM, HP and Novell" and there is more about it in [
1,
2,
3]. So it's not good for Novell, either.
⬆