Microsoft Makes Third Parties Less Secure
- Dr. Roy Schestowitz
- 2009-08-02 21:51:28 UTC
- Modified: 2009-08-02 21:51:28 UTC
Summary: Self-explanatory set of news reports
●
Adobe patches 12 Flash bugs, 3 caused by Microsoft [Warning: IDG]
Adobe also took care of three vulnerabilities within Flash that were the result of the company's developers using a buggy Microsoft code "library" when they built the program. On Wednesday, Adobe confirmed that it had used Microsoft's flawed development code -- specifically the Active Template Library (ATL), a code library included with Visual Studio -- to create both Flash Player and Shockwave Player. The latter was patched that same day.
●
Adobe confirms Flash contains Microsoft dev code bug
Adobe stepped forward yesterday to acknowledge that it's the first major third-party vendor to have used Microsoft's flawed development code in its products.
●
Adobe Bugs Linked to Microsoft ATL Flaw [Note: Even the Microsoft-bent press admits this]
When Adobe Systems Inc. announced that it would periodically have Patch Tuesday releases of its own to coincide with Microsoft's monthly patch rollout, it became clear that Windows plays a vital role in the third-party software firm's security repertoire. That role became even more apparent with the security advisory Adobe released late Thursday.
●
Microsoft Vulnerability Underscores Importance of Strong SDL
Sometimes it's the little things. According to Microsoft, one of the bugs in the Active Template Library was the result of a typo.
Comments
Yuhong Bao
2009-08-03 04:50:21
twitter
2009-08-03 01:36:39
The larger lesson is that non free software development methodology is inherently flawed. Stable APIs, owned by responsible parties, might sound like a good idea but the same thing with freedom is always better.
Yuhong Bao
2009-08-04 03:51:13