Microsoft Flip-Flops On URI Protocol Handing Flaw

a-twitter writes "After months of insisting there is nothing to patch, Microsoft has done a complete 180 on the URI protocol handling vulnerability, announcing in a security advisory that a Windows update will be released to revise URI handling code within ShellExecute() to be more strict. The MSRC blog explains the background and offers more details on this issue."

like a dervish, they are

[User+956]

After months of insisting there is nothing to patch, Microsoft has done a complete 180 on the URI protocol handling vulnerability

If it took them that many months, it sounds like they did a 1260.

Re:like a dervish, they are

[ricebowl]

If it took them that many months, it sounds like they did a 1260.

And here I'm still saving to buy the 360...

Sigh...

Re:like a dervish, they are

[ozmanjusri]

Why don't you just twist a red glow-stick into a ring and glue it to the front of a cereal box? It'll work as well as most 360s do...

Re:like a dervish, they are

[rk076200]

Microsoft has finally accepted responsibility for its role in a security weakness that allows malicious websites to run harmful code on an end user's machine.

Re:like a dervish, they are

[ricebowl]

Why don't you just twist a red glow-stick into a ring and glue it to the front of a cereal box? It'll work as well as most 360s do...

True enough, but will my glow-stick and cereal box be repaired under an extended warranty when it inevitably falls apart, or I add milk to the contents?

I don't think Mr. Kelloggs will be forthcoming...

The "New" Microsoft

[Propaganda13]

After being criticized about security, Microsoft has taken additional steps to shorten the time between when they advise a customer of a vulnerability and when it is fixed. Ballmer stated "This is a win for both the customer and Microsoft."

Re:Good.

[Cassius+Corodes]

Me. I'm gonna get a week's vacation docked.