MS Issues Critical SQL Server Flaw Warning

silent wire writes "ZDNet is reporting on a pre-patch security advisory from Microsoft warning about an unpatched remote code execution vulnerability affecting its SQL Server line. Exploit code is publicly available so affected users should pay special attention to the workarounds from Microsoft."

Re:So much for time off

[hairyfeet]

Which is why I think that we should all agree on a standard 90 day rule and press the security researchers to enforce it. That way any company that gets a vulnerability reported knows EXACTLY how long they have to get either a patch or a work around out the door, and anyone who releases before the 90 days is up should be looked down upon for making the web more dangerous for us all. Because as it is now MSFT and any other company can just sit on their collective asses and when the vulnerability finally gets disclosed claim they "didn't have enough time" and then harp upon the guy who found it for being "irresponsible" for not sitting on it. With a standard 90 days there isn't any confusion or doubt as to when the news is being released.

You got told of a new vulnerability? You have 90 days from today, no more, no less. And if a company can't get off their collectives asses and put out a patch or at least a work around then they suck and deserve whatever they get. And if they screamed "irresponsible" then everyone would simply say "everyone else gets theirs done in the standard 90 days, why the hell can't you?" instead of the worthless blame game that goes on now.