Microsoft's Urgent Patch Precedes Black Hat Session

Julie188 writes "Mystery solved! Microsoft's latest emergency out-of-band patch was weird beyond belief. A notice was sent to journalists and researchers late Friday evening that the patch was coming Tuesday, but Microsoft refused to explain the flaw and even put a cone of silence around researchers who would have otherwise talked about it. But finally, one researcher broke ranks and explained that the patch was caused by a flaw introduced in Microsoft's own development tools. This flaw was also the source of the emergency ActiveX patch, which took about 18 months to complete and which supposedly fixed the problem by turning off ActiveX (setting a 'killbit' on the control). Researchers at Black Hat on Wednesday will be demonstrating how to override the killbit controls and get access to vulnerabilities supposedly stopped with a killbit. What's really scary is that Microsoft has issued 175 killbits fixes so far."

Re:Standard Operating Procedure

[AP31R0N]

1. Build an OS that needs to run on a few hundred mobos
2. ... in combination with dozens of CPUs
3. ... run on out of date (slow) hardware
4. ... run a thousand or so applications you have no control over
5. ... be used by a billion or so people
6. ... play nice with hundreds of peripherals
7. ... be able to play nice with other OSes and across the net
8. ... will be under constant attack by many many many crackers because it's the tall poppy
9. ???
10. have constant patches to address these issues within budget and time frame
11. people will still bitch!!!