ZDI-CAN-061 Microsoft High 2006.06.14, 77 days ago
ZDI-CAN-065 Microsoft High 2006.06.14, 77 days ago
ZDI-CAN-068 Microsoft Medium 2006.06.15, 76 days ago
ZDI-CAN-059 Microsoft High 2006.06.15, 76 days ago
I can understand why these response times drive some researchers to more drastic, some would say irresponsible action:
http://www.securityfocus.com/news/11400I thought the letter from the Russian crook complaining that his exploit had been discovered was very funny!
It's often argued that more vulnerabilities will be found in Firefox and Opera if/when they achieve more widespread usage, but these sort of automated vulnerability detection tests seem to contradict this: Firefox and Opera (9, at least) fared quite well.
It looks like things may get better for MS with IE7:
Will IE7 improve this spotty record? Perhaps. According to Microsoft’s Tony Chor, a Group Program Manager on the Internet Explorer team, part of the problem was old, sloppy code. “Over time, IE had developed 13 or 14 different places in the code where we place URLs. Inconsistent results allowed us to get beat. This is where we rearchitected a big part of IE so that one routine evaluates the URL.” Microsoft is betting that the new URL parser will make it easier for developers to avoid vulnerabilities in the first place and to fix them more quickly when they do appear. But only time will tell whether that effort will pay off as expected.
http://blogs.zdnet.com/Bott/?p=109#more-109Regards,
FwF