LawMeme LawMeme Yale Law School  
LawMeme
Search LawMeme [ Advanced Search ]
 
 
 
 
Microsoft: ''Don't Trust Microsoft''
Posted by James Grimmelmann on Thursday, November 21 @ 16:00:10 EST News
Thanks to a recently announced security hole in Windows, Microsoft is urging all users of IE 5 and 6 to download a "critical" patch. A buffer overrun in the Remote Access Service Data Stub (one of those frou-frou frills MS passes off as a "feature" in its bloatware browser), combined with an embarassing design decision in Microsoft's security scheme for distributing trusted code, means that even users who download the patch are at risk of "upgrading" to the vulnerable piece of code again.

In order that they not accidentally download the buggy control from a malicious web page, Microsoft is telling its users to remove their security certificates. The problem is that since the bad control was written by Microsoft itself and the normal revocation mechanism won't work (thanks to said embarassing design decision), this means that users must go into IE and tell it not to trust Microsoft.

Not a good day for Microsoft PR.

 
Login
Nickname

Password

Don't have an account yet? You can create one. As registered user you have some advantages like theme manager, comments configuration and post comments with your name.
Related Links
· More about News
· News by James Grimmelmann


Most read story about News:
Shiver Me Timbers! Pirates Take to the High Seas

Article Rating
Average Score: 0
Votes: 0

Please take a second and vote for this article:

Bad
Regular
Good
Very Good
Excellent


Options

Printer Friendly Page  Printer Friendly Page

Send to a Friend  Send to a Friend
"User's Login" | Login/Create an Account | 0 comments
Threshold
  
The comments are owned by the poster. We aren't responsible for their content.

Leges humanae nascuntur, vivunt, moriuntur
Human laws are born, live, and die


All stories, comments and submissions copyright their respective posters.
Everything Else Copyright (c) 2002 by the Information Society Project.
This material may be distributed only subject to the terms and conditions set forth in the Open Publication License, v1.0 or later (the latest version is presently available at http://www.opencontent.org/openpub/).

You can syndicate our news using the file backend.php