What we really learn from this all WMF "thingie", is that when Microsoft
wants to, it can.
Microsoft released the WMF patch ahead of schedule
( http://blogs.securiteam.com/index.php/archives/181 )
Yep, THEY released the PATCH ahead of schedule.
What does that teach us?
There are a few options:
1. When Microsoft wants to, it can.
There was obviously pressure with this 0day, still =97 most damage out
there from vulnerabilities is done AFTER Microsoft releases the patch
and the vulnerability becomes public.
2. Microsoft decided to jump through a few QA tests this time, and
release a patch.
Why should they be releasing BETA patches?
If they do, maybe they should release BETA patches more often, let those
who want to - use them. It can probably also shorten the testing period
If this patch is not BETA, but things did just /happen/ to progress more
swiftly.. than maybe we should re-visit option #1 above.
Maybe it=92s just that we are used to sluggishness. Perhaps it is time we,
as users and clients, started DEMANDING of Microsoft to push things up a
Put in the necessary resources, and release patches within days of first
discovery. I=92m willing to live with weeks and months in comparison to
the year+ that we have seen sometimes. Naturally some problems take
longer to fix, but you get my drift.
It=92s just like with false positives=85 as an industry we are now used to
them. We don=92t treat them as bugs, we treat them as an =93acceptable level
of=94, as I heard Aviram mention a few times.
The rest is in my blog entry on the subject: