Researcher: Microsoft puts Mac users at risk with patch policy

Swa Frantzen, a analysts at SANS Institute's Internet Storm Center (ISC) criticized Microsoft for issuing patches that fix the Windows versions of PowerPoint while announcing that patches for the same flaws in the Mac editions would not be released until June. "Microsoft is the one big company screaming loudest over 'responsible disclosure,'" said Frantzen. Responsible disclosure, a […]

Swa Frantzen, a analysts at SANS Institute's Internet Storm Center (ISC) criticized Microsoft for issuing patches that fix the Windows versions of PowerPoint while announcing that patches for the same flaws in the Mac editions would not be released until June. "Microsoft is the one big company screaming loudest over 'responsible disclosure,'" said Frantzen. Responsible disclosure, a practice Microsoft has aggressively pushed, demands that researchers delay any disclosure until the bug has been patched. Microsoft, claimed Frantzen, broke its own rules of responsible disclosure yesterday by revealing that Office for Mac 2004 and Office for Mac 2008 contain three unpatched vulnerabilities, and by releasing information about the same bugs in Windows. The combination, he said, could be used by hackers to craft exploits targeting Macs.

More infoComputerworld