To some IT security gadflies, Microsoft‘s latest “unpatched patch” incident involving a transfer protocol bug in the Windows kernel is a sign that Redmond should change not only its security priorities but also the manner in which it discloses vulnerabilities.
But from Microsoft’s perspective, the impact of a flaw disclosed last week involving Windows Kernel TCP/IP/IGMPv3 and MLDv2 — mainly affecting supported editions of Windows Small Business Server 2003 and Windows Home Server — merely represents the cost of doing business.
Either way, the release of a proof of concept flash video on Jan. 30 by Miami-based Immunity Inc. was one of more than half a dozen incidents over the past six months that found Microsoft playing defense against vulnerabilities surfacing soon after patch release announcements. Not to mention the fact that it’s yet another example of reoccurring kernel overflow exploit issues.
Microsoft, Windows, Kernel, Vulnerability, Flaw, Exploit, Windows Home Server, WHS, SBS, Small Business Server