Microsoft spars with researcher over security patch

One of the patches released by Microsoft last week is not providing protection against the vulnerability it was meant to fix, according to a researcher who today accused Microsoft of making functionality a higher priority than security.

One of the patches released by Microsoft last week is not providing protection against the vulnerability it was meant to fix, according to a researcher who today accused Microsoft of making functionality a higher priority than security.

According to Tyler Reguly, a senior security engineer at nCircle Network Security Inc., last Tuesday’s MS09-008 update does not fix the problem for all users, many of whom may not realize that they’re still vulnerable to attack. “When you get a patch from a vendor, you expect it to provide some level of security,” said Reguly. “But MS09-008 only mitigates the problem, it doesn’t patch it.”

Read the full story [computerworld.com]. 

Also see nCircle’s original advisory [ncircle.com] and the reaction from Microsoft’s security response [technet.com] team.

Suggested articles

biggest headlines 2020

The 5 Most-Wanted Threatpost Stories of 2020

A look back at what was hot with readers — offering a snapshot of the security stories that were most top-of-mind for security professionals and consumers throughout the year.