Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Microsoft Explains and Defends Silent Fixes

17 Feb 2011   #1
JMH

Win 7 Ultimate 64-bit. SP1.
 
 
Microsoft Explains and Defends Silent Fixes

Quote:

Microsoft has detailed its policy of patching in-house discovered bugs silently and tried to answer the most frequently asked questions regarding this procedure.

The fact that Microsoft doesn't disclose all patched vulnerabilities in Security Bulletins is not a secret. This was admitted by the company in 2006.

This somewhat controversial policy applies to bugs discovered during the "Hacking for Variations" (HfV) process, which aims to limit the number of similar flaws in a product.

When the company receives reports of a vulnerability, it also inspects the source code for similar bugs and runs a plethora of tools, including fuzzers, against the vulnerable component.

Any flaw discovered in this way is considered a variant of the originally reported vulnerability and it doesn't get publicly disclosed, nor does it receive a CVE identifier.
Microsoft Explains and Defends Silent Fixes - Softpedia


My System SpecsSystem Spec
.

19 Feb 2011   #2
sreedhav

MS Windows 7 Home Premium 64-bit SP1
 
 

Dear JMH,
I guess you are the person to answer two tiny doubts of mine!
1) Why did Microsoft allow it's customers a certain degree of free reign in allowing updates 1)unhindered installation,2) download, i will decide what to install and 3) i will decide whether to install or not( is option 3 there?)

2) On super Tuesdays, what % of users generally allow all downloads to be downloaded AND installed (You may give a rough restimate, lest we rust!)

3) Do you consider the under cover fixes are to avoid loss of face?
Regards,
Sreedhav
My System SpecsSystem Spec
19 Feb 2011   #3
JMH

Win 7 Ultimate 64-bit. SP1.
 
 

All of your questions pertaining to Microsoft's motives can only be addressed by Microsoft.
My System SpecsSystem Spec
.


19 Feb 2011   #4
sreedhav

MS Windows 7 Home Premium 64-bit SP1
 
 

Quote   Quote: Originally Posted by JMH View Post
All of your questions pertaining to Microsoft's motives can only be addressed by Microsoft.
Dear JMH,
I am sincerely sorry for the ill-directed queries! I can only crave your pardon! I hold you in the highest regard!

Regards,
Sreedhav
My System SpecsSystem Spec
19 Feb 2011   #5
SledgeDG

Windows 7 Ultimate x86
 
 

See...as long as those fixes are tested sufficiently enough to make sure they wouldn't crash my computer or cause any kind of unwanted behavior, i don't mind them being pushed on me.
But if they ever affect me in an undesired way you can bet your boots, Microsoft gets a special entry in my HOSTS

-DG
My System SpecsSystem Spec
19 Feb 2011   #6
mickey megabyte

ultimate 64 sp1
 
 

i really like the word 'fuzzer' - first time i've come across it - thanks JMH!

my next kitten may be in need of that name
My System SpecsSystem Spec
19 Feb 2011   #7
BCXtreme

Windows 7 Home Premium x64
 
 

I think not disclosing the extent of all patched vulnerabilities has some security benefits. If the hackers can just pull up lists of all the vulnerabilities you fixed, they would be able to create exploits for new vulnerabilities that much faster.
My System SpecsSystem Spec
19 Feb 2011   #8
mr pc

Windows 7
 
 

hmm...this is a very slippery slope

As consumers do we have the right to inquire as to what these fixes are? And if so - how does that protect against hacking - for a hacker could ask the same.

If they can do this without warning/liability who knows what they can put on personal, public, and corporate machines/servers without permission.

And what happens if they damage the OS/machine(s)?

Is the enduser SOL?
My System SpecsSystem Spec
19 Feb 2011   #9
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

I have no problem with the way Microsoft does it. Most of us wouldn't know what to do with the fine code that might be included. Giving all the fine details might also give some one access to the operating systems code with which it was created by it's owners.
My System SpecsSystem Spec
19 Feb 2011   #10
Tepid

Win 7 Ultimate 32bit
 
 

As consumers do we have the right to inquire as to what these fixes are?

Yes and No

Remember, you are renting the Windows OS, you do not own it.


And if so - how does that protect against hacking - for a hacker could ask the same. ---- Yes

If they can do this without warning/liability who knows what they can put on personal, public, and corporate machines/servers without permission.


There are limits and protections that they must adhere to.
They can't just drop a keylogger or something on your system.


And what happens if they damage the OS/machine(s)?


The end user is not necessarily SOL, if they ahve a legitimate copy of Windows, you can contact MS for help if an update does in fact break the OS. I do believe this does fall under the level of support they do provide under the Mainstream support period.


However, if they did do anything that would spy on or compromise a system, believe me, people are watching and it would spread like wildfire. MS would lose in the end.

There are alternatives, not excellent ones, but they do exist.
Mac and Linux would welcome the change.
My System SpecsSystem Spec
Reply

 Microsoft Explains and Defends Silent Fixes




Thread Tools





Similar help and support threads
Thread Forum
Microsoft's silent, secret security updates
Source A Guy
Security News
Microsoft Word Fixes
Read this in PC World... Hope they will help some of you. Five Microsoft Word Nightmares--and How You Can Fix Them | PCWorld
Software
Microsoft Explains Unusual Approach To Recent Security Update
Microsoft has this week issued a patch for a bug in the system used to develop active web pages. In a change from the company's normal procedures, the update had already been made available for manual downloading before testing was complete. The bug affected ASP.NET (Active Server Pages), a...
System Security
Microsoft Explains Unusual Approach To Recent Security Update
Microsoft has this week issued a patch for a bug in the system used to develop active web pages. In a change from the company's normal procedures, the update had already been made available for manual downloading before testing was complete. The bug affected ASP.NET (ActiveServer Pages), a...
Security News
Security Firm: Microsoft Issued 'Silent' Patches
Security Firm: Microsoft Issued 'Silent' Patches Source: Security Firm: Microsoft Issued 'Silent' Patches - PCWorld I saw that a similar article had been posted by JMH, but I felt that this one was a little more in-depth and was worth a new thread. If not, feel free to combine them.
News
Microsoft fixes 28 flaws
Microsoft fixes 28 flaws; 6 are critical Microsoft on Tuesday released its December 2008 security bulletin. The "critical" bulletins affect Windows GDI, Word, Excel, Internet Explorer and Windows Search. The "important" updates affect SharePoint and Windows Media Components. Microsoft is...
Chillout Room

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 12:03.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App