Hacker News new | past | comments | ask | show | jobs | submit login

>> Microsoft has been informed, but at the time of publication has not told us when or if the problem will be patched.

Doesn't a bug like this one deserve a responsible disclosure and wait for a patch to be available? The report doesn't state when Microsoft was informed about this, but given the severity of this issue and the fact that they haven't heard back, I would suspect it wasn't too long back.




There's nothing stating they didn't inform them a while back and wait to give them a chance to patch it before disclosing it.


Was thinking the same.. feels a bit irresponsible


It's a minor nuisance. It requires people to click on a local file. If a criminal can get a user to do that, he will not waste that opportunity on crashing the desktop.


It doesn't seem to require that.

>As was the case nearly 20 years ago, webpages that use the bad filename in, for example, an image source will provoke the bug and make the machine stop responding. Depending on what the machine is doing concurrently, it will sometimes blue screen. Either way, you're going to need to reboot it to recover. Some browsers will block attempts to access these local resources, but Internet Explorer, for example, will merrily try to access the bad file.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: