>> Microsoft has been informed, but at the time of publication has not told us when or if the problem will be patched.
Doesn't a bug like this one deserve a responsible disclosure and wait for a patch to be available? The report doesn't state when Microsoft was informed about this, but given the severity of this issue and the fact that they haven't heard back, I would suspect it wasn't too long back.
It's a minor nuisance. It requires people to click on a local file. If a criminal can get a user to do that, he will not waste that opportunity on crashing the desktop.
>As was the case nearly 20 years ago, webpages that use the bad filename in, for example, an image source will provoke the bug and make the machine stop responding. Depending on what the machine is doing concurrently, it will sometimes blue screen. Either way, you're going to need to reboot it to recover. Some browsers will block attempts to access these local resources, but Internet Explorer, for example, will merrily try to access the bad file.
Doesn't a bug like this one deserve a responsible disclosure and wait for a patch to be available? The report doesn't state when Microsoft was informed about this, but given the severity of this issue and the fact that they haven't heard back, I would suspect it wasn't too long back.