Security researchers are both criticizing and empathizing with Microsoft for the 200 days the company needed to create its latest critical software patch.
The six-plus months is the longest the software giant has taken to release a fix since it started its Trustworthy Computing initiative, a companywide mandate to make security a top priority. Taking so long to fix a serious issue cast doubts on how much progress Microsoft has made in the two-year effort, said Marc Maiffret, chief hacking officer for security research firm eEye Digital Security.
"If it really took them that long technically to make (and test) the fix, then they have other problems," Maiffret said. "That"s not a way to run a software company." On Tuesday, Microsoft released a patch for vulnerabilities in a common networking component of Windows NT, Windows 2000, Windows XP and Windows Server 2003. The security flaws could allow an attacker to compromise a computer running any of those Windows systems or allow a malicious coder to create a worm that would affect a large number of systems connected to the Internet.