Karim wrote:
I don't understand why Microsoft hasn't even published a simple utility or .REG file that closes up the vulnerability. (See http://www.eeye.com/html/research/alerts/AL20040610.html)
Sure, it might break .HTAs or the Help System, but you can tell people that when you offer it to them.
I agree that it's mystifying as to why patchs take to long to be released...but a super compelling reason would be to avoid litigation. Patchs that fix holes can't go around breaking other things...
...which is why I majorly disagree with your concept of patchs being released that may cause other components to fail, but informing people of the failure. That's not how commercial software works...not anything remotely good anyways...
The bigger they are, the slower they are...5,000 people or 5...the patchs will take longer than you or I think they should.
