scandalous the story behind ANI vulnerability....

in 15th November 2004 January 2005 eEye research reported the ANI related vulnerability then publicly disclose after our "friend" M$ patched it with with MS05-002

BUT the fix was incomplete (so much for ... all Microsoft’s security updates must pass a series of testing processes... blah blah ... )

Déjà vu... ANI vulnerability roams its ugly head... again

And ACTUALLY the guys in determina found this vulnerability and notified the vendor (M$) in 20th December 2006 and now they publicly disclose it

shame on you M$, you knew it all a long

I am not a anti M$ fool, actually, I am already convinced that M$ products are very "good" for enterprise, but I hate the fact of their irresponsibleness and their evil marketing and FUD....

Now the interesting part is to see how long it takes for them to release the patch... most of AV vendors and leading IPS vendors have already signature to block this exploit...

3 months has passed and still no patch yet...

Labels: security