Redmond has really been hearing it from the security community ever since exploits began appearing that take advantage of the animated cursor handling (ANI) vulnerability in Windows. It's been pretty extreme, even by let's-pick-on-Microsoft standards.
Folks are saying Microsoft should've been better prepared for these exploits, especially after the software giant patched a similar flaw some two years ago. Others are beating up Microsoft over the fact that the new bug affects all recent Windows operating system versions, including Vista, which was billed as the most secure platform yet. They reason that if the ANI vulnerability affects Vista, think of how many other flaws that impact earlier OS versions also will be found in Vista.
Microsoft is obviously an easy punching bag, given its huge user base. But let's give the guys in Washington state a break. Maybe I'm feeling in a chipper mood because it's Friday, but I'd like to think about some of the positives here.
While it was alerted about the vulnerability way back in December, Microsoft took just a few days to push out a patch once public exploits were reported. And the normally reserved Security Response Center has been especially transparent
about the timeline of getting out an ANI fix.
This is a more mature Microsoft. With the millions of lines of code in its software, vulnerabilities will happen, regardless if you're running Vista or Schmista. But there's something to be said about communication with the public, and Microsoft is getting better at that.
Let's see if researchers can quickly come up with an answer as to how they missed this exploit after patching the previous vulnerability. If they let the public know (and accept blame if blame is due) in a reasonable amount of time, this will be another step in the right direction.