A rather large security hole is uncovered, again centered around image loading, and MS gets pissy that the public was notified.
“Microsoft is disappointed that Xfocus took actions that could put computer users at risk by not following the commonly accepted industry practise of privately reporting security vulnerabilities to software vendors,” the spokeswoman said.
One of the items on the XFocus page remains a problem post service pack 2, and the others may not be an issue, though I’m not sure if that is only thanks to the firewall that’s installed as part of the obnoxious “upgrade” to XP Service Pack 2.
I think that it’s time to start comparing bug numbers in the same way that Microsoft’s reports do when they claim that they have fewer bugs than Linux. They count one separate security issue or bug for each distribution; if there’s an denial of service issue in PHP, they’ll count that same issue multiple times across distros and platforms. Using this tactic for this series of problems lists by XFocus, Windows adds 35 new security holes / bugs / design flaws right here. That would be crazy, that’s why it’s not counted like that…
I suppose that Microsoft has a bit of a point in being a little bit pissy, or they would have if they were a bank. I mean, putting a big sign up about how to compromise a bank’s security before you inform the bank might be seen as in poor taste. However, Windows isn’t a public utility or service, and I’m not sure that they deserve the same level of respect or consideration that a bank should receive.