Just how bad is the first Vista security flaw?

Summary:Microsoft has publicly acknowledged the discovery of the first Windows Vista security flaw. But just how serious is it? Opinions seem to vary widely.

Microsoft has publicly acknowledged the discovery of the first Windows Vista security flaw. But just how serious is it? Opinions seem to vary widely.

The New York Times claims the flaw is serious enough to result in Microsoft "facing an early crisis of confidence in the quality of its Windows Vista operating system."

Not surprisingly, Microsoft isn't portraying things as being quite so dire. Stephen Toulouse, a senior product manager in Microsoft's security group, said he's not seeing any wringing of hands in his circles:

"No one will ever get the software right 100% out of the gate. What we've done as a company is build in defense in depth capabilities in the products themselves, as well as create good processes internally that prioritize reported vulnerabilities and get them into the update cycle, while also taking the root cause information and changing the way we create the software so we can learn from these situations," Toulouse blogged.

BetaNews, which conducted its own tests on the vulnerability, is siding more with Microsoft's characterization than that of the New York Times.

"(T)ests of the flaw conducted by BetaNews suggest that, while the (message box) bug can crash Windows XP, its roots in the Win32 API dating back to Windows 3.1, coupled with the fact that the source code for the proof-of-concept appears to be straight ANSI C, directly contradict the Times' implication that the bug somehow afflicts Internet Explorer 7.0," BetaNews reported.

While all Windows flaws deserve serious attention, it seems like Vista Flaw No. 1 may not be as horrendous as some headlines and stories may be suggesting.

Topics: Windows

About

Mary Jo Foley has covered the tech industry for 30 years for a variety of publications, including ZDNet, eWeek and Baseline. She is the author of Microsoft 2.0: How Microsoft plans to stay relevant in the post-Gates era (John Wiley & Sons, 2008). She also is the cohost of the "Windows Weekly" podcast on the TWiT network. Got a tip? Se... Full Bio

Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.