Image credit: Mike Seigafuse. Used with permission.
Microsoft was slammed this week by PC industry security experts for releasing security patches to fix vulnerabilities in Windows versions of PowerPoint, while announcing that Mac users would remain at risk until patches for OS X are completed in June.
“Microsoft is the one big company screaming loudest over ‘responsible disclosure,'” said Swa Frantzen, a security analyst at SANS Institute’s Internet Storm Center (ISC) in a post to the ISC blog late Tuesday, adding, “[But the] policy cuts both ways: You need to obey the rules yourself just as well as demand it from all others involved.”
The Windows manufacturer, claimed Frantzen, ignored its well-known best practices for responsible disclosure Wednesday by revealing that Office for Mac 2004 and Office for Mac 2008 contain three unpatched vulnerabilities, and by releasing information about the same bugs in Windows. The combination, he said, could be used by hackers to craft exploits targeting Macs.
Analysts from Gartner and nCircle took varying poistions on the debate, according to an article in Computerworld, and Microsoft itself had no comment further than the statement the company released along with the Windows patch.
The larger question in some minds would be why any Mac user would use PowerPoint over Keynote, but that’s a different debate.
