Yes indeed.
Got an email message Wednesday afternoon from those wacky folks in Redmond, with this subject line: "Microsoft Security Bulletin MS03-039: Buffer Overrun In RPCSS Service Could Allow Code Execution(824146)"
Not unlike MS03-026, except that this particular bulletin covers three separate vulnerabilities in RPC, instead of just one. As a public service, though, Microsoft has included the code to correct MS03-026 in the patch for this one (for people who have been living in caves, apparently).
I read an interesting article on Yahoo (from The Washington Post), suggesting holding Microsoft liable for it's buggy code and the expense companies undertake to patch every two weeks. My favorite quote from the article: "They've got the best programmers on the planet, so why does it seem to be so buggy?" (Although I would suggest that the best programmers on the planet probably stay away from anything that even rhymes with "microsoft". Perhaps they have the best programmers that money can buy.)
Posted by wrodina at September 12, 2003 12:29 AM | TrackBack